Develop yourself from Penetration Tester to SecOps Engineer (incl. guidance)

• Delve into the world of penetration testing and examine the

• common types of penetration testing and the important role they
• play in protecting your company's assets and networks from exploits
• and attacks. Explore methods for gathering information,
• vulnerability scanning, common exploits and vulnerabilities, and
• methods and techniques for preventing these exploits.

Explore the use of security controls with the NIST Cybersecurity Framework. Examine the anatomy of security controls, from common to the advanced and complex. Discover how to test and monitor security controls, including some of the most basic quick win controls for several control types. In addition, control policies within the NIST Cybersecurity Framework, how security controls contribute to the ISO 27002 standard in compliance, risk management scenarios, and how security controls are enforced and implemented are also covered.

Explore the limitations of penetration testing, as well as how end-user behavior affects this process. Discover how human error can cause data breaches and the importance of end-user awareness. Examine tools used to perform user behavior analytics, social engineering attacks and countermeasures, and how to create penetration testing reports.

Discover the importance of physical penetration testing and the steps for performing a physical penetration test. Examine lock picking techniques and the benefits of dumpster diving. Finally, explore how to protect sensitive data, penetration testing tools and techniques, and the different types of penetration tests.

Discover how to recognize the vulnerabilities in wireless networks. Examine the tests used to determine if specific vulnerabilities can be exploited in a wireless network and how test results can be used to enhance your company's security policy.

• Explore advanced penetration testing tools and techniques used

• to find vulnerabilities, sniff network traffic, deal with
• cryptography, and crack passwords. Discover the benefits of using
• the Python programming language to build scripts and deliver tools,
• and examine common techniques used to find weaknesses in both Linux
• and Windows-based systems.

Final Exam: Penetration Tester will test your knowledge and application of the topics presented throughout the Penetration Tester track of the Skillsoft Aspire Penetration Tester to SecOps Engineer Journey.

• Discover the importance of an incident response plan, including

• how to draft the plan and engage in incident response. Explore
• different scenarios and what roles are needed to manage an incident
• response team. Examine the notion of the Computer Security Incident
• Response Team and how the team effectively responds to incidents.
• How incident response policies can provide IT governance and
• compliance in today's cyber world and best practices for staying
• compliant with ISO and other compliance standards is also
• covered.

• Explore the process of recovering from security related

• incidents such as malware, data leakage, or stolen equipment.
• Examine how to develop plans, policies, and procedures and how to
• form a team with well defined roles to execute these plans.
• Finally, examine how all these components are coordinated in
• practice when an incident event occurs.

• Explore preemptive troubleshooting concepts and strategies and

• how they apply to cybersecurity. Discover tools to help assist in
• troubleshooting, such as indicators and threat hunting. Dive into
• scenarios a SOC would typically engage in when troubleshooting
• network issues and system compromise. Examine best practices,
• including spotting weak passwords or hardware and software
• vulnerabilities, and security policies and procedures to keep
• systems secure.

Explore security best practices, top security risks, the importance of securing network appliances, and how to secure them. Examine risks and best practices for transitioning to the cloud, traditional infrastructure deficiencies, and how to deal with de-perimeterization problems. Various security architecture models, including the Zero Trust Architecture, are also covered.

In this course, you'll learn how to drive system configuration monitoring using continuous monitoring tools to keep systems secure. You'll explore the concept and importance of monitoring system configuration within an organization for incident response. Next, you'll examine tools and strategies you can use to identify common issues, such as identifying weak passwords or common devices that use default credentials. You'll explore processes for operating and maintaining monitoring systems, including the use of security controls and assessments to ensure the incident response team remains compliant. Finally, you'll discover how to identify and interpret report findings from monitoring result, how to work with a monitoring program for system configuration, and how to recognize monitoring program challenges and possible solutions for incident response.

Discover how patch management strategies are an important part of an overall security strategy, beginning with basic patch management concepts and how to prioritize what to patch and when. Examine best practices, what to do when vendor-specific issues occur, and how to get issues patched before they become a threat. Explore various tools and techniques used to patch and harden systems and the process of implementing patches, including automating the process to make things easier for the day-to-day SecOps professional. Look at how to analyze and assess patches before implementation to prevent any unknowns or issues. Finally, how patch management fits into the Agile software development process and how to implement patches in a serverless architecture are also covered.

Cybersecurity is a growing concern for organizations, especially in government and in private sectors. Policies and regulations that need to be conformed to and practiced in the industry are also important considerations for incident response leaders. Explore regulation conformance for incident response, including how to build and apply a conformance plan in the workplace. Examine industry standards, how to apply techniques in regulation conformance, and how to handle incidents that require specific regulation conformance. Discover how to document incidents following the appropriate standards and how to provide a conformance plan that follows regulations and standards for the organization.

Incident Response Leader Perform tasks commonly completed by Incident Response Leaders tasks such as implementing data governance, deploying software and hardware patches, and implementing monitoring, controls and backups. Then, test your skills by answering assessment questions after responding to an active threat and performing a root cause analysis on an active threat on both a Windows system and a cloud based system. This lab is part of the Incident Response Leader track of the Skillsoft Aspire Penetration Tester to SecOps Engineer journey.

Final Exam: Incident Response Leader will test your knowledge and application of the topics presented throughout the Incident Response Leader track of the Skillsoft Aspire Penetration Tester to SecOps Engineer Journey.

• Ultimately, ethical hacking is about testing the risk level an

• organization has. In order to perform effective, professional
• ethical hacking, a knowledge of risk is essential. Explore risk
• assessment concepts, including risk calculations, responses, and
• models. Discover how to use the Common Vulnerability Scoring System
• and how to apply risk management concepts and evaluate risk in
• accordance with common standards.

• Ethical hacking is a means to avoid incidents and to discover

• them before they are realized. Often, ethical hacking is part of
• the response to an incident, so an understanding of incident
• handling is important for the ethical hacker. Explore the
• foundational concepts of incident response, including incident
• classification, recovery and remediation, and after action
• review.

Ethical hacking is not just random hacking attempts. It is a systematic testing of the target's security. For that reason, an understanding of security standards and formal testing methodologies is critical. Examine key security standards including penetration testing standards.

• Security devices and software are the technical aspect of

• security. An ethical hacker must be familiar with security
• technology in order to effectively conduct tests of the target
• organization's network. Explore security device and software
• concepts, firewall types and usage, SIEM systems, IDS/IPS,
• antivirus strategies, Windows Firewall, and how to implement
• Snort.

Account management and access control are fundamental to security, and it's vital to understand these technologies as an ethical hacker. Explore account creation concepts, standard access control models, attribute-based access control, and how to design account and access control.

One of the early stages in ethical hacking is reconnaissance of the target. Explore various scanning tools and techniques used in ethical hacking, including NMAP, OWASP ZAP, Vega, Shodan, and specialized Google searches.

Ultimately, ethical hacking is about hacking, so the ethical hacker must have some hands-on hacking skills. Explore fundamental hacking techniques, including SQL injection, cross-site scripting, malware, using viruses, DoS attacks, steganography, using Metasploit, and Windows hacking.

• Perform tasks commonly completed by Ethical Hackers such as disaster recovery configuration and testing, digital forensics, and data exfiltration. Then, test your skills by answering assessment questions after scanning websites and conducting SQL injections, as well as employing common hacking techniques to gain access to Windows and Linux machines.
• This lab provides access to tools typically used by Ethical Hackers, including:
• - ownCloud
• - Wireshark
• - Autopsy
• - Vega
• - Nikto
• This lab is part of the Ethical Hacker track of the Skillsoft Aspire Penetration Tester to SecOps Engineer Journey.

Final Exam: Ethical Hacker will test your knowledge and application of the topics presented throughout the Ethical Hacker track of the Skillsoft Aspire Penetration Tester to SecOps Engineer Journey.

• Explore SecOps engineering concepts, including why you should

• harden your infrastructure and operating systems to mitigate
• threats. Discover how to analyze Windows 10 issues, use security
• devices, and implement intrusion detection and prevention systems.
• In addition, Windows Server hardening, proper firewall placement,
• and using and deploying honeypots effectively is covered.

• Discover how to protect your software by applying secure coding

• practices. Explore key concepts, including filtering, validation,
• and the CERT Top 10 Secure Coding Practices. Examine methods for
• securing software deployment and continuous delivery, as well as
• secure software metrics and secure coding with C#, Python, and
• Java.

Explore cybersecurity engineering concepts, including security modeling techniques and the Security Modeling Language. Discover how to analyze and use security metrics, analyze failures, integrate systems engineering into cybersecurity operations, and apply security requirements engineering techniques.

Explore cloud and IoT security concepts, including common threats. Examine cloud architecture, types, and uses, as well as how to apply cloud security methods and techniques. Discover how to implement IoT security for a wide range of IoT devices.

Discover how to recognize and analyze common threats, such as malware, denial of service, social engineering, phishing, and insecure protocols. Examine how to integrate your analysis into mitigating these types threats and how to effectively use cyberthreat intelligence resources.

• Perform tasks commonly completed by SecOps Engineers such as configuring intrusion detection and prevention, Windows and network hardening, and creating and monitoring a honeypot. Then, test your skills by answering assessment questions after configuring items to protect against ransomware and denial of service attacks, configure auditing to detect insider threats, and impllement controls to protect insecure and legacy systems.
• This lab provides access to tools typically used by SecOps Engineers, including:
• - OPN SEnse
• - SPLUNK SIEM platform
• - ownCloud
• - FastNetMon DdoS Mitigation
• - Wazuh
• This lab is part of the SecOps Engineer track of the Skillsoft Aspire Penetration Tester to SecOps Engineer Journey.

Final Exam: SecOps Engineer will test your knowledge and application of the topics presented throughout the SecOps Engineer track of the Skillsoft Aspire Penetration Tester to SecOps Engineer Journey.