C)CSA: Cybersecurity Analyst

This course helps you prepare an organization to create a complete end to end solution for monitoring, preventing, detecting, and mitigating threats as they arise in real time.

Do not fool yourself, this course is far more advanced than you may expect. It is fast paced and thorough, so you can enjoy a well-rounded experience. Be ready to dig deep into the details of security analysis for today's needs.

You will be able to set up and deploy state of the art open source and commercial analysis tools, intrusion detection tools, syslog servers, and SIEMs.  You will also be able to integrate them for an entire organization.

*This course maps to the mile2 Certified Cyber Security Analyst Exam as well as the Comp TIA CySA+CS0-001 certification exam.

Prerequisites

Any of the following Mile2 Courses

  • Certified Security Principles
  • Certified Digital Forensics Examiner
  • Certified Incident Handling Engineer
  • Certified Professional Ethical Hacker

Target audience
  • Security Professionals
  • Incident Handling Professionals
  • Anyone in a Security Operations Center
  • Forensics Experts
  • Cybersecurity Analysts

 


Modules:

  • Module 01: Blue Team Principles
  • Module 02: Digital Forensics
  • Module 03: Malware Analysis
  • Module 04: Traffic Analysis
  • Module 05: Assessing the Current State of Defense within an Organization
  • Module 06: Leveraging SIEM for Advances Analytics
  • Module 07: Defeating the Red Team with Purple Team Tactics

Detailed outline:

Chapter 1: Blue Team Principles   

  1. Network Architecture and how it lays the groundwork
    1. Defensive Network
  2. Security Data Locations and how they tie together
  3. Security Operations Center
    1. The People, Processes, and Technology
    2. Triage and Analysis
    3. Digital Forensics
    4. Incident Handling
    5. Vulnerability Management
  4. Automation, Improvement, and Tuning

Chapter 1 Labs: Blue Team Principles

  1. Analyze Initial Compromise Vector
  2. Network Forensics
  3. System Forensics

Chapter 2: Digital Forensics  

  1. Investigative Theory and Processes 
    1. Digital Acquisition 
    2. Evidence Protocols 
    3. Evidence Presentation 
  2. Computer Forensics Laboratory 
    1. Protocols 
    2. Processing Techniques 
    3. Specialized Artifacts 
  3. Advanced Forensics for Today’s Exploitations 

Chapter 2 Labs: Digital Forensics

  1. Analysis of Captured Network Activity
  2. Analysis of Captured Zip File

Chapter 3: Malware Analysis  

  1. Creating the Safe Environment 
  2. Static Analysis 
  3. Dynamic Analysis 
  4. Behavior Based Analysis 
  5. What is different about Ransomware? 
  6. Manual Code Reversing 

Chapter 3 Labs: Malware Analysis

  1. Analysis of an MSFVenom Executable
  2. Analysis of Locky Ransomware
  3. Creating YARA Rules based on Analysis Results
  4. Final Assessment

Chapter 4: Traffic Analysis  

  1. Manual Analysis Principles 
  2. Automated Analysis Principles 
    1. Signatures compared to Behaviors 
  3. Application Protocols Analysis Principles 
  4. Networking Forensics 

Chapter 4 Labs: Traffic Analysis 

  1. Traffic Analysis of a Website Defacement Attack
  2. Traffic Analysis Based on IDS Alerts
  3. Traffic Analysis of a ZLoader Delivery Attempt
  4. Bonus: Find the Backdoor!!!

Chapter 5: Assessing the Current State of Defense with the Organization  

  1. Network Architecture and Monitoring 
  2. Endpoint Architecture and Monitoring 
  3. Automation, Improvement, and continuous monitoring 

Chapter 5 Labs: Assessing the Current State of Defense within the Organization

  1. Configuring a Firewall
  2. Configuring SIEM
  3. Configuring IPDS
  4. Upgrading Detection/Protection Capabilities

Chapter 6: Leveraging SIEM for Advanced Analytics  

  1. Architectural Benefits 
  2. Profiling and Baselining 
  3. Advanced Analytics 

Chapter 6 Labs: Leveraging SIEM for Advanced Analytics

  1. Deploying Agent
  2. Implementing User Behavior Analytics through Machine Learning
  3. Simulate an Attack and Analyze Alerts

Chapter 7: Defeating the Red Team with Purple Team tactics  

  1. Penetration Testing with full knowledge 
    1. Reconnaissance 
    2. Scanning 
    3. Enumeration 
    4. Exploitation 
    5. Lateral Movement 

Chapter 7 Labs: Defeating the Red Team with Purple Team Tactics

  1. Configuring Defensive Systems
  2. Purple Team Testing
  3. Mitigation
  4. Bypass Anti-Virus and LSASS Patch through edited Mimikatz


Upon completion:

Upon completion, the Certified Cybersecurity Analyst candidate will be able to competently take the C)CSA Exam. They will also be ready to prepare an organization for proactive defense against today’s hackers.

Exam information:

The Certified Cybersecurity Analyst exam is taken online through Mile2’s Learning Management System and is accessible on you Mile2.com account.  The exam will take approximately 2 hours and consist of 100 multiple choice questions. 

A minimum grade of 70% is required for certification.

Exam is included in the course fee!

Re-certification requirements:

All Mile2 certifications will be awarded a 3-year expiration date.

There are two requirements to maintain Mile2 certification:

  1. Pass the most current version of the exam for your respective existing certification
  2. Earn and submit 20 CEUs per year in your Mile2 account.   


FAQ

  1. Hvem passer dette kurset for?
    Kurset er rettet mot sikkerhetsprofesjonelle og analytikere som jobber med overvåkning, forebygging, deteksjon og mitigering av trusler i sanntid. Typiske deltakere:

    • Security professionals / analysts

    • Incident handling teams

    • Personell i Security Operations Center (SOC)

    • Forensics-eksperter

    • Anyone som arbeider med organisasjonens cyber-forsvar

  2. Hvilke forkunnskaper bør jeg ha?
    Anbefalte forkunnskaper (én eller flere av følgende Mile2-kurs eller tilsvarende erfaring):

    • Certified Security Principles (CSP)

    • Certified Digital Forensics Examiner (CDFE)

    • Certified Incident Handling Engineer (CIHE)

    • Certified Professional Ethical Hacker (C)PEH
      Kurset er avansert og forutsetter at du har grunnleggende forståelse av nettverk, systemer og sikkerhetsprinsipper.

  3. Hvordan foregår kurset?

    1. Varighet: 5 dager (instruktørledet).

    2. Format: Tilbys både fysisk og live virtuelt.

    3. Kombinasjon av undervisning, praktiske demoer og omfattende lab-øvelser utført i kursets cyber-range / labmiljø.

  4. Er dette kurset praktisk? (labs & øvelser)
    Ja — tungt lab-fokus. Eksempler på labs:

    1. Etablering av IPs og logging inn i VMer

    2. Blue Team-øvelser og nettverksforensics

    3. Digital forensics-analyser (fil/arkiv, minne, nettverk)

    4. Malware-analyse og oppretting av YARA-regler

    5. Trafikkanalyse av reelle angreps-scenarier (defacement, levering, backdoor-jakting)

    6. Konfigurering av brannmur, SIEM, IDS/IPS, og oppgradering av deteksjonsevner

    7. Purple team-øvelser: simulert angrep + defensive mitigasjoner

  5. Hva slags materiell og ressurser får jeg?

    • Offisielt Mile2-kursmateriell og digitale ressurser

    • Tilgang til labmiljø / Cyber Range for øvelser

    • Kursnotater og øvingsoppgaver fra instruktør

  6. Hva koster kurset?
    Kursavgift: 35 000 NOK.
    Eksamen er inkludert i kursprisen.

  7. Gir kurset sertifisering?
    Ja — kurset forbereder deg og inkluderer eksamen for Certified Cybersecurity Analyst (C)CSA fra Mile2.

    1. Eksamen: tas online via Mile2 LMS.

    2. Format: Ca. 2 timer, typisk 100 multiple-choice spørsmål.

    3. Bestått: Minst 70 % kreves.

    4. Sertifiseringens gyldighet: 3 år. For fornyelse gjelder krav om å bestå gjeldende eksamen og å rapportere CEUs.

  8. Hvem bør delta (mer konkret)?

    1. SOC-analytikere og teamledere

    2. Incident responders og forensics-personell

    3. Security engineers som ansvarer for logging, SIEM og deteksjon

    4. Personell som skal bygge eller forbedre organisasjonens defensive kapasiteter

  9. Kan jeg delta digitalt?
    Ja – kurset tilbys både som fysisk klasserom og som live virtuelt kurs.

  10. Kan jeg få kurset tilpasset / bestille for organisasjonen min?
    Ja – kurs kan leveres som bedriftsinternt og skreddersys etter organisasjonens behov (fokus på spesifikke verktøy, policies eller trusselbilder).

  11. Praktiske tips før kurs og eksamen

    1. Forbered deg: Gjør deg kjent med grunnleggende nettverks- og OS-forensics, samt grunnleggende malware-konsepter.

    2. Hands-on: Prioriter øving i labmiljø (trafikkanalyse, SIEM-konfigurasjon, malware-sandboxing).

    3. Studer labsituasjoner: Kurs-eksamen inkluderer ofte praktiske case; erfaring fra labene gjør stor forskjell.

    4. Sertifiseringsstrategi: Les eksamenskrav og sørg for å logge CEUs/vedlikehold i Mile2-kontoen etter bestått eksamen.

Andre relevante kurs

C)CSO: Cloud Security Officer
5 dager
Classroom Virtual
C)CSSA: Cybersecurity Systems Auditor
4 dager
Classroom Virtual
C)CSSM: Certified Cybersecurity Systems Manager
4 dager
Classroom Virtual
C)DFE: Digital Forensics Examiner
5 dager
Classroom Virtual