Uncertain Times — Infosec's here to help. Learn about remote testing and other COVID-19 resources.

LX Labs content roadmap

The cyber experts, learning specialists and creative ninjas at LX Labs are dedicated to delivering the learning experiences you and your organization need to defend critical assets and reduce business risk. Like all roadmaps, plans shared here are subject to change. Read on to learn what LX Labs is building for your team next.

Cybersecurity skill development

Hands-on skill development in the cyber range. Immersive, instructor-led boot camps. Guided learning paths aligned to your business objectives. If you need training for your IT, security or engineering teams, LX Labs published it or is building it right now.

Security awareness and training

Netflix-style awareness videos. Modern, animated computer-based training. Realistic phishing simulations. LX Labs publishes new resources monthly to help you educate and empower employees to outsmart cybercrime.

2020 cybersecurity skill development roadmap

77 learning paths
8 cyber ranges, 137 labs
695 courses
77 assessments & practice exams

Planned certification and skill learning paths

A typical Infosec Skills learning path contains 5-15 courses, plus hands-on labs and projects, totaling 10-20 hours of training.

IT and Security Fundamentals

  • Introduction to Vulnerability Management: Introduction to the concept of vulnerability management, overview of common tools, walkthrough of finding, prioritizing and remediating vulnerabilities
  • JNCIA-Junos certification: This path prepares for the Juniper Networks Certified Associate certification exam
  • Cisco Certified CyberOps Associate certification (update): Update to include content relevant for the new 200-201 CBROPS exam
  • Reverse Engineering (update): Learn how to reverse engineer malicious applications to identify their architecture, behavior and protection mechanisms
  • Securing Linux/UNIX: This path covers the most important Linux/UNIX security topics, including user and group privileges, file permissions, network and process security, and more
  • IoT Security: This path covers common security risks associated with the Internet of Things (IoT) and effective approaches to researching and mitigating these risks
  • Linux Fundamentals (update): This hands-on path is designed for novice Linux administrators and covers the essential aspects of working with Linux, from installation to user and file management and networking
  • CompTIA Linux+ certification: This path prepares for the CompTIA Linux+ exam
  • Database Security: This path covers common security risks to modern commercial and open-source database systems and effective mitigation strategies, including secure user and account administration and implementing encryption policies
  • AWS Certified Security Specialist certification: This path prepares for the The AWS Certified Security – Specialty certification exam
  • Azure Security Engineer Associate certification: This path prepares for the Microsoft Azure Security Engineer Associate certification exam
  • Programming Fundamentals for Cybersecurity: This introductory path provides an overview of basic programming constructs and components and teaches how to identify programming code and understand what the code is trying to accomplish based on examples commonly encountered in cybersecurity practice
  • Wireless Security: Learn how to securely design and configure wireless networks and access and remediate vulnerabilities in WLANs
  • Endpoint Protection: Learn about the latest threats and security technologies related to protecting end-user devices, including anti-malware, Data Loss Prevention, network access control and more
  • Information Security Fundamentals (update): This path provides an overview of the modern cybersecurity threat landscape and introduces basic concepts related to hardware, software and network security
  • SELinux Administration: This path explains SELinux and type enforcement concepts and walks you through the process of writing SELinux policies
  • Soft Skills for Cybersecurity: Get practical recommendations for developing and enhancing non-technical skills critical for your success in cybersecurity, including adaptability, communication, analytical thinking and more

Pentesting and Vulnerability Management

  • Introduction to Vulnerability Management: Introduction to the concept of vulnerability management, overview of common tools, walkthrough of finding, prioritizing and remediating vulnerabilities
  • Web Application Pentesting (update): A step-by-step guide for conducting effective Web application security assessments, from testing for OWASP Top Ten risks to creating custom scripts
  • Vulnerability Assessment: This path guides you through a holistic security assessment approach, where you will develop a well structured framework for analyzing the security of a system
  • Cloud Pentesting: Learn how to conduct penetration tests on cloud services and applications, including AWS, Azure and cloud-native applications
  • Red Team Operations: This path is designed to enable managers and penetration testers alike develop and master a Red Team engagement testing methodology
  • CompTIA CySA+ certification (update): Update to cover the exam objectives of the new version (CS0-002) of the CompTIA CySA+ exam
  • Python for Pentesters: Learn how use Python to build powerful sniffers and packet injectors, automate attack tasks, write exploits and more
  • Advanced Web Application Pentesting: This path focuses on tools and techniques for attacking complex Web architectures and circumventing Web application-specific defensive technologies
  • Active Directory Attacks: Learn and practice the latest adversary tactics for Microsoft Active Directory enumeration, local privilege escalation, domain persistence and more
  • Advanced Adversary Tactics: This hands-on path covers advanced offensive security methodologies and techniques, from packet analysis to pivoting, tunneling and stealthy data exfiltration
  • Pentesting with Metasploit Framework: This hands-on path covers the structure and functionality of Metasploit Framework and how to effectively use it in various stages of a penetration testing engagement
  • Advanced Network Pentesting: This hands-on path goes beyond the basic pentesting techniques into custom exploit development, protocol manipulation, escaping restricted environments in Windows and Linux, and other advanced topics
  • Passive intelligence and OSINT: Learn how to quickly find useful data for your investigation and pentesting needs using open-source intelligence (OSINT) tools and resources

Threat Intelligence, Incident Response and Forensics

  • CHFI certification: This path prepares for the EC-Council Certified Hacking Forensic Investigator exam
  • Threat Intelligence: Learn about the concept of threat intelligence and best practices for integrating threat intelligence into security functions
  • Threat Hunting with Python: Learn how to use the power of Python for proactive defense, including techniques for brute-force detection, HTTP analysis and more
  • IoT Forensics: Understand architecture and communication sources and methods of IoT devices, IoT-related crime, and tools and techniques for collecting and analyzing evidence from devices and external sources
  • Intrusion Detection: Learn how to recognize dangerous abnormalities in network traffic and stop attackers in their tracks by using tools like Wireshark and Zeek in this hands-on learning path

Security Architecture, Engineering and Management

  • NERC CIP: Overview of the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards and best practices for compliance
  • Implementing Controls for HIPAA Compliance: Learn how to maintain the confidentiality, integrity and availability of electronic Protected Health Information (ePHI) as required by HIPAA
  • Cloud Security Architecture (update): This path teaches how to design a defensible cloud deployment with focus on data security, covering topics like encryption, IAM and business continuity
  • Identity and Access Management: Learn how to securely manage the lifecycle of user identities across an enterprise while maintaining regulatory compliance
  • SIEM Architecture and Process: This path introduces Security Information and Event Management (SIEM) technologies and teaches how to dissect overwhelming data sets to meet specific use cases and remove false positives
  • DoD CMMC certification: This path offers a deep dive into the requirements of the new Cybersecurity Maturity Model Certification (CMMC) and provides practical recommendations for achieving the desired maturity levels
  • Security Architecture (update): This path provides an overview of the concept and walks through the process of developing a reference security architecture, from translating business requirements into security requirements through identifying and understanding residual risks
  • ISACA COBIT 2019 Foundation certification: This path covers the key concepts, models and definitions of the ISACA COBIT 19 framework and prepares for the COBIT 19 Foundation certificate exam
  • Blue Team and SOC Fundamentals: Learn how to ramp up your organization’s defensive capabilities by building an effective and efficient Security Operations Center (SOC)
  • Implementing CIS Top 20 Controls: This path provides a detailed overview and practical recommendations for implementing the CIS Controls (V7.1) and explains their relationships to other common security frameworks
  • Security Engineering (update): This path covers the essential concepts of security engineering, from from securing storage and devices to implementing and maintaining systems to managing risk and vulnerabilities
  • Corporate Security Policies: Definition, Implementation and Maintenance: This path highlights critical considerations and provides guidelines and best practices for managing corporate IT security policies throughout their lifecycle
  • Cybersecurity Leadership: This path covers the most important areas of effective cybersecurity leadership, including strategic planning, teaching and mentoring, organizational awareness, and more, and provides practical recommendations for developing leadership skills

Secure Coding and DevSecOps

  • Writing Secure Code in Java: Learn how to protect Java code from common attacks, prevent exposure of sensitive data and reduce your application’s attack surface
  • Threat Modeling: Learn the concepts and process of security and architectural design analysis and threat modeling as part of secure software development lifecycle
  • DevSecOps: Learn the fundamentals of building security into application development process and the impact on the organization’s development efforts
  • Writing Secure Code for iOS: Learn how to build secure iOS applications by leveraging built-in security features and using tools to test your code
  • Writing Secure Code for Android: This path covers Android security technology and services and common vulnerabilities related to Android native code and Java
  • (ISC)² CSSLP certification: This path prepares for the (ISC)² Certified Secure Software Lifecycle Professional exam
  • Writing Secure Code in Node.js: Learn how to defend your Node.js applications from common attacks and analyze your code for security
  • Protecting JSP: Learn how to implement security features for use by J2EE Web modules to protect JavaServer Pages (JSP) and Servlets
  • Securing Cloud-based Applications: This path covers security considerations specific to cloud-based applications, such as building IAM into the code, securing APIs and security testing
  • Container Security (Docker and Kubernetes): Learn concepts, technologies and practical approaches to securing containers and container orchestration systems
  • HTML5 Security: Learn how to recognize and address security concerns, such as cross-document messaging and local storage, when building advanced Web browser experiences with HTML5
  • Writing Secure Code in ASP.NET: Learn how to avoid common security pitfalls and how to make websites built with ASP.NET more secure than is possible simply by following Microsoft’s guidance
  • PCI-DSS for Developers: This language-agnostic path teaches best practices for application developers working on applications that have to comply with PCI-DSS requirements
  • JavaScript Security: Learn how to leverage JavaScript and browser security features and use best practices to address cross-site scripting, improper client-server trust relationships and other common security issues
  • API Security (OWASP API Security Top 10): Learn about common security risks associated with Application Programming Interfaces (APIs) and how to protect them using tokens, quotas, signatures and other effective techniques
  • Complying with Privacy Regulations for Developers (GDPR, CCPA): This path covers the requirements of major privacy regulations and discusses best practices for developing privacy-focused applications
  • COBOL Security: Learn how to identify and mitigate security vulnerabilities on mainframe systems, including SQL injection, memory management issues and more
  • .NET Core Security: This path focuses on identifying and mitigating vulnerabilities in microservices and service-oriented architectures developed with .Net core
  • Software Security Testing: This path covers foundational security testing concepts and their application using popular open-source and commercial tools

Planned cyber ranges

A typical cyber range includes 10-30 browser-based virtual labs.

  • Computer Forensics: Practice computer forensics skills including memory forensics, data carving and examining forensically interesting system information
  • Bash Scripting: Practice creating Bash shell scripts for automation and performing various offensive and defensive security tasks
  • Threat Analysis: Practice using advance features of network and vulnerability scanners and packet analyzers to identify and analyze threats new content and address feedback

Planned boot camps

Infosec boot camps typically span 3-7 days and feature live, instructor-led training.

  • RHCSA v8 (update): Update from the RHCSA v7, which retires 05/07/2020
  • Incident Response/Network Forensics (update): Refresh of the boot camp materials to include new content and address feedback
  • Cisco Certified CyberOps Associate (update): Update to include content relevant for the new 200-201 CBROPS exam
  • CompTIA CySA+ (update): Boot camp materials update to cover the new (CS0-002) exam objectives
  • (ISC)² CSSLP (update): Refresh of the boot camp materials to include new content and address feedback
  • (ISC)² CISSP (update): Refresh of the boot camp materials to include new content and address feedback
  • Cyber Threat Hunting (update): Refresh of the bootcamp materials to include new content and address feedback
  • Red Team Operations (update): Refresh of the bootcamp materials to include

2020 security awareness and training roadmap

42 awareness modules
20 compliance modules
300 phishing simulations
341 translated modules

Planned awareness training modules

  • Need to Know Season 2
    • Two-Factor Authentication
    • Installing Unauthorized Software
    • Creating Weak Passwords
    • Replaying to Suspicious/Spam Emails
    • Using Unauthorized Cloud Services
  • Need to Know translations: Hungarian, Turkish, Czech, Arabic, British, Polish
  • Live-action training series (17 total)
  • Additional awareness modules:
    • Clean Desk Policy
    • Storing Sensitive Data on Removable Media
    • Having a Weak Home Wi-Fi Password
    • Installing Suspicious Mobile Apps
    • BEC Compromise
    • Using Default Passwords
    • Using Public Wi-Fi Without VPN
    • Two Factor, Part 2
    • Failing to Use Encryption
    • Visiting Suspicious Sites
  • National Cybersecurity Awareness Month 2020 Toolkit

Planned compliance training modules

  • PCI DSS compliance series
    • New Employee Introduction
    • Physical Security
    • Protecting Cardholder Data
    • Access Control
    • Information Security Policy
  • Need to Know Season 2 compliance modules
    • HIPAA
    • GDPR
    • Tampering with Devices (PCI DSS)
    • CCPA
  • CCPA compliance series
    • CCPA – 1798.130
    • CCPA – 1798.125
    • CCPA – 1798.110
    • CCPA – 1798.115
  • FISMA compliance series

Ready for an LX Labs Watch Party?

2020 releases: Security awareness and training

Award-winning training you can trust

Best Software - Highest Satisfaction

Infosec Skills

Best IT Security-related Training Program

Infosec Skills

Best Cybersecurity Education Provider & Best Security Education Platform

Infosec Skills

Most Innovative Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Global Excellence - Cyber Security Education & Training

Infosec Skills