IT-Security Practitioner course

5 days

IT-Security Practitioner (ITSP) offers a unique combination of technical security skills, frameworks that govern IT security and key security management topics. You will immerse yourself in attack trends and mitigation techniques and practice technical skills in cybersecurity protection, detection, response and recovery. In addition, you will perform management and architecting activities, such as developing a cyber security framework, designing a security infrastructure, creating a role-based access model, and determining benchmarks for information classification.

ITSP benefits those that want to further specialize in the technical aspects of IT Security and lay the foundation to progress into a IT / Cyber Security Management role. If you are looking for an entry level cybersecurity training, you should take the IT Security Foundation course.

Lead Trainers

Arjen Verhiel
Trainer

Network & Infrastructure consultant

Jochen den Ouden
Trainer

Ethical Hacker
Cyber Security specialist

Dr. Rob van der Staaij
Trainer

IAM & IT-Infrastructure specialist

At a Glance

Advanced level

IT-Security Practitioner

5 days

Security administrators, analysts, architects, auditors or consultants,  looking to transition to an IT security management role

Prepare for successful progression into an IT- security management role or lay the foundation for further specialization in the technical aspects of IT Security

Solid basis in System-, Application- and Network Security, Cryptography and Identity & Access Management

Hands-on practical labs

Demonstrate an in-depth understanding of switches, routers, gateways, firewalls and intrusion detection systems;

Identify security measures to counter the OWASP Top 10

Translate relevant legal, regulatory and standard requirements and industry-best practices to a company-wide cybersecurity framework

What’s included

  • Official SECO-Institute course materials
  • Training from passionate instructors with exceptional skills
  • Access to the SECO lab environment
  • Access to the SECO member portal
  • Practice exam
  • Exam voucher
  • Membership to SECO’s Alumni Network after passing the exam

Syllabus

Day 1 – Introduction and Frameworks Governing IT Security

Topics:
• IT security concepts
• Security Requirements and Security design principles
• Threats, attacks and actors
• IT – security strategy principles
• Securing IT infrastructures

Exercises:
• Assets, Owners, Threats, Countermeasures
• Threats and the CIA triad
• Attack trees
• Protocols and devices
• Security zoning
• Threat Actors
• Nmap

Topics:
• Cybercrime & computer crime
• Responsible disclosure
• Working with law enforcement
• Intellectual property and IT Security
• Privacy and IT Security
• Sector-specific security requirements
• Standards and best practices (ISO, NIST, ENISA, CIS, OWASP)

Exercises:
• Develop a Secure Teleworking Policy
• Implement a Secure Teleworking Policy
• Describe technical requirements for allowing BYOD

Day 2 – Incident Management and Network Security

Topics:
• Incident handling
• Incident handling workflow
• Incident detection
• Incident registration
• Triage
• Incident resolution

Exercises:
• Incident Handling Workflow
• Metasploit

Topics:
• Network Architecture
• Network Segmentation
• Intrusion Detection Systems
• Firewalls and Intrusion Prevention Systems
• Hardening devices
• Unified Threat Management Systems

Exercises:
• Secure network architecture
• Intrusion detection using Snort
• Firewalls and Intrusion Prevention Systems
• Using Snort as an IPS
• Configuration and hardening

Day 3 – System, Mobile & IoT Security

Topics:
• System Security Planning
• Operating System Hardening
• Benchmark Security Testing
• Security Maintenance
• Linux and Windows system security
• Hardening Windows and Linux/Unix systems

Exercises:
• Benchmark Linux Debian
• Configurating & Hardening Devices
• Benchmark Windows

Mobile security
• Issues (OWASP)
• Attack vectors
• Targets
• Security controls
IoT security
• IoT Types
• Issues (OWASP)
• Attack vectors
• Targets
• Security controls

Day 4 – Application Security & Encryption

Topics:
• Software basics
• Making software more robust
• Software bugs
• Buffer overflows in depth
• Secure use of software

Exercises:
• Patch Management Policy
• Nessus
• John the Ripper

Topics:
• Confidentiality with Symmetric Encryption
• Message Authentication
• Public Key Encryption and Digital Signatures
• Applications Using Cryptography
• Hashing and how it is applied to safeguard integrity
• Encryption of data in store, or in transport
• Block ciphers and stream ciphers
• “state-of-the-art” algorithms and protocols
• Application of SSL/TLS
• Encryption best practices

Exercises:
• Public Key Encryption
• Public Key Encryption and Digital Signatures
• SSL/ TLS

Day 5 – Identity and Access Management & Ethical Hacking

Topics:
• Identity and access management
• User authentication methods and security issues
• Access control mechanisms
• User management

Exercises:
• Information classification model
• Attack tree for eavesdropping or replay attacks
• Design a Role-based Access Control model
• Open standards: OAuth and OpenID, SAML

Topics:
• Penetration testing practice
• Brute-force login
• Information disclosure vulnerabilities
• SQL injection
• Reading local system files
• Grabbing usernames and passwords from the database
• Gaining a php shell through SQL injections
• Creating a reverse shell to gain command-line access to the server
• Gaining root access to the server

Collect your badge of honor

Exam

  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 10 multiple choice, 5 open questions and 1 case
  • Time: 120 minutes

Join our Alumni Network

Dates & locations

This program is conducted by our training partner, Security Academy Online.

Find a Local Training Partner

Organize a class dedicated for your team