12-Week Cybersecurity Curriculum with Emphasis on Foundational Certifications

12-Week Cybersecurity Curriculum with Emphasis on Foundational Certifications

This 12-week curriculum is designed to provide students with foundational knowledge and skills required for entry-level roles in cybersecurity, such as Cybersecurity Analyst and Ethical Hacker. The course focuses on essential concepts and hands-on training to prepare students for foundational certifications like CompTIA Security+, Certified Ethical Hacker (CEH), and CompTIA Network+.  By the end of this 12-week curriculum, learners will be prepared for entry-level cybersecurity roles. Hands-on labs and practice exams will help solidify the skills needed to land a job in cybersecurity.

Week 1: Introduction to Cybersecurity & Certifications Overview

Objective:

  • Understand the role of cybersecurity professionals and the importance of securing information systems.
  • Get an overview of the key certifications that will be covered in the curriculum: CompTIA Security+, Certified Ethical Hacker (CEH), and CompTIA Network+.

Key Topics:

  • Introduction to cybersecurity: Importance of information security.
  • Overview of career paths: Cybersecurity Analyst, Ethical Hacker, SOC Analyst, etc.
  • Key foundational certifications: CompTIA Security+, CEH, CompTIA Network+.
  • Overview of the OSI model and networking fundamentals.

Resources:

https://www.netacad.com/courses/introduction-to-cybersecurity?courseLang=en-US

Week 2: Introduction to Networking and the OSI Model

Objective:

  • Understand networking fundamentals essential for cybersecurity.
  • Learn about the OSI model and how network protocols work.

Key Topics:

  • The OSI model and its seven layers.
  • IP addressing and subnetting basics.
  • Network devices: Routers, switches, firewalls, access points.
  • TCP/IP stack and how it relates to cybersecurity.

Resources:

  • CompTIA Network+ Study Guide

https://www.amazon.com/CompTIA-Network-Study-Guide-Authorized/dp/1119811635/ref=asc_df_1119811635/?tag=hyprod-20&linkCode=df0&hvadid=693504103190&hvpos=&hvnetw=g&hvrand=16854166463717216369&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-1111834259192&psc=1&mcid=f411dd72f44531e289722ba87ae0ce01&tag=hyprod-20&linkCode=df0&hvadid=693504103190&hvpos=&hvnetw=g&hvrand=16854166463717216369&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-1111834259192&psc=1

  • "CompTIA Network+ Certification All-in-One Exam Guide" by Mike Meyers

https://www.amazon.com/CompTIA-Network-Certification-Seventh-N10-007/dp/1260122387

  • Cisco Networking Basics

https://www.amazon.com/Cisco-Networking-Essentials-Troy-McMillan/dp/1119092159?source=ps-sl-shoppingads-lpcontext&ref_=fplfs&psc=1&smid=ATVPDKIKX0DER

Week 3: CompTIA Security+ Fundamentals – Threats, Attacks, and Vulnerabilities

Objective:

  • Understand the different types of cyber threats and attacks.
  • Learn about common vulnerabilities and how to protect against them.

Key Topics:

  • Types of cyber threats: Malware, phishing, DDoS, APTs.
  • Attack vectors: Email, web, social engineering.
  • Vulnerability scanning and management.
  • Identifying and responding to threats.

Resources:

  • "CompTIA Security+ Study Guide" by Mike Chapple

https://www.amazon.com/CompTIA-Security-Study-Guide-SY0-601/dp/1119736250/ref=mp_s_a_1_1?dib=eyJ2IjoiMSJ9.tLEFNJ5Rghly26IrasfxNg.1byq4QnXRBspZxQCvzVwzwEBFk3v7AGulu5Pu94JES0&dib_tag=se&keywords=9781119736257&linkCode=qs&qid=1731281109&s=books&sr=1-1

Week 4: Network Security and Firewalls

Objective:

  • Learn how to secure a network and protect it from external and internal threats.
  • Understand firewall configurations and security monitoring techniques.

Key Topics:

  • Introduction to network security: Firewalls, IDS/IPS.
  • Configuring and monitoring firewalls.
  • VPNs, proxies, and network segmentation.
  • Common network security protocols: SSL, TLS, IPSec.

Resources:

  • "Network Security Essentials" by William Stallings

https://www.amazon.com/Network-Security-Essentials-Applications-Standards/dp/013452733X/ref=asc_df_013452733X/?tag=hyprod-20&linkCode=df0&hvadid=693504103190&hvpos=&hvnetw=g&hvrand=11956224805559821943&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-762652618512&psc=1&mcid=9b92f83a10063a1694c749c4261a6929&tag=hyprod-20&linkCode=df0&hvadid=693504103190&hvpos=&hvnetw=g&hvrand=11956224805559821943&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-762652618512&psc=1

  • Firewall Security Basics

https://www.barnesandnoble.com/w/absolute-beginners-guide-to-personal-firewalls-jerry-ford-jr/1100321833?ean=9780132713405

Week 5: CompTIA Security+ – Identity and Access Management (IAM)

Objective:

  • Understand identity management and access control systems.
  • Learn about authentication methods, permissions, and multi-factor authentication.

Key Topics:

  • Types of authentication: Passwords, biometrics, multi-factor authentication.
  • Role-based access control (RBAC) and least privilege principle.
  • Managing user accounts and permissions.
  • Identity management tools and systems.

Resources:

https://youtu.be/ZoOyyqhptik?si=OeOu0uRJOXKvNbv5

Week 6: Introduction to Ethical Hacking

Objective:

  • Understand the role of ethical hacking in cybersecurity.
  • Learn the ethical, legal, and professional responsibilities of ethical hackers.

Key Topics:

  • The basics of ethical hacking and penetration testing.
  • Key ethical hacking tools: Nmap, Wireshark, Metasploit.
  • Legal issues: Rules of engagement, permissions.
  • Penetration testing methodologies (Reconnaissance, Scanning, Exploitation).

Resources:

  • Certified Ethical Hacker (CEH) Study Guide

https://www.amazon.com/Certified-Ethical-Hacker-Practice-Questions/dp/1394186924/ref=asc_df_1394186924/?tag=hyprod-20&linkCode=df0&hvadid=693033695646&hvpos=&hvnetw=g&hvrand=11956616321359411200&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-1909741755753&psc=1&mcid=a219938de5443c639ee4d2f6c2e31017&tag=hyprod-20&linkCode=df0&hvadid=693033695646&hvpos=&hvnetw=g&hvrand=11956616321359411200&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-1909741755753&psc=1

  • "The Web Application Hacker's Handbook" by Dafydd Stuttard & Marcus Pinto

https://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778/ref=mp_s_a_1_2?crid=10MLR5UUPOXHI&dib=eyJ2IjoiMSJ9.tGkKR7sLcBn5FrZHJpkjfd9X114Fr9M3Ud3FlO4uIq0igKZagygYxmuIbBtsROFOL1uxcdY4GtuxnFPkzUhR6A.jDKvU4VR8_JQdsjyykdo-2V5Rcx-vN_vSuhse9RkVMQ&dib_tag=se&keywords=%22The+Web+Application+Hacker%27s+Handbook%22+by+Dafydd+Stuttard+%26+Marcus+Pinto&qid=1731284266&sprefix=the+web+application+hacker%27s+handbook+by+dafydd+stuttard+%26+marcus+pinto%2Caps%2C257&sr=8-2

  • Intro to Ethical Hacking

https://youtu.be/-4t37keyWEY?si=CTImb8jMaVqdcqwm

Week 7: CompTIA Security+ – Cryptography

Objective:

  • Learn about cryptographic protocols and methods used to secure data.
  • Understand encryption standards and how to implement them in practice.

Key Topics:

  • Introduction to encryption: Symmetric and asymmetric encryption.
  • Cryptographic algorithms: AES, RSA, ECC.
  • Public Key Infrastructure (PKI).
  • Digital signatures, hashing, and certificate management.

Resources:

  • "Cryptography and Network Security" by William Stallings

https://www.amazon.com/Cryptography-Network-Security-Principles-Practice/dp/1292437480/ref=asc_df_1292437480/?tag=hyprod-20&linkCode=df0&hvadid=692875362841&hvpos=&hvnetw=g&hvrand=7597788011452995025&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-2281435178098&psc=1&mcid=09c4e104db0f302ead635c81f02fad17&hvocijid=7597788011452995025-1292437480-&hvexpln=73&tag=hyprod-20&linkCode=df0&hvadid=692875362841&hvpos=&hvnetw=g&hvrand=7597788011452995025&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-2281435178098&psc=1

  • Cryptography Basics

https://youtu.be/GGILQcO843s?si=eiM71QsWFw2KCro3

Week 8: Risk Management and Incident Response

Objective:

  • Learn how to manage and respond to cybersecurity incidents.
  • Understand risk management frameworks and business continuity planning.

Key Topics:

  • Risk assessment and mitigation techniques.
  • Cybersecurity incident response planning.
  • Disaster recovery and business continuity planning.
  • Handling security breaches and forensic investigations.

Resources:

  • "Incident Response & Computer Forensics" by Jason Luttgens & Matthew Pepe

https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684

  • Incident Response Process https://youtu.be/fU_w8Ou9RVg?si=6uktu5W5fTumw75p

Week 9: Vulnerability Scanning and Penetration Testing

Objective:

  • Learn how to scan systems and networks for vulnerabilities.
  • Understand the penetration testing lifecycle and methodologies.

Key Topics:

  • Vulnerability scanning tools: Nessus, OpenVAS, Nexpose.
  • Hands-on penetration testing techniques.
  • Ethical hacking tools and setup.
  • Reporting vulnerabilities and findings.

Resources:

  • "The Hacker Playbook" by Peter Kim

https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1494932636/ref=asc_df_1494932636/?tag=hyprod-20&linkCode=df0&hvadid=692875362841&hvpos=&hvnetw=g&hvrand=5813445312812459975&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-2281435178858&psc=1&mcid=be1b26c9802d3c0494b2c3b10eed3406&hvocijid=5813445312812459975-1494932636-&hvexpln=73&tag=hyprod-20&linkCode=df0&hvadid=692875362841&hvpos=&hvnetw=g&hvrand=5813445312812459975&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-2281435178858&psc=1

  • Penetration Testing Tool

https://youtu.be/B7tTQ272OHE?si=yQfJUAybdwXsMWrY

Week 10: Hands-On Ethical Hacking – Lab and Practice

Objective:

  • Engage in practical exercises to apply ethical hacking techniques.
  • Gain hands-on experience with penetration testing tools and methodologies.

Key Topics:

  • Setting up a penetration testing lab (Kali Linux, Metasploit).
  • Practical use of tools like Nmap, Metasploit, Wireshark.
  • Exploiting vulnerabilities in a controlled environment.
  • Conducting a penetration test from start to finish.

Resources:

  • Kali Linux Tutorial for Beginners

https://www.amazon.com/Linux-Beginners-Practical-Comprehensive-Self-Evaluation/dp/1671228081/ref=mp_s_a_1_3_sspa?adgrpid=76567850806&dib=eyJ2IjoiMSJ9.FU078hiTgm8rMUq8jH-tcxLSyXixgD9vFKJKu7noLcqcD01IjuXI3x97R5UORnk2g11mTjmbuP-NOC_MhO8rrIG--vAtUEGGzRws1Za9EpI-ioptehdDFCMPNQ5V-W-E96t_S8MFLJmw_8jqJDVY68ZYm3N28AGPpxtbWQgUC1wRZ_IzoYNID8voEAgkmKMG6clnpfDPRN9u3EgjGNjUUA.PGw598pXKWdmR-WtR8-L5JsAJ9qR4Sg70zB87Bodrp8&dib_tag=se&hvadid=580747991253&hvdev=m&hvlocphy=9026269&hvnetw=g&hvqmt=b&hvrand=10780863802057833639&hvtargid=kwd-304243929570&hydadcr=21311_13326624&keywords=kali+linux+for+dummies&qid=1731285643&sr=8-3-spons&sp_csd=d2lkZ2V0TmFtZT1zcF9waG9uZV9zZWFyY2hfYXRm&psc=1

Week 11: Preparing for the CompTIA Security+ Exam

Objective:

  • Review key topics covered in the course in preparation for the CompTIA Security+
  • Practice with exam questions and quizzes.

Key Topics:

  • Review of topics: Network security, threat management, risk management, cryptography.
  • Study tips and resources for the Security+ exam.
  • Practice exam questions and mock tests.
  • Time management during exams.

Resources:

  • "CompTIA Security+ Practice Tests" by Glen E. Clarke

https://www.amazon.com/CompTIA-Security-Certification-Practice-SY0-601/dp/126046797X/ref=asc_df_126046797X/?tag=hyprod-20&linkCode=df0&hvadid=693033695646&hvpos=&hvnetw=g&hvrand=5720158513641222517&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-992905653967&psc=1&mcid=06bef1ce21bf370a9afade0b0559f13e&tag=hyprod-20&linkCode=df0&hvadid=693033695646&hvpos=&hvnetw=g&hvrand=5720158513641222517&hvpone=&hvptwo=&hvqmt=&hvdev=m&hvdvcmdl=&hvlocint=&hvlocphy=9026269&hvtargid=pla-992905653967&psc=1

  • YouTube: Security+ Practice Exams

Week 12: Final Exam & Career Preparation

Objective:

  • Take the final exam to assess knowledge and readiness.
  • Learn how to prepare for cybersecurity job roles, build a resume, and network.

Key Topics:

  • Final exam covering all topics: Security principles, network security, ethical hacking.
  • Career pathways: Cybersecurity Analyst, Ethical Hacker, SOC Analyst.
  • Resume building and interview tips for cybersecurity roles.

Resources:

Assessment:

  • Weekly quizzes or short assessments based on the week's material.
  • Practical assignments: Setting up security tools, conducting penetration tests, etc.
  • Final written exam and practical exam (mock support scenarios, penetration tests).

Week 1:

Introduction to Cybersecurity & Security Principles

Objectives:

  • Understand cybersecurity basics.
  • Learn about risk management concepts.
  • Understand security governance, policies, and compliance frameworks.
  • Discuss key security concepts (Confidentiality, Integrity, Availability - CIA Triad).

Key Topics:

  • Security concepts and principles
  • Cybersecurity governance and risk management
  • Security policies, procedures, and documentation
  • Business continuity and disaster recovery

Resources:

  • CompTIA Security+ Study Guide (SY0-701)
  • Video series: “Cybersecurity Fundamentals” on YouTube or Udemy.
  • Relevant chapters from "CompTIA Security+ All-in-One Exam Guide, 6th Edition" (by Darril Gibson)

Week 2:

Attacks, Threats, and Vulnerabilities

Objectives:

  • Identify different types of attacks and threats.
  • Understand social engineering attacks and techniques.
  • Learn about various malware and their impact on systems.
  • Investigate vulnerability management.

Key Topics:

  • Types of malware (viruses, worms, Trojans, ransomware)
  • Social engineering attacks (phishing, pretexting, baiting, etc.)
  • Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
  • Vulnerability scanning and patch management

Resources:

  • Study the “Attacks, Threats, and Vulnerabilities” section in the CompTIA Security+ Official Study Guide.
  • Practice with examples of social engineering scenarios.
  • Watch related YouTube tutorials (e.g., Professor Messer's Security+ series).

Week 3:

Identity and Access Management

Objectives:

  • Learn about identity management systems and authentication methods.
  • Understand access control models and their applications.
  • Explore multi-factor authentication (MFA) and password policies.

Key Topics:

  • Identity and access management (IAM) concepts
  • Authentication methods (username/password, biometrics, certificates)
  • Single sign-on (SSO) and Federation
  • Access control models (DAC, MAC, RBAC)

Resources:

  • Review chapters on IAM from "CompTIA Security+ All-in-One Exam Guide."
  • Watch videos on authentication and access control.
  • Practical exercises with role-based access control simulations.

Week 4:

Network Security

Objectives:

  • Learn about network security architecture and design.
  • Understand common security protocols used in networking.
  • Learn about firewalls, VPNs, and proxies.

Key Topics:

  • Network security protocols (TLS, IPSec, HTTPS, etc.)
  • Firewalls and intrusion detection/prevention systems (IDS/IPS)
  • Virtual Private Networks (VPNs)
  • Secure network architecture

Resources:

  • Study networking and security concepts from CompTIA Network+ and Security+ study guides.
  • Explore hands-on lab exercises (e.g., configuring firewalls, VPNs).
  • Network security videos on Pluralsight or LinkedIn Learning.

Week 5:

Cryptography

Objectives:

  • Understand cryptographic algorithms and their use cases.
  • Learn how to manage public and private keys.
  • Study hashing, encryption, and digital signatures.

Key Topics:

  • Symmetric vs. asymmetric encryption
  • Key management and Public Key Infrastructure (PKI)
  • Digital certificates and signatures
  • Cryptographic hashing (SHA, MD5, etc.)

Resources:

  • Review the "Cryptography" section in the Security+ Study Guide.
  • Watch tutorials on encryption algorithms and key management.
  • Use online resources to practice with encryption/decryption exercises.

Week 6:

Risk Management

Objectives:

  • Understand risk management concepts.
  • Learn about risk analysis and mitigation strategies.
  • Explore security frameworks and standards (ISO, NIST, etc.).

Key Topics:

  • Risk assessment and mitigation
  • Risk management frameworks (NIST 800-53, ISO 27001)
  • Security controls (preventative, detective, corrective)
  • Business Continuity and Disaster Recovery Planning

Resources:

  • Dive into NIST’s risk management framework.
  • Watch related risk management lectures (Udemy, LinkedIn Learning).
  • Practice risk scenarios and decision-making exercises.

Week 7:

Security Operations and Incident Response

Objectives:

  • Understand incident response lifecycle.
  • Learn about the tools used in security operations.
  • Investigate methods of identifying, analyzing, and responding to security incidents.

Key Topics:

  • Incident response process
  • Security Information and Event Management (SIEM)
  • Common security monitoring tools
  • Forensics and evidence gathering

Resources:

  • Study the "Security Operations" and "Incident Response" sections in your Security+ materials.
  • Hands-on exercises with SIEM tools like Splunk (free version).
  • Review real-world case studies of cybersecurity incidents.

Week 8:

Cloud Security

Objectives:

 

  • Learn the fundamentals of cloud computing and security models.
  • Understand cloud service models (IaaS, PaaS, SaaS).
  • Explore common security issues related to the cloud.

Key Topics:

  • Cloud computing deployment models (public, private, hybrid)
  • Shared responsibility model in the cloudCloud security risks and mitigations
  • Data protection and encryption in the cloud

Resources:

  • Review the cloud security section in your study guide.
  • Study cloud security best practices (AWS, Azure, Google Cloud).
  • Practical exercises in securing cloud resources.

Week 9:

Mobile Device Security

Objectives:

  • Learn how to secure mobile devices in a business environment.
  • Explore mobile device management (MDM) systems.
  • Understand security challenges with mobile apps.

Key Topics:

  • Mobile device security measures (encryption, remote wipe, etc.)
  • Mobile Device Management (MDM)
  • BYOD policies and security concerns
  • Mobile application vulnerabilities

Resources:

  • Review materials on mobile security.
  • Use emulators or labs for testing mobile security features.
  • Watch case studies or videos on mobile security incidents.

Week 10:

Security Assessment & Testing

Objectives:

  • Learn how to conduct vulnerability assessments and penetration testing.
  • Understand the tools used for security testing.
  • Explore the role of security audits and assessments.

Key Topics:

  • Vulnerability scanning and assessment tools (Nessus, OpenVAS)
  • Penetration testing methodologies
  • Ethical hacking vs. illegal hacking
  • Security audits and reporting

Resources:

  • Study hands-on labs in ethical hacking (using platforms like TryHackMe or Hack The Box).
  • Watch tutorials on security testing and vulnerability scanning.
  • Review real-world security audit reports.

Week 11:

Security in the Software Development Life Cycle (SDLC)

Objectives:

  • Understand secure coding principles.
  • Learn about software security best practices.
  • Explore the role of DevSecOps in development.

Key Topics:

  • Secure software development practices (input validation, error handling)
  • Application security vulnerabilities (SQL injection, cross-site scripting)
  • DevSecOps and security automation

Resources:

  • Watch videos on secure coding practices and DevSecOps.
  • Study application security testing tools (OWASP ZAP, Burp Suite).
  • Explore SDLC security stages and best practices.

Week 12:

Review and Practice Tests

Objectives:

  • Review all topics covered.
  • Take practice exams and identify weak areas.
  • Prepare for the exam day.

Key Topics:

  • Comprehensive review of all exam objectives
  • Practice with multiple full-length practice exams
  • Identify areas of weakness and review those topics

Resources:

Take official CompTIA Security+ practice exams (available through CompTIA).

Use online exam simulators (e.g., ExamCompass or Boson).

Review any topics you struggled with during practice exams.