Certificate Programs: Cyber Defense Operations

Certificate Programs: Cyber Defense Operations

The Cyber Defense Operations graduate certificate program is a highly technical, 12 credit hour program with a cohesive set of learning outcomes focused on teaching the applied technologies used to defend and secure information assets and business systems at an organization.

Because traditional counter defenses are no longer effective in stopping malware, viruses, and other advanced attacks-it is a forgone conclusion that targeted organizations will be compromised. Therefore, proactive and layered defensive tactics are needed to stop the adversary.

The Cyber Defense Operations certificate program provides a mechanism for students to learn the essential operational techniques used to defend an enterprise, plus allows them an elective choice to further specialize their capabilities. All work completed in the certificate program may be applied directly in fulfillment of the master's degree requirements should the student matriculate in the master's program.

Curriculum - 12 Credit Hours

Expand each course for a full description.

Core Courses (6 Credit Hours):
ISE 5401: Intrusion Detection In-Depth |   SEC 503, GCIA

Content: SANS SEC 503 Intrusion Detection In-Depth
Assessment: GIAC GCIA Exam
3 Credit Hours

ISE 5401 arms students with the core knowledge, tools, and techniques to detect and analyze network intrusions, building in breadth and depth for advanced packet and traffic analysis. Hands-on exercises supplement the course book material, allowing students to transfer the knowledge in their heads to their keyboards using the Packetrix VMware distribution. As the Packetrix name implies, the distribution contains many of the tricks of the trade to perform packet and traffic analysis.

ISE 6240: Continuous Monitoring and Security Operations   |   SEC 511, GMON

Content: SANS SEC 511 Continuous Monitoring and Security Operations
Assessment: GIAC GMON Exam
3 Credit Hours

ISE 6240 teaches a proactive approach to security that is needed to enhance the capabilities of organizations to detect threats that will inevitably slip through their defenses. The Defensible Security Architecture, Network Security Monitoring (NSM)/Continuous Diagnostics and Mitigation (CDM)/Continuous Security Monitoring (CSM) taught in this course will help students best position their organization or Security Operations Center (SOC) to analyze threats and detect anomalies that could indicate cybercriminal behavior.

Elective Courses (6 Credit Hours):

Students select two of the following courses.

ISE 6001: Implementing & Auditing the Critical Security Controls |   SEC 566, GCCC

Content: SANS SEC 566 Implementing and Auditing the Critical Security Controls - In-Depth
Assessment: GIAC GCCC Exam
3 Credit Hours

Students are introduced to security standards and their implementation, with particular focus on the consensus Critical Controls guidelines that were developed through collaboration of U.S. Departments of Defense and Energy, the U.S. Computer Emergency Readiness Team, the FBI and other law enforcement agencies, and civilian penetration testers. The course teaches the theoretical and practical underpinnings for implementing or deploying a strategy for information assurance in an agency or organization. Using the information presented in the ISE 5101 course, this course helps students understand not only what to do to stop a threat, but why the threat exists and how to ensure that their organization is indeed in compliance with their standards.

ISE 6215: Advanced Security Essentials   |   SEC 501, GCED

Content: SANS SEC 501 Advanced Security Essentials - Enterprise Defender
Assessment: GIAC GCED Exam
3 Credit Hours

Students will learn how to design and build a secure network that can both prevent attacks and recover after a compromise. They will also learn how to retrofit an existing network to achieve the level of protection that is required. While prevention is important to learn, students will also learn how to detect the indications that the attack is in progress and stop it before significant harm is caused. Packet analysis and intrusion detection are at the core of this study. In the third module, students will learn about the variety of tests that can be run against an organization and how to perform effective penetration testing. To round out the defensive posture, students will learn the practice of identifying, analyzing, and responding effectively to attacks, including the identification of malware and steps that can be taken to prevent data loss.

ISE 6230: Securing Windows & PowerShell Automation |   SEC 505, GCWN

Content: SANS Securing Windows and PowerShell Automation
Assessment: GIAC GCWN Exam
3 Credit Hours

ISE 6230 shows students how to secure servers, workstations and portable devices running Microsoft Windows. Windows is the most frequent target of hackers and advanced malware. While other courses focus on detection or remediation of a compromise after the fact, the aim of this course is to substantially reduce these compromises in the first place. For scalability and automation, this course includes many hands-on labs with Group Policy and PowerShell scripting. No prior scripting experience is required. Learning at least the basics of PowerShell is an essential skill for anyone who manages Windows servers or clients in an enterprise.

ISE 6235: Securing Linux/Unix   |   SEC 506, GCUX

Content: SANS SEC 506 Securing Linux/Unix
Assessment: GIAC GCUX Exam
3 Credit Hours

ISE 6235 provides the specific technical education to enable students to secure Linux and Unix clients and infrastructure. This course is particularly valuable for students who are involved with sysadmins and network administrators, given the popularity of *nix tools in that space. The course covers various vulnerabilities and defenses, and includes an introduction to forensic methods for *nix systems.

The ideal candidate for the Cyber Defense Operations certificate program is an information technology professional with a year or more of experience working with network infrastructures, or an information security professional who is or seeks to specialize in setting up defense-in-depth strategies, auditing for their effectiveness. Candidates will also be interested in the follow-on detection and response activities to malicious traffic in order to maintain defensible networks.

Learn How To

  1. Utilize a broad range of current tools and technologies in the design and implementation of security solutions deployed across organizations.
  2. Identify the information assets of an enterprise, classify them by value, and determine what management and technical controls can be used to monitor and audit them effectively.
  3. Develop a program for analyzing the risk to the information assets in an enterprise and determining which technical and management controls can mitigate, remove, or transfer that risk.
  4. Articulate important attacker techniques, analyze the traffic that flows on networks, and identify indications of an attack, engage in penetration testing within their organization, and respond to incidents associated with these activities within their organization

Quick Links:

Admissions Deadlines & Application Requirements
Tuition & Options for Funding