What’s new in Infosec Skills — Spring 2020 content
April 12, 2020
More than 140 new courses, hands-on projects and cloud-hosted labs were added to Infosec Skills over the past three months, making it easier than ever for IT and security teams to receive year-round, role-based skill training, earn and maintain certifications, and keep their organizations safe from cybercrime.
- New skill learning paths
- New and updated certification learning paths
- New cyber ranges
- What’s next for Infosec Skills?
New skill learning paths
Eight new skill-based learning paths — containing 64 courses and six hands-on projects — are live in Infosec Skills. Get an overview of each of the new skill paths below.
Learn a step-by-step approach to integrate security controls into your software or system development life cycle. You’ll learn how to use each phase to develop or establish both proactive and reactive security controls across your organization. The hands-on Secure SDLC Project includes four exercises designed to help build your skills around threat modeling, static application security testing and white-box security testing using automated tool-based analysis and manual analysis.
Get an introduction to blockchain security, from the fundamental cryptographic primitives to the nodes and networks that make up the blockchain ecosystem to the security of smart contracts. In the hands-on Blockchain Security Project, you’ll begin by organizing information into a valid block. Then you’ll answer questions related to proposed solutions to the 51% attack and performing a double-spend attack on a Proof of Stake blockchain. Finally, you’ll identify smart contract vulnerabilities and the importance of binding values.
Learn the foundations of x86 assembly, one of the most common assembly architectures in the world. Whether you’re looking to become a better programmer or reverse engineer, a knowledge of assembly and how processors work is invaluable. In the hands-on x86 Disassembly Project, you’ll use tools like NASM, Makefiles, objdump, gdp and more to create the quintessential Hello World program and debug an x86 program. Finally, you’ll tie together the concepts you learned with a program that leverages input, output and logic flows.
This learning path starts with a high-level discussion of what happens at each phase of responding to an incident, followed by a technical deep dive into some of the more exciting parts of memory, network and host analysis and forensics. In the hands-on Incident Response Project, you’ll use tools like Wireshark, Zeek and Volatility to respond to real-world scenarios, including investigating a watering-hole attack that may have affected someone in the IT department and an SQL injection attack that may have led to credit card data being exfiltrated.
Explore the different aspects of a Windows server that must be protected. You’ll learn about NTFS and share permissions, encryption using BitLocker and EFS, Windows Server update services, password policies, protecting against ransomware and more. In the hands-on Windows Server Security Project, you’ll set up a secure Hyper-V lab and install Active Directory. Then you’ll practice skills ranging from creating a shared folder and calculating effective permissions to securing server traffic using certificates.
Dive into the different processes used to implement and monitor the security of a web server or web application. You’ll learn the basic concepts and tools to design, evaluate and monitor your web server. In the hands-on Web Server Protection Project, you’ll work with an Apache web server installed on a virtual machine to implement network filtering, harden the host OS, identify tampered binary files and perform other tasks to ensure your web server is properly protected.
Explore the ins and outs of hacking machine learning, including hacking a CAPTCHA system, fuzzing a target, evading malware detection and more. You’ll also learn about deepfakes and how to perform backdoor attacks on machine learning.
Learn the fundamentals of networking and how to secure your networks. You’ll learn about wireless network security, firewalls and IDS/IPSes, VPNs and remote access, endpoint security, preventing and mitigating network attacks, and some best practices related to securing your network.
New and updated certification learning paths
Five certification-based learning paths containing 48 courses were also released or updated in the first quarter of 2020, including training for Cisco’s revamped certifications and (ISC)²’s CISSP concentrations.
This learning path prepares you for the latest version of the CCNA exam: 200-301 CCNA. You’ll explore network fundamentals such as routers and endpoints and take a closer look at network access, IP connectivity, IP services, security fundamentals and automation and programmability.
The Cisco Certified CyberOps Associate prepares you to begin a career working with associate-level cybersecurity analysts within security operations centers. You’ll gain an understanding of cybersecurity’s basic principles, foundational knowledge and core skills needed to grasp the more advanced associate-level materials in the second required exam.
- CISSP-ISSMP: The Information System Security Management Professional (CISSP-ISSMP) certification path teaches you the necessary skills and knowledge to successfully manage an enterprise security program.
- CISSP-ISSAP: The Information Systems Security Architecture Professional (CISSP-ISSAP) certification path teaches you how to provide risk-based guidance to senior management and develop, design and analyze security solutions that meet organizational goals.
- CISSP-ISSEP: The Information Systems Security Engineering Professional (CISSP-ISSEP) certification path teaches you how to design, construct and operate a network with a defined level of availability, integrity and confidentiality.
New cyber ranges
In addition to the hands-on projects mentioned above, two new cloud-hosted cyber ranges went live, bringing the total number of interactive labs in Infosec Skills to more than 150.
Develop your knowledge in finding and remediating vulnerabilities in Python code. You’ll practice using Bandit, PyT and other tools to find common security issues in Python code, perform taint and control flow analysis, and recognize vulnerabilities that can lead to common application attacks, such as cross-site scripting or XPath injection. You’ll also practice identifying supply chain vulnerabilities, unsafe deserialization and other risks.
Practice useful skills related to analyzing network traffic, including both network capture files and live network traffic. You’ll work with Terminal Shark (TShark), Scapy and other tools to identify common network protocols, examine malware communications, extract transmitted files, filter output to display specific information, view communication statistics and much more.
What’s next for Infosec Skills?
More than 140 courses, projects and labs were added to Infosec Skills in the first quarter of 2020, but our team of expert instructors isn’t slowing down. We plan to release at least double the amount of content over the next few months, including:
- Several new and improved cyber ranges
- Additional content to help prepare for certification exams
- More than a dozen new skill learning paths focused on secure coding, threat hunting and other in-demand skills
For more information on upcoming features and content, see our Infosec Flex and Skills Product Roadmap.