Cyber Defense Analyst (CDA-301)
This is a closed class. It requires a contract. On-site for 22 people.
Days: 5 Days Labs: Yes –Local Cyber Range
Type of Course: Advanced Security / Technical
Prerequisites: Introduction to Cyber Defense Analyst for Technologist (CDA-SVY)
About this course: Maps to NICE Protect and Defend category providing technical skills to collect data from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs)
Goals: Analyze events that occur within their environments for the purposes of mitigating threats. Oversee the incident response program for a mission.
Topics: Tactics and techniques used by today’s advanced persistent threats, open source Linux distribution for intrusion detection, enterprise security monitoring, and log management, advanced incident handling, buffer overflow, all types of attacks, covering tracks, reconnaissance, scanning, session hijacking and cache poisoning, techniques for maintaining access, web applications attacks, worms, bots, and bot-nets.
Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.
Students are expected to have basic experience in the areas of networking and DoD Cybersecurity as well as knowledge of related Cybersecurity policies and procedures. Course support DISA responsibilities in DoD Cybersecurity Discipline Implementation Plan, DoD I 8551.01, the STIG’s and NIST SP800-53. The course covers topics in NICCS / NICE and ARTEP.