Course description

Embark on an exhilarating journey into cybersecurity with our cutting-edge 12-week course. Designed to cater to learners at all levels - from curious beginners to seasoned professionals - this program is your gateway to mastering the art and science of digital defense. Immerse yourself in a curriculum that seamlessly blends theoretical foundations with practical, hands-on experience. As cyber threats evolve at breakneck speed, our course stays ahead of the curve, incorporating the latest trends and technologies in the field. Whether you're looking to launch a career in cybersecurity, enhance your existing skills, or simply understand the digital landscape better, this course will equip you with the knowledge and tools to navigate the complex world of cyber threats and defenses. Prepare to unlock the secrets of ethical hacking, delve into the intricacies of network security, and emerge as a confident cybersecurity practitioner ready to tackle real-world challenges. Your cybersecurity adventure starts here – are you ready to secure the digital frontier?

Basic Level (4 weeks):

Week 1: Introduction to Cybersecurity

Lesson 1: Introduction to Cybersecurity

a.      Definition and scope of cybersecurity

b.      Historical evolution of cybersecurity

c.       Key figures in cybersecurity development

d.     Major cybersecurity events and their impact

e.      Practical Exercise

Lesson 2: The Importance of Cybersecurity and Basic Concepts

a.      Current cybersecurity landscape and emerging threats

b.      Impact of cyber-attacks on individuals, businesses, and nations

c.       Basic cybersecurity terminology and concepts

d.     The CIA triad: Confidentiality, Integrity, and Availability

e.      Introduction to common attack vectors and defense mechanisms

f.        Overview of cybersecurity careers and job roles

g.      Practical Exercises

Week 2: Understanding Cyber Threats

Lesson 3: Types of Cyber Threats

a.       Classification of cyber threats

b.       Passive vs. active threats

c.        Internal vs. external threats

d.       Common cyber-attack techniques (e.g., brute force, dictionary attacks, social engineering)

e.       Emerging threat landscapes (e.g., IoT vulnerabilities, AI-powered attacks)

f.        Practical Exercise

Lesson 4: Malware and Its Types

a.       Definition and characteristics of malware

b.       Types of malware: viruses, worms, trojans, rootkits, bootkit, adware, spyware

c.        Ransomware: function, impact, and notable incidents

d.       Malware infection vectors and propagation methods

e.       Anti-malware strategies and tools

f.        Practical Exercise

Lesson 5: Phishing and Social Engineering

a.       Understanding social engineering techniques

b.       Types of phishing attacks (spear phishing, whaling, vishing, smishing)

c.        Psychological manipulation tactics used in social engineering

d.       Real-world examples and case studies of successful phishing attacks

e.       Best practices for phishing prevention and awareness training

Lesson 6: Advanced Persistent Threats (APTs)

a.       Definition and characteristics of APTs

b.       APT lifecycle and attack stages

c.        Notable APT groups and their tactics

d.       APT detection and mitigation strategies

e.       Case studies of high-profile APT attacks

f.        Practical Exercise

Week 3: Vulnerabilities & Risk Assessment

Lesson 7: Understanding Vulnerabilities

a.       Definition and types of vulnerabilities (software, hardware, network, human)

b.       Common Vulnerabilities and Exposures (CVE) system

c.        OWASP Top 10 web application vulnerabilities

d.       CWE/SANS Top 25 software weaknesses

e.       Vulnerability scanning tools and techniques

f.        Practical Exercises

Lesson 8: Risk Assessment Techniques

a.       Introduction to risk management frameworks (e.g., NIST RMF, ISO 31000)

b.       Qualitative vs. quantitative risk assessment methods

c.        Risk assessment process: identification, analysis, evaluation

d.       Tools for risk assessment (e.g., risk matrices, decision trees)

e.       Developing a risk register and risk treatment plans

f.        Practical Exercise

Lesson 9: Identifying and Prioritizing Risks

a.       Threat modeling techniques (e.g., STRIDE, DREAD, PASTA)

b.       Asset identification and valuation

c.        Vulnerability assessment vs. penetration testing

d.       Risk prioritization based on impact and likelihood

e.       Creating risk heat maps and risk appetite statements

f.        Practical Exercises

Lesson 10: Risk Mitigation Strategies

a.       Overview of risk treatment options (avoid, transfer, mitigate, accept)

b.       Developing and implementing security controls

c.        Cost-benefit analysis of security measures

d.       Continuous monitoring and risk reassessment

e.       Incident response and business continuity planning

f.        Practical Exercises

Week 4: Network Security Fundamentals

Lesson 11: Introduction to Network Security

a.       OSI model and TCP/IP stack review

b.       Common network protocols and their security implications

c.        Network attack surface and threat vectors

d.       Network security zoning and segmentation

e.       Defense-in-depth strategy for network security

f.        Practical Exercises

Lesson 12: Firewalls and Their Configurations

a.       Types of firewalls: packet filtering, stateful inspection, application layer

b.       Next-generation firewalls (NGFW) and their features

c.        Firewall deployment strategies and best practices

d.       Firewall rule creation and management

e.       Firewall logging and analysis

f.        Practical Exercises

Lesson 13: Intrusion Detection and Prevention Systems (IDS/IPS)

a.       IDS vs. IPS: functions and differences

b.       Types of IDS/IPS: network-based, host-based, wireless

c.        Detection methods: signature-based, anomaly-based, behavior-based

d.       IDS/IPS deployment strategies and tuning

e.       Integrating IDS/IPS with other security tools (SIEM, firewalls)

f.        Practical Exercises

Lesson 14: Designing a Secure Network

a.       Network architecture design principles

b.       Implementing secure network protocols (e.g., HTTPS, SSH, VPN)

c.        Network Access Control (NAC) and 802.1X authentication

d.       Software-Defined Networking (SDN) and security implications

e.       Cloud network security considerations

f.        Practical Exercises

Intermediate Level (4 weeks):

Week 5: Web Application Security

Lesson 15: Introduction to Web Application Security

a.       Web application architecture and components

b.       OWASP Top 10 Web Application Security Risks

c.        Client-side vs. server-side security concerns

d.       Web application attack surface and common entry points

e.       Secure development lifecycle for web applications

f.        Practical Exercises

Lesson 16: Secure Design Principles

a.       OWASP ASVS (Application Security Verification Standard)

b.       Input validation and output encoding techniques

c.        Secure session management and authentication mechanisms

d.       Implementing proper access controls and authorization

e.       Secure communication protocols (TLS/SSL)

f.        Practical Exercises

Lesson17: Common Vulnerabilities and Exploits

·         Detailed exploration of:

a.      SQL Injection

b.      Cross-Site Scripting (XSS)

c.       Cross-Site Request Forgery (CSRF)

d.     Broken Authentication and Session Management

e.      Insecure Direct Object References

·         Practical examples and exploitation techniques

Lesson 18: Tools and Techniques for Securing Web Applications

a.       Web application firewalls (WAF)

b.       Static Application Security Testing (SAST) tools

c.        Dynamic Application Security Testing (DAST) tools

d.       Interactive Application Security Testing (IAST)

e.       Runtime Application Self-Protection (RASP)

f.        Practical Exercises

Week 6: Ethical Hacking and Penetration Testing

Lesson 19: Introduction to Ethical Hacking

a.       Defining ethical hacking and its importance

b.       Legal and ethical considerations in penetration testing

c.        Types of penetration tests (black box, white box, gray box)

d.       Penetration testing standards and methodologies

e.       Building a penetration testing lab

f.        Practical Exercises

Lesson 20: Penetration Testing Methodologies

  • Detailed exploration of penetration testing phases:

a.      Planning and reconnaissance

b.      Scanning and enumeration

c.       Gaining access (exploitation)

d.     Maintaining access

e.      Covering tracks

f.        Analysis and reporting

  • Comparing methodologies: OSSTMM, PTES, OWASP, NIST

g.      Practical Exercises

Lesson 21: Common Tools Used in Ethical Hacking

a.       Reconnaissance tools (e.g., Maltego, Recon-ng, theHarvester)

b.       Scanning and enumeration tools (e.g., Nmap, Nessus, OpenVAS)

c.        Exploitation frameworks (e.g., Metasploit, Canvas, Core Impact)

d.       Wireless hacking tools (e.g., Aircrack-ng, Kismet)

e.       Post-exploitation tools (e.g., Mimikatz, PowerSploit)

f.        Practical Exercises

Lesson 22: Reporting and Documentation

a.       Structure and components of a penetration testing report

b.       Writing executive summaries for technical and non-technical audiences

c.        Documenting vulnerabilities and providing remediation advice

d.       Creating actionable recommendations and prioritizing fixes

e.       Tools for penetration test management and reporting

f.        Practical Exercises

Week 7: Cyber Attacks and Defenses

Lesson 23: Network Mapping and Port Scanning

a.       Understanding network topology and architecture

b.       Active vs. passive network mapping techniques

c.        Port scanning techniques (TCP connect, SYN stealth, UDP scans)

d.       OS fingerprinting and service enumeration

e.       Evasion techniques and scan detection methods

f.        Practical Exercises

Lesson 24: Network Attacks and Defenses

a.       Man-in-the-Middle (MITM) attacks and prevention

b.       Denial of Service (DoS) and Distributed DoS (DDoS) attacks

c.        DNS attacks (cache poisoning, tunneling, hijacking)

d.       ARP spoofing and MAC flooding

e.       Network protocol vulnerabilities and exploitation

f.        Practical Exercises

Lesson 25: Web Application Attacks and Defenses

a.       Server-side attacks (command injection, file inclusion)

b.       Client-side attacks (DOM-based XSS, clickjacking)

c.        Authentication bypass techniques

d.       Session hijacking and fixation

e.       API security and common API vulnerabilities

f.        Practical Exercises

Lesson 26: Wi-Fi Attacks and Defenses

a.       Wi-Fi encryption protocols (WEP, WPA, WPA2, WPA3)

b.       Wi-Fi authentication methods and vulnerabilities

c.        Evil twin attacks and rogue access points

d.       Wi-Fi password cracking techniques

e.       Securing wireless networks: best practices and tools

f.        Practical Exercises

Week 8: Cryptography and Secure Communications

Lesson 27: Introduction to Cryptography

a.      Basic cryptographic concepts and terminology

b.      History of cryptography and notable ciphers

c.       Symmetric vs. asymmetric encryption

d.     Stream ciphers vs. block ciphers

e.      Cryptographic primitives: substitution, permutation, XOR

f.        Practical Exercises

Lesson 28: Symmetric and Asymmetric Encryption

a.       Symmetric algorithms (e.g., AES, DES, 3DES)

b.       Asymmetric algorithms (e.g., RSA, ECC, DSA)

c.        Key exchange protocols (e.g., Diffie-Hellman)

d.       Hybrid cryptosystems

e.       Quantum cryptography and post-quantum algorithms

f.        Practical Exercises

 

Lesson 29: Hashing and Digital Signatures

a.       Cryptographic hash functions (e.g., MD5, SHA family)

b.       Hash-based message authentication codes (HMAC)

c.        Digital signature algorithms and their applications

d.       Certificate authorities and the web of trust

e.       Blockchain technology and its cryptographic foundations

f.        Practical Exercises

Lesson 30: Public Key Infrastructure (PKI)

a.       Components of PKI: CA, RA, certificates, CRL

b.       X.509 certificate structure and extensions

c.        Certificate lifecycle management

d.       SSL/TLS protocols and HTTPS

e.       Implementing and managing a PKI system

f.        Practical Exercises

Advanced Level (4 weeks):

Week 9: Secure Coding and Password Security

Lesson 31: Introduction to Secure Coding

a.       Secure Software Development Lifecycle (SSDLC)

b.       Common software vulnerabilities and their causes

c.        Principles of secure coding (least privilege, defense in depth)

d.       Secure coding standards and guidelines (e.g., CERT, OWASP)

e.       Code review techniques and tools

f.        Practical Exercises

Lesson 32: Common Vulnerabilities in Code

a.       Buffer overflows and memory corruption

b.       Integer overflows and underflows

c.        Race conditions and TOCTOU vulnerabilities

d.       Insecure deserialization

e.       Error handling and information disclosure

f.        Practical Exercises

Lesson 33: Techniques for Secure Coding

a.       Input validation and sanitization

b.       Proper error handling and logging

c.        Secure memory management

d.       Least privilege principle in application design

e.       Secure API design and implementation

f.        Practical Exercises

Lesson 34: Password Security

a.       Password complexity requirements and policies

b.       Password hashing algorithms (e.g., bcrypt, Argon2, PBKDF2)

c.        Salting and pepper in password storage

d.       Multi-factor authentication methods

e.       Password managers and their security considerations

f.        Practical Exercises

Week 10: Incident Response and Digital Forensics

Lesson 35: Introduction to Incident Response

a.       Incident response lifecycle and NIST framework

b.       Building an incident response team and defining roles

c.        Creating and maintaining incident response plans

d.       Legal and regulatory considerations in incident response

e.       Communication strategies during incidents

f.        Practical Exercises

Lesson 36: Incident Response Planning and Execution

a.       Incident detection and analysis techniques

b.       Containment strategies and eradication procedures

c.        System and network recovery processes

d.       Post-incident activities and lessons learned

e.       Table-top exercises and incident simulation

f.        Practical Exercises

Lesson 37: Introduction to Digital Forensics

a.       Principles of digital forensics and chain of custody

b.       Types of digital evidence and their characteristics

c.        Legal considerations in digital forensics

d.       Live vs. dead box forensics

e.       Anti-forensics techniques and countermeasures

f.        Practical Exercises

Lesson 38: Forensic Investigation Techniques

a.       Disk forensics and file system analysis

b.       Memory forensics and volatile data collection

c.        Network forensics and traffic analysis

d.       Mobile device forensics

e.       Cloud forensics challenges and techniques

f.        Practical Exercises

Week 11: Advanced Security Operations

Lesson 39: Advanced Threat Detection

a.       Behavioral analysis and anomaly detection

b.       Machine learning in threat detection

c.        Threat hunting techniques and methodologies

d.       Indicators of Compromise (IoC) and their use

e.       Automated threat detection and response systems

f.        Practical Exercises

Lesson 40: Intelligence Analysis in Cybersecurity

a.       Cyber threat intelligence lifecycle

b.       Sources of threat intelligence (open-source, closed-source)

c.        Threat intelligence platforms and feeds

d.       Creating actionable intelligence reports

e.       Integrating threat intelligence into security operations

f.        Practical Exercises

Lesson 41: Security Information and Event Management (SIEM)

a.       SIEM architecture and components

b.       Log collection, normalization, and correlation

c.        Creating effective correlation rules and alerts

d.       SIEM use cases and scenario development

e.       SOAR (Security Orchestration, Automation and Response) integration

f.        Practical Exercises

Lesson 42: Day-to-Day Operations of a Security Team

a.       Security operations center (SOC) structure and roles

b.       Shift management and handover procedures

c.        Metrics and KPIs for security operations

d.       Continuous improvement in security processes

e.       Collaboration with other IT and business units

f.        Practical Exercises

Week 12: Capstone Project, Future Trends, and Certification

Lesson 43: Capstone Cybersecurity Project

a.       Comprehensive security assessment of a fictitious organization

b.       Vulnerability assessment and penetration testing

c.        Incident response plan development

d.       Security policy and procedure creation

e.       Presentation of findings and recommendations

f.        Practical Exercises

Lesson 44: Exploring Future Trends in Cybersecurity

a.       Artificial Intelligence and Machine Learning in cybersecurity

b.       Quantum computing and its impact on cryptography

c.        Internet of Things (IoT) security challenges

d.       Zero Trust architecture and implementation

e.       Cybersecurity in cloud-native and edge computing environments

f.        Practical Exercises

Lesson 45: Final Quiz and Course Certification

a.       Comprehensive assessment covering all course topics

b.       Practical projects to demonstrate acquired skills

c.        Review of key concepts and best practices

d.       Preparation for industry certifications (e.g., CompTIA Security+, CEH)

e.     Course completion certificate and next steps in the cybersecurity career

What will i learn?

  • Gain a broad and deep understanding of cybersecurity concepts, from basics to advanced topics.
  • Develop the ability to identify and understand various cyber threats, including malware, phishing, and advanced persistent threats (APTs).
  • Learn to assess vulnerabilities and conduct risk assessments in various IT environments.
  • Acquire knowledge of network security fundamentals and how to protect network infrastructure.
  • Understand secure design principles and common vulnerabilities in web applications.
  • Gain practical experience in ethical hacking and penetration testing techniques.
  • Learn to defend against various types of cyber attacks, including network, web, and Wi-Fi attacks.
  • Understand the basics of cryptography and secure communications.
  • Learn principles of secure coding and how to prevent common vulnerabilities like SQL injection and cross-site scripting (XSS).
  • Develop skills in incident response and digital forensics.
  • Gain knowledge in threat detection, intelligence analysis, and security information and event management (SIEM).
  • Prepare for career development in the cybersecurity field, including certification preparation.
  • Complete a capstone project, demonstrating the ability to apply learned concepts in a real-world scenario.
  • Gain insights into emerging technologies and future trends in cybersecurity.
  • Obtain a course completion certification, potentially preparing for industry-recognized certifications .

Who Should Attend

  • IT professionals looking to transition into cybersecurity
  • University and College graduates with computer science or related degrees
  • Security enthusiasts wanting to formalize their knowledge
  • Professionals seeking to enhance their current cybersecurity skills
  • Anyone interested in starting a career in cybersecurity

Target Audience

Frequently asked question

The course is 12 weeks long, with 108 hours of instruction.

The course covers a wide range of cybersecurity topics, from basic concepts to advanced operations, including threats, vulnerabilities, network security, ethical hacking, cryptography, and incident response.

Yes, there is a capstone project in the final week (Week 12) of the course.

Yes, the course does offer certification. This is explicitly mentioned in Week 12's curriculum, which includes "Certification" as part of its key lessons.

The time commitment varies from 8 to 10 hours per week, depending on the topic.

International Capacity Building and Management Development

₦0

Lectures

7

Skill level

Advanced

Expiry period

4 Months

Certificate

Yes

Related courses