Lab - Becoming a Defender (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Objectives
Research and analyze what it takes to become a network defender

Background / Scenario
In our technology-centric world, as the world gets more connected, it also gets less safe. Cybersecurity is one
of the fastest growing and in-demand professions. Individuals in this field perform a wide variety of jobs
including but not limited to consultation, investigation and program management services to mitigate risks
through both internal and external sources. Cybersecurity professionals are required to evaluate, design and
implement security plans, conduct in-depth fraud investigation and perform security research and risk
assessment and propose solutions to potential security breaches.
Individuals with good security skills have a great earning potential. To be considered for one of these high
paying jobs, it is imperative to have the proper qualifications. To this effect, it is important to consider the
industry certificates available for this career path. There are many certifications to choose from, and selecting
the right certificate(s) for you individually requires careful consideration.
Note: You can use the web browser in virtual machine installed in a previous lab to research security related
issues. By using the virtual machine, you may prevent malware from being installed on your computer.

Required Resources
 PC or mobile device with Internet access

Step 1: Conduct search of Certifications.

a. Using your favorite search engine conduct a search for the most popular certifications are (in terms of
what people hold, not necessarily what employers demand):
(ISC)2: CISSP - Certified Information Systems Security Professional
ISACA: CISM - Certified Information Security Manager
EC-Council: CEH - Certified Ethical Hacker
ISACA: CRISC - Certified in Risk and Information Systems Control
(ISC)2: CCSP - Certified Cloud Security Professional
ISACA: CISA - Certified Information Systems Auditor
(ISC)2: CISSP-ISSMP - Information Systems Security Management Professional also please see the
ISC’s specifics on this certification here.
(ISC)2: CISSP-ISSAP - Information Systems Security Architecture Professional also please see the ISC’s
specifics on this certification here.
ISACA: CGEIT - Certified in the Governance of Enterprise IT
EC-Council: CHFI - Computer Hacking Forensic Investigator
Answers will vary.

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 1 of 4 www.netacad.com
Lab - Becoming a Defender

b. Pick three certifications from the list above and provide more detail below about the certification
requirements / knowledge gained ie: vendor specific or neutral, number of exams to gain certification,
exam requirements, topics covered etc.
CEH - Certified Ethical Hacker v10
Prepare for the CEH certification and learn to think like a hacker while looking for system weaknesses
and vulnerabilities.
COURSE OVERVIEW
The goal of this course is to help you master an ethical hacking methodology that can be used in
penetration testing to lawfully assess the security of a system. This course delivers in-demand ethical
hacking skills while preparing you for the internationally-recognized Certified Ethical Hacker certification
exam (312-50) from EC-Council.
EC Council security experts have designed over 140 labs, which mimic real-time scenarios to help you
“live” through an attack as if it were real. You’ll also be given access to over 2,200 commonly used
hacking tools to immerse you into the hacker world.
Why take Certified Ethical Hacker?
Given the many cybersecurity attacks and great volume of personal data at risk, plus the potential legal
liabilities, the need for certified ethical hackers is quite high. This course is a must-take for anyone
responsible for network and data security who is looking to get CEH certified.
This course includes one exam voucher for the CEH - Certified Ethical Hacker v10 exam (312-50).
This course supports a certification that is a DoD Approved 8570 Baseline Certification and meets DoD
8140/8570 training requirements.

CCSP – Certified Cloud Security Professional

Understand cloud security architecture, design, operations, and service orchestration.
In the ever-changing world of the cloud, you face unique security challenges every day — from new
threats to sensitive data, to uneducated internal teams.
The CCSP recognizes IT and information security leaders who have the knowledge and competency to
apply best practices to cloud security architecture, design, operations and service orchestration. It shows
you’re on the forefront of cloud security.
The CCSP is a global credential that represents the highest standard for cloud security expertise. It was
co-created by (ISC)² and Cloud Security Alliance (CSA), leading stewards for information security and
cloud computing security.
When you earn this cloud security certification, you prove you have deep knowledge and hands-on
experience with cloud security architecture, design, operations and service orchestration.
Why get CCSP certified?
Instant credibility: The CCSP positions you as an authority figure on cloud security. It’s a quick way to
communicate your knowledge and earn trust from your clients or senior leadership.
Staying ahead: The CCSP can enhance your working knowledge of cloud security and keep you current
on evolving technologies.
Versatility: You can use your knowledge across a variety of different cloud platforms. This not only makes
you more marketable, it ensures you’re better equipped to protect sensitive data in a global environment.
Career advancement: The CCSP creates new opportunities — from being able to move into more
strategic roles, to being able to add new consulting services to your business.
PREREQUISITES

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 2 of 4 www.netacad.com
Lab - Becoming a Defender

Candidates must have a minimum of five years cumulative, paid, full-time work experience in information
technology.
Three years must be in information security, and one year must be in one or more of the six domains of
the CCSP Common Body of Knowledge (CBK).
Earning (ISC)²’s CISSP credential can be substituted for the entire CCSP experience requirement.
REQUIRED EXAMS
CCSP Exam

CISSP - Certified Information Systems Security Professional

Accelerate your cybersecurity career with the world's premier cybersecurity certification.
Are you looking to accelerate your information security career? Differentiate yourself to employers and/or
clients? The CISSP is an elite way to demonstrate your knowledge, advance your career, and join a
community of like-minded cybersecurity leaders. It shows you have all it takes to design, engineer,
implement, and run a successful information security program.
By taking the CISSP exam, you’ll have the chance to prove you have the technical and managerial
knowledge necessary to effectively design, engineer, and manage the overall security posture of an
organization.
Earning the CISSP proves you have what it takes to effectively design, implement and manage a best-in-
class cybersecurity program.
The CISSP exam evaluates your expertise across eight security domains. Think of the domains as topics
you need to master based on your professional experience and education.
Domain 1. Security and Risk Management
Domain 2. Asset Security
Domain 3. Security Architecture and Engineering
Domain 4. Communication and Network Security
Domain 5. Identity and Access Management (IAM)
Domain 6. Security Assessment and Testing
Domain 7. Security Operations
Domain 8. Software Development Security
This certification is a DoD Approved 8570 Baseline Certification and meets DoD 8140/8570 training
requirements.
PREREQUISITES
Candidates must have a minimum of five years cumulative, paid work experience in two or more of the
eight domains of the CISSP Common Body of Knowledge (CBK).
REQUIRED EXAMS
CISSP Exam
Answers will vary.

Step 2: Investigate positions available within cybersecurity

Indeed.com is one of the largest job site worldwide. Using your browser of choice, access indeed.com and
search for cybersecurity jobs available within the last two weeks.

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 3 of 4 www.netacad.com
Lab - Becoming a Defender

a. How many new job listings were posted within the last two weeks?
12 jobs
Answers will vary.
b. What is the salary range for the top 10 listings?
55,000.00 – 80,000.00
The answers will vary.
c. What are the most common qualifications required by employers?
Have an experienced atleast 1 year of cybersecurity and professional security certification is desirable,
such as CISSP, CISM, CISA or other similar credentials. Knowledge and application of SABSA/ESA is
good to have.
The answers will vary.
d. What industry certifications are required by these employers?
CISSP certification
The answers will vary.
e. Do any of certifications match the ones listed in Step 1a?
Yes, the CISSP.
The answers will vary.
f. Investigate online resources that allow you to legally test your hacking skills. These tools allow a novice
with limited cyber security experience to sharpen their penetration testing skills, such as Google Gruyere
(Web Application Exploits and Defenses).
OverTheWire is great for developers and security professionals of all experience levels to learn and
practice security concepts. This pracrice comes in form of fun-filled wargames - beginners should start
with "Bandit",. where the basics are taught, and will progress to higher levels and to advanced games all
with more complex bugs and exploits to patch as you go.
Answers will vary.

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 4 of 4 www.netacad.com