12-Week Cybersecurity Curriculum with Emphasis on Foundational Certifications
12-Week Cybersecurity Curriculum with Emphasis on Foundational Certifications
This 12-week curriculum is designed to provide students with foundational knowledge and skills required for entry-level roles in cybersecurity, such as Cybersecurity Analyst and Ethical Hacker. The course focuses on essential concepts and hands-on training to prepare students for foundational certifications like CompTIA Security+, Certified Ethical Hacker (CEH), and CompTIA Network+. By the end of this 12-week curriculum, learners will be prepared for entry-level cybersecurity roles. Hands-on labs and practice exams will help solidify the skills needed to land a job in cybersecurity.
Week 1: Introduction to Cybersecurity & Certifications Overview
Objective:
- Understand the role of cybersecurity professionals and the importance of securing information systems.
- Get an overview of the key certifications that will be covered in the curriculum: CompTIA Security+, Certified Ethical Hacker (CEH), and CompTIA Network+.
Key Topics:
- Introduction to cybersecurity: Importance of information security.
- Overview of career paths: Cybersecurity Analyst, Ethical Hacker, SOC Analyst, etc.
- Key foundational certifications: CompTIA Security+, CEH, CompTIA Network+.
- Overview of the OSI model and networking fundamentals.
Resources:
- CompTIA Security+ Overview https://cybersecurityguide.org/programs/cybersecurity-certifications/security/
- Certified Ethical Hacker (CEH) Overview https://cybersecurityguide.org/programs/cybersecurity-certifications/ceh/
- "Cybersecurity for Beginners" by Raef Meeuwisse (https://www.amazon.com/Cybersecurity-Beginners-Raef-Meeuwisse/dp/1483431231
- Introduction to Cybersecurity | Cisco Networking Academy
https://www.netacad.com/courses/introduction-to-cybersecurity?courseLang=en-US
Week 2: Introduction to Networking and the OSI Model
Objective:
- Understand networking fundamentals essential for cybersecurity.
- Learn about the OSI model and how network protocols work.
Key Topics:
- The OSI model and its seven layers.
- IP addressing and subnetting basics.
- Network devices: Routers, switches, firewalls, access points.
- TCP/IP stack and how it relates to cybersecurity.
Resources:
- CompTIA Network+ Study Guide
- "CompTIA Network+ Certification All-in-One Exam Guide" by Mike Meyers
https://www.amazon.com/CompTIA-Network-Certification-Seventh-N10-007/dp/1260122387
- Cisco Networking Basics
Week 3: CompTIA Security+ Fundamentals – Threats, Attacks, and Vulnerabilities
Objective:
- Understand the different types of cyber threats and attacks.
- Learn about common vulnerabilities and how to protect against them.
Key Topics:
- Types of cyber threats: Malware, phishing, DDoS, APTs.
- Attack vectors: Email, web, social engineering.
- Vulnerability scanning and management.
- Identifying and responding to threats.
Resources:
- "CompTIA Security+ Study Guide" by Mike Chapple
Week 4: Network Security and Firewalls
Objective:
- Learn how to secure a network and protect it from external and internal threats.
- Understand firewall configurations and security monitoring techniques.
Key Topics:
- Introduction to network security: Firewalls, IDS/IPS.
- Configuring and monitoring firewalls.
- VPNs, proxies, and network segmentation.
- Common network security protocols: SSL, TLS, IPSec.
Resources:
- "Network Security Essentials" by William Stallings
- Firewall Security Basics
Week 5: CompTIA Security+ – Identity and Access Management (IAM)
Objective:
- Understand identity management and access control systems.
- Learn about authentication methods, permissions, and multi-factor authentication.
Key Topics:
- Types of authentication: Passwords, biometrics, multi-factor authentication.
- Role-based access control (RBAC) and least privilege principle.
- Managing user accounts and permissions.
- Identity management tools and systems.
Resources:
https://youtu.be/ZoOyyqhptik?si=OeOu0uRJOXKvNbv5
Week 6: Introduction to Ethical Hacking
Objective:
- Understand the role of ethical hacking in cybersecurity.
- Learn the ethical, legal, and professional responsibilities of ethical hackers.
Key Topics:
- The basics of ethical hacking and penetration testing.
- Key ethical hacking tools: Nmap, Wireshark, Metasploit.
- Legal issues: Rules of engagement, permissions.
- Penetration testing methodologies (Reconnaissance, Scanning, Exploitation).
Resources:
- Certified Ethical Hacker (CEH) Study Guide
- "The Web Application Hacker's Handbook" by Dafydd Stuttard & Marcus Pinto
- Intro to Ethical Hacking
https://youtu.be/-4t37keyWEY?si=CTImb8jMaVqdcqwm
Week 7: CompTIA Security+ – Cryptography
Objective:
- Learn about cryptographic protocols and methods used to secure data.
- Understand encryption standards and how to implement them in practice.
Key Topics:
- Introduction to encryption: Symmetric and asymmetric encryption.
- Cryptographic algorithms: AES, RSA, ECC.
- Public Key Infrastructure (PKI).
- Digital signatures, hashing, and certificate management.
Resources:
- "Cryptography and Network Security" by William Stallings
- Cryptography Basics
https://youtu.be/GGILQcO843s?si=eiM71QsWFw2KCro3
Week 8: Risk Management and Incident Response
Objective:
- Learn how to manage and respond to cybersecurity incidents.
- Understand risk management frameworks and business continuity planning.
Key Topics:
- Risk assessment and mitigation techniques.
- Cybersecurity incident response planning.
- Disaster recovery and business continuity planning.
- Handling security breaches and forensic investigations.
Resources:
- "Incident Response & Computer Forensics" by Jason Luttgens & Matthew Pepe
https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684
- Incident Response Process https://youtu.be/fU_w8Ou9RVg?si=6uktu5W5fTumw75p
Week 9: Vulnerability Scanning and Penetration Testing
Objective:
- Learn how to scan systems and networks for vulnerabilities.
- Understand the penetration testing lifecycle and methodologies.
Key Topics:
- Vulnerability scanning tools: Nessus, OpenVAS, Nexpose.
- Hands-on penetration testing techniques.
- Ethical hacking tools and setup.
- Reporting vulnerabilities and findings.
Resources:
- "The Hacker Playbook" by Peter Kim
- Penetration Testing Tool
https://youtu.be/B7tTQ272OHE?si=yQfJUAybdwXsMWrY
Week 10: Hands-On Ethical Hacking – Lab and Practice
Objective:
- Engage in practical exercises to apply ethical hacking techniques.
- Gain hands-on experience with penetration testing tools and methodologies.
Key Topics:
- Setting up a penetration testing lab (Kali Linux, Metasploit).
- Practical use of tools like Nmap, Metasploit, Wireshark.
- Exploiting vulnerabilities in a controlled environment.
- Conducting a penetration test from start to finish.
Resources:
- Kali Linux Tutorial for Beginners
Week 11: Preparing for the CompTIA Security+ Exam
Objective:
- Review key topics covered in the course in preparation for the CompTIA Security+
- Practice with exam questions and quizzes.
Key Topics:
- Review of topics: Network security, threat management, risk management, cryptography.
- Study tips and resources for the Security+ exam.
- Practice exam questions and mock tests.
- Time management during exams.
Resources:
- "CompTIA Security+ Practice Tests" by Glen E. Clarke
- YouTube: Security+ Practice Exams
Week 12: Final Exam & Career Preparation
Objective:
- Take the final exam to assess knowledge and readiness.
- Learn how to prepare for cybersecurity job roles, build a resume, and network.
Key Topics:
- Final exam covering all topics: Security principles, network security, ethical hacking.
- Career pathways: Cybersecurity Analyst, Ethical Hacker, SOC Analyst.
- Resume building and interview tips for cybersecurity roles.
Resources:
Assessment:
- Weekly quizzes or short assessments based on the week's material.
- Practical assignments: Setting up security tools, conducting penetration tests, etc.
- Final written exam and practical exam (mock support scenarios, penetration tests).
Week 1:
Introduction to Cybersecurity & Security Principles
Objectives:
- Understand cybersecurity basics.
- Learn about risk management concepts.
- Understand security governance, policies, and compliance frameworks.
- Discuss key security concepts (Confidentiality, Integrity, Availability - CIA Triad).
Key Topics:
- Security concepts and principles
- Cybersecurity governance and risk management
- Security policies, procedures, and documentation
- Business continuity and disaster recovery
Resources:
- CompTIA Security+ Study Guide (SY0-701)
- Video series: “Cybersecurity Fundamentals” on YouTube or Udemy.
- Relevant chapters from "CompTIA Security+ All-in-One Exam Guide, 6th Edition" (by Darril Gibson)
Week 2:
Attacks, Threats, and Vulnerabilities
Objectives:
- Identify different types of attacks and threats.
- Understand social engineering attacks and techniques.
- Learn about various malware and their impact on systems.
- Investigate vulnerability management.
Key Topics:
- Types of malware (viruses, worms, Trojans, ransomware)
- Social engineering attacks (phishing, pretexting, baiting, etc.)
- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
- Vulnerability scanning and patch management
Resources:
- Study the “Attacks, Threats, and Vulnerabilities” section in the CompTIA Security+ Official Study Guide.
- Practice with examples of social engineering scenarios.
- Watch related YouTube tutorials (e.g., Professor Messer's Security+ series).
Week 3:
Identity and Access Management
Objectives:
- Learn about identity management systems and authentication methods.
- Understand access control models and their applications.
- Explore multi-factor authentication (MFA) and password policies.
Key Topics:
- Identity and access management (IAM) concepts
- Authentication methods (username/password, biometrics, certificates)
- Single sign-on (SSO) and Federation
- Access control models (DAC, MAC, RBAC)
Resources:
- Review chapters on IAM from "CompTIA Security+ All-in-One Exam Guide."
- Watch videos on authentication and access control.
- Practical exercises with role-based access control simulations.
Week 4:
Network Security
Objectives:
- Learn about network security architecture and design.
- Understand common security protocols used in networking.
- Learn about firewalls, VPNs, and proxies.
Key Topics:
- Network security protocols (TLS, IPSec, HTTPS, etc.)
- Firewalls and intrusion detection/prevention systems (IDS/IPS)
- Virtual Private Networks (VPNs)
- Secure network architecture
Resources:
- Study networking and security concepts from CompTIA Network+ and Security+ study guides.
- Explore hands-on lab exercises (e.g., configuring firewalls, VPNs).
- Network security videos on Pluralsight or LinkedIn Learning.
Week 5:
Cryptography
Objectives:
- Understand cryptographic algorithms and their use cases.
- Learn how to manage public and private keys.
- Study hashing, encryption, and digital signatures.
Key Topics:
- Symmetric vs. asymmetric encryption
- Key management and Public Key Infrastructure (PKI)
- Digital certificates and signatures
- Cryptographic hashing (SHA, MD5, etc.)
Resources:
- Review the "Cryptography" section in the Security+ Study Guide.
- Watch tutorials on encryption algorithms and key management.
- Use online resources to practice with encryption/decryption exercises.
Week 6:
Risk Management
Objectives:
- Understand risk management concepts.
- Learn about risk analysis and mitigation strategies.
- Explore security frameworks and standards (ISO, NIST, etc.).
Key Topics:
- Risk assessment and mitigation
- Risk management frameworks (NIST 800-53, ISO 27001)
- Security controls (preventative, detective, corrective)
- Business Continuity and Disaster Recovery Planning
Resources:
- Dive into NIST’s risk management framework.
- Watch related risk management lectures (Udemy, LinkedIn Learning).
- Practice risk scenarios and decision-making exercises.
Week 7:
Security Operations and Incident Response
Objectives:
- Understand incident response lifecycle.
- Learn about the tools used in security operations.
- Investigate methods of identifying, analyzing, and responding to security incidents.
Key Topics:
- Incident response process
- Security Information and Event Management (SIEM)
- Common security monitoring tools
- Forensics and evidence gathering
Resources:
- Study the "Security Operations" and "Incident Response" sections in your Security+ materials.
- Hands-on exercises with SIEM tools like Splunk (free version).
- Review real-world case studies of cybersecurity incidents.
Week 8:
Cloud Security
Objectives:
- Learn the fundamentals of cloud computing and security models.
- Understand cloud service models (IaaS, PaaS, SaaS).
- Explore common security issues related to the cloud.
Key Topics:
- Cloud computing deployment models (public, private, hybrid)
- Shared responsibility model in the cloudCloud security risks and mitigations
- Data protection and encryption in the cloud
Resources:
- Review the cloud security section in your study guide.
- Study cloud security best practices (AWS, Azure, Google Cloud).
- Practical exercises in securing cloud resources.
Week 9:
Mobile Device Security
Objectives:
- Learn how to secure mobile devices in a business environment.
- Explore mobile device management (MDM) systems.
- Understand security challenges with mobile apps.
Key Topics:
- Mobile device security measures (encryption, remote wipe, etc.)
- Mobile Device Management (MDM)
- BYOD policies and security concerns
- Mobile application vulnerabilities
Resources:
- Review materials on mobile security.
- Use emulators or labs for testing mobile security features.
- Watch case studies or videos on mobile security incidents.
Week 10:
Security Assessment & Testing
Objectives:
- Learn how to conduct vulnerability assessments and penetration testing.
- Understand the tools used for security testing.
- Explore the role of security audits and assessments.
Key Topics:
- Vulnerability scanning and assessment tools (Nessus, OpenVAS)
- Penetration testing methodologies
- Ethical hacking vs. illegal hacking
- Security audits and reporting
Resources:
- Study hands-on labs in ethical hacking (using platforms like TryHackMe or Hack The Box).
- Watch tutorials on security testing and vulnerability scanning.
- Review real-world security audit reports.
Week 11:
Security in the Software Development Life Cycle (SDLC)
Objectives:
- Understand secure coding principles.
- Learn about software security best practices.
- Explore the role of DevSecOps in development.
Key Topics:
- Secure software development practices (input validation, error handling)
- Application security vulnerabilities (SQL injection, cross-site scripting)
- DevSecOps and security automation
Resources:
- Watch videos on secure coding practices and DevSecOps.
- Study application security testing tools (OWASP ZAP, Burp Suite).
- Explore SDLC security stages and best practices.
Week 12:
Review and Practice Tests
Objectives:
- Review all topics covered.
- Take practice exams and identify weak areas.
- Prepare for the exam day.
Key Topics:
- Comprehensive review of all exam objectives
- Practice with multiple full-length practice exams
- Identify areas of weakness and review those topics
Resources:
Take official CompTIA Security+ practice exams (available through CompTIA).
Use online exam simulators (e.g., ExamCompass or Boson).
Review any topics you struggled with during practice exams.