CertNexus CyberSec First Responder® (CFR)

On this accelerated 3-day CyberSec First Responder (CFR) course, you'll learn the skills to monitor, detect and execute appropriate responses for IT security incidents - 40% faster than traditional training. With these skills, you'll become the first line of defense against cyber-attacks, boosting your business' existing IT security measures.

You'll be immersed in the curriculum through our unique Lecture | Lab | Review technique, which allows you learn and retain information faster.

Your expert instructor will introduce tools and tactics used to manage cyber security risks, teaching you to identify a range of common threats and how to collect and analyse cyber security intelligence. You'll learn how to:

• Assess information security risk, attacks and post-attacks in computing and network environments.
• Analyse the cyber security threat landscape and evaluate the organisation's security posture within a risk management framework
• Analyse reconnaissance threats to computing and network environments.
• Collect cybersecurity intelligence.
• Analyse data collected from security and event logs.
• Perform active analysis on assets and networks.
• Investigate and respond to cyber security incidents.

During the course, you'll prepare for and sit the CyberSec First Responder CFR-210 exam, covered by your Certification Guarantee.

If you're a cyber security practitioner responsible for protecting information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation, this course is ideal for you. This course is also suitable for those looking to fulfill DoD directive 8570.01 for information assurance (IA) training.

Lesson 1: Assessing Information Security Risk

• Identify the Importance of Risk Management
• Assess Risk
• Mitigate Risk
• Integrate Documentation into Risk Management

Lesson 2: Analysing the Threat Landscape

• Classify Threats and Threat Profiles
• Perform Ongoing Threat Research

Lesson 3: Analysing Reconnaissance Threats to Computing and Network Environments

• Implement Threat Modeling
• Assess the Impact of Reconnaissance Incidents
• Assess the Impact of Social Engineering

Lesson 4: Analysing Attacks on Computing and Network Environments

• Assess the Impact of System Hacking Attacks
• Assess the Impact of Web-Based Attacks
• Assess the Impact of Malware
• Assess the Impact of Hijacking and Impersonation Attacks
• Assess the Impact of DoS Incidents
• Assess the Impact of Threats to Mobile Security
• Assess the Impact of Threats to Cloud Security

Lesson 5: Analysing Post-Attack Techniques

• Assess Command and Control Techniques
• Assess Persistence Techniques: Assess Lateral Movement and Pivoting Techniques
• Assess Data Exfiltration Techniques
• Assess Anti-Forensics Techniques

Lesson 6: Evaluating the Organisation’s Security Posture

• Conduct Vulnerability Assessments
• Conduct Penetration Tests on Network Assets
• Follow Up on Penetration Testing

Lesson 7: Collecting Cybersecurity Intelligence

• Deploy a Security Intelligence Collection and Analysis Platform
• Collect Data from Network-Based Intelligence Sources
• Collect Data from Host-Based Intelligence Sources

Lesson 8: Analysing Log Data

• Use Common Tools to Analyse Logs
• Use SIEM Tools for Analysis
• Parse Log Files with Regular Expressions

Lesson 9: Performing Active Asset and Network Analysis

• Analyse Incidents with Windows-Based Tools
• Analyse Incidents with Linux-Based Tools
• Analyse Malware
• Analyse Indicators of Compromise

Lesson 10: Responding to Cybersecurity Incidents

• Deploy an Incident Handling and Response Architecture
• Mitigate Incidents
• Prepare for Forensic Investigation as a CSIRT

Lesson 11: Investigating Cybersecurity Incidents

• Apply a Forensic Investigation Plan
• Securely Collect and Analyse Electronic Evidence
• Follow Up on the Results of an Investigation

Appendix A: Mapping Course Content to CyberSec First Responder (Exam CFR-210)
Appendix B: List of Security Resources
Appendix C: U.S. Department of Defense Operational Security Practices

It is recommended your possess the following knowledge, skills, and experience prior to the course:

• At least two years of experience in computer network security technology or a related field.
• The ability to recognize information security vulnerabilities and threats in the context of risk management.
• A working knowledge of common computer operating systems.
• A working knowledge of the concepts and operational frameworks of common assurance safeguards in computing environments (including, but not limited to: basic authentication and authorization, resource permissions, and anti-malware mechanisms).
• A working knowledge of common networking concepts, such as routing and switching.
• A working knowledge of the concepts and operational frameworks of common assurance safeguards in network environments (including, but not limited to: firewalls, intrusion prevention systems [IPSs], and virtual private networks [VPNs]).

You can achieve the level of skill and knowledge required by attending the following courses:

• CompTIA A+
• CompTIA Network+
• CompTIA Security+

You'll sit the following exam at the Firebrand Training Centre, covered by your Certification Guarantee:

• Exam CFR-210: CyberSec First Responder: Threat Detection and Response
• Exam format: multiple-choice
• Exam duration: 120 questions
• Number of questions: 100