Infosec Skills release: NICE mapping plus new Node.js, container security and Linux security training

Infosec Skills training is now mapped to the Workforce Framework for Cybersecurity. Three new learning paths are also live in Infosec Skills: Writing Secure Code in Node.js, Container Security and Securing Linux/UNIX.

Jump ahead

• Workforce Framework for Cybersecurity mapping
• Writing Secure Code in Node.js Learning Path
• Container Security Learning Path
• Securing Linux/Unix Learning Path
• See what’s coming next

Provide targeting training with NICE Framework mapping

Every Infosec Skills course, cyber range and project has been audited and mapped directly to the Workforce Framework for Cybersecurity (formerly the NICE Cybersecurity Workforce Framework). The new mapping makes it easy for individuals and teams to:

• Find relevant training: Guide skill development from beginner to expert across 52 work roles
• Get detailed insight: See precise mapping down to individual Knowledge and Skill Statements
• Build custom roles: Create a custom training plan that aligns with unique roles within your organization

Below is a partial mapping of how Infosec Skills content maps to one Work Role, Cyber Incident Responder. Download the latest version of the Infosec Skills course catalog to see the full mapping for all 52 roles.

Writing Secure Code in Node.js Learning Path

Learn how to write secure Node.js code in the new learning path taught by Node.js collaborator Vladimir de Turckheim. As you progress through nine courses, you’ll build the skills necessary to:

• Understand web application security principles
• Help engineers think about security when building Node.js applications
• Understand Node.js-specific attacks, such as prototype pollution and its impact on applications
• Know how to spot issues coming from the vast, open-source ecosystem 
• Apply application security concepts to modern tools, such as GraphQL

The learning path culminates in a Writing Secure Code in Node.js Project where you’ll put your skills to the test in seven challenges focused around MongoDB injections and event loop blocking, as well as attacking and fixing a GraphQL API.

Container Security Learning Path

Docker and Linux containers are changing the way applications are developed, tested and deployed. The new Container Security Learning Path from Senior AppSec Engineer Matt Tesauro will teach you:

• How containers work and their available security options
• How Docker relates to containers
• How to securely manage containers throughout their life cycle, from building images to running containers in production
• How Kubernetes works and how to deploy and maintain a secure cluster for container workloads

In the Container Security Project, you’ll get hands-on experience reviewing images to reduce risk, making docker images follow best practices and scanning images for vulnerable software.

Securing Linux/UNIX Learning Path

Explore the many challenges of securing the Linux operating system in the new Securing Linux/UNIX Learning Path from Senior Linux System Administrator Jason Welsh. The training covers everything from understanding Linux users and groups to the details of SSH hardening and packet sniffing. You’ll learn about:

• Securing the server and applications running on the server
• Encrypting application traffic with GPG and TLS
• Basics of security applications like IPS and IDS
• Hardening guides and programs
• Using sudo

The Securing Linux/UNIX Project includes five hands-on challenges to build your skills around using sudo, configuring OpenSSH, identifying and configuring access to TCP ports, decrypting and encrypting with GPG, and using SELinux.

See what’s coming next

Want a preview of the upcoming content for Infosec Skills? Check out our LX Labs content roadmap to see what learning paths, cyber ranges and boot camp updates are coming next.