IT-Security Practitioner course

5 days

IT-Security Practitioner (ITSP) offers a unique combination of technical security skills, frameworks that govern IT security and key security management topics. You will immerse yourself in attack trends and mitigation techniques and practice technical skills in cybersecurity protection, detection, response and recovery. In addition, you will perform management and architecting activities, such as developing a cyber security framework, designing a security infrastructure, creating a role-based access model, and determining benchmarks for information classification.

ITSP benefits those that want to further specialize in the technical aspects of IT Security and lay the foundation to progress into a IT / Cyber Security Management role. If you are looking for an entry level cybersecurity training, you should take the IT Security Foundation course.

Lead Trainers

Arjen Verhiel

Network & Infrastructure consultant

Jochen den Ouden

Ethical Hacker
Cyber Security specialist

Dr. Rob van der Staaij

IAM & IT-Infrastructure specialist

At a Glance

Advanced level

IT-Security Practitioner

5 days

Security administrators, analysts, architects, auditors or consultants,  looking to transition to an IT security management role

Prepare for successful progression into an IT- security management role or lay the foundation for further specialization in the technical aspects of IT Security

Solid basis in System-, Application- and Network Security, Cryptography and Identity & Access Management

Hands-on practical labs

Demonstrate an in-depth understanding of switches, routers, gateways, firewalls and intrusion detection systems;

Identify security measures to counter the OWASP Top 10

Translate relevant legal, regulatory and standard requirements and industry-best practices to a company-wide cybersecurity framework

What’s included

  • Official SECO-Institute course materials
  • Training from passionate instructors with exceptional skills
  • Access to the SECO lab environment
  • Access to the SECO member portal
  • Practice exam
  • Exam voucher
  • Membership to SECO’s Alumni Network after passing the exam


Day 1 – Introduction and Frameworks Governing IT Security

• IT security concepts
• Security Requirements and Security design principles
• Threats, attacks and actors
• IT – security strategy principles
• Securing IT infrastructures

• Assets, Owners, Threats, Countermeasures
• Threats and the CIA triad
• Attack trees
• Protocols and devices
• Security zoning
• Threat Actors
• Nmap

• Cybercrime & computer crime
• Responsible disclosure
• Working with law enforcement
• Intellectual property and IT Security
• Privacy and IT Security
• Sector-specific security requirements
• Standards and best practices (ISO, NIST, ENISA, CIS, OWASP)

• Develop a Secure Teleworking Policy
• Implement a Secure Teleworking Policy
• Describe technical requirements for allowing BYOD

Day 2 – Incident Management and Network Security

• Incident handling
• Incident handling workflow
• Incident detection
• Incident registration
• Triage
• Incident resolution

• Incident Handling Workflow
• Metasploit

• Network Architecture
• Network Segmentation
• Intrusion Detection Systems
• Firewalls and Intrusion Prevention Systems
• Hardening devices
• Unified Threat Management Systems

• Secure network architecture
• Intrusion detection using Snort
• Firewalls and Intrusion Prevention Systems
• Using Snort as an IPS
• Configuration and hardening

Day 3 – System, Mobile & IoT Security

• System Security Planning
• Operating System Hardening
• Benchmark Security Testing
• Security Maintenance
• Linux and Windows system security
• Hardening Windows and Linux/Unix systems

• Benchmark Linux Debian
• Configurating & Hardening Devices
• Benchmark Windows

Mobile security
• Issues (OWASP)
• Attack vectors
• Targets
• Security controls
IoT security
• IoT Types
• Issues (OWASP)
• Attack vectors
• Targets
• Security controls

Day 4 – Application Security & Encryption

• Software basics
• Making software more robust
• Software bugs
• Buffer overflows in depth
• Secure use of software

• Patch Management Policy
• Nessus
• John the Ripper

• Confidentiality with Symmetric Encryption
• Message Authentication
• Public Key Encryption and Digital Signatures
• Applications Using Cryptography
• Hashing and how it is applied to safeguard integrity
• Encryption of data in store, or in transport
• Block ciphers and stream ciphers
• “state-of-the-art” algorithms and protocols
• Application of SSL/TLS
• Encryption best practices

• Public Key Encryption
• Public Key Encryption and Digital Signatures

Day 5 – Identity and Access Management & Ethical Hacking

• Identity and access management
• User authentication methods and security issues
• Access control mechanisms
• User management

• Information classification model
• Attack tree for eavesdropping or replay attacks
• Design a Role-based Access Control model
• Open standards: OAuth and OpenID, SAML

• Penetration testing practice
• Brute-force login
• Information disclosure vulnerabilities
• SQL injection
• Reading local system files
• Grabbing usernames and passwords from the database
• Gaining a php shell through SQL injections
• Creating a reverse shell to gain command-line access to the server
• Gaining root access to the server

Collect your badge of honor


  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 10 multiple choice, 5 open questions and 1 case
  • Time: 120 minutes

Join our Alumni Network

Dates & locations

This program is conducted by our training partner, Security Academy Online.

Find a Local Training Partner

Organize a class dedicated for your team