Download Brochure

This course introduces basic concepts of Information Security, CIA triad and focuses on emerging technologies and their connection with Cyber Security. The different facets of Information Security are explained along with the attack vectors for information security. This course covers the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats, This course emphasizes core security technologies, the installation, troubleshooting and monitoring of network security devices to maintain integrity, confidentiality and availability of data.

Tools: CISCO Packet Tracer, CISCO Firepower, Wireshark

This course provides foundational knowledge and skills for Windows/Linux server platform. After completing this course, the participants will have an of operating systems and their importance in the cybersecurity space. They will learn relevant security configurations, file systems, user management and services along with ways to secure the services.

Tools: CentOS Linux, Windows Server 2012

The course will provide an in-depth understanding of threat vectors of connected IT Eco-system, understand the nature of insider and outsider threats and various threat models, understand the impact of threat realization and learn ways to control threat actors. At the end of this module, they will have improved knowledge of the threat landscape, the ability to articulate, prevent and detect Threat exploitation, the ability to measure and rank a threat on Threat models and analysis of security threats.

At the end of the module, participants will be able to practice threat models, able to take up the role of a threat researcher and they will be able to implement protocol anomaly analysis and pattern analysis.

Tools: Metaspoilt, Kali Linux, VirusTotal, Social Engineering Toolkit, The Harvester, Automater,  Shodan, Spiderfoot and more.

This module provides hands-on skills on managing threats and vulnerabilities in the systems. This module comes with labs and course materials from EC-Council to
learn skills in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems. The learner will gain skills on attack strategies, attack vectors and mimic the skills and creativity of malicious hackers. Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert ethical hackers who use their attack skills to uncover vulnerabilities in the systems.

Tools: EC Council’s iLabs with 40 plus exercises

This course teaches how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. CPENT’s live practice range will provide in-depth skills not only on working on flat networks but also on to the next level by teaching you how to pentest IoT systems, OT systems, how to write your exploits, build your tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.

The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted. The participants will learn the top 10 web application security risks; Injection flaws, Broken Authentication, Sensitive Data Exposure, XML External Entities, Broken Access Control, Security misconfiguration, Cross-Site Scripting, Insecure deserialization, Using Components with Known Vulnerabilities, Insufficient logging and monitoring.

Tools: OWASP Tools

The SOC management course is to master Tier I and Tier II SOC analyst roles to achieve proficiency in performing SOC operations. Gain Knowledge of SOC processes, procedures, technologies, and workflows. At the end of the course, the learners will recognize attacker tools, tactics and procedures to identify indicators of compromise (IOCs). They will gain experience and extensive knowledge in Security Information and Event Management (SIEM). The learners will be able to develop threat cases (correlation rules), create reports, plan, organize, and perform threat monitoring and analysis in the enterprise, prepare briefings, and reports of analysis methodology and results with an understanding of SOC and IRT collaboration for better incident response.

Tools: Practice Labs on four SIEM Tools; Splunk, ArcSight, OSIM, Azure Sentinal.

This course aims to provide participants with adequate knowledge and exposure on Cloud Computing, Cloud Deployment Models, Cloud Architecture, and how to secure data and the best practices. The labs will provide skills on managing security operations in Azure using Azure inbuilt tools. The course will cover cloud application security, secure software development life cycle (SDLC), cloud software assurance and validation, verified secure software, specifics of cloud application architecture, design appropriate Identity and Access Management (IAM) Solutions.

Tools: MS Azure.

The module is an instructor-led course leading to certification. The course covers manage identity and access, implement platform protection, manage security operations, and secure data and applications through MS Azure Cloud’s inbuilt features.

Tools: MS Azure Sentinel, Key Vault and other features Leading to certification Microsoft SC-100.

This module aims to build hands-on skills on conducting threat intelligence and hunting after the attack. The topics include Introduction to Threat Intelligence -Life cycle and Frameworks, Data Collection and Processing – Feeds and Sources, Bulk Data Processing and Exploitation, Threat Analysis – Process, Run Books and Knowledge Base, Intelligence Reporting and Dissemination – Threat Intel Reports, Dissemination Practices, and more.

Tools: Ubuntu Machines, Web-based tools for scraping and detection.

This purple range simulation-based course on a Purple theme allowing the participants to experiment on the red/blue team skills. This exposure is essential to build a resilient defense architecture while anticipating every move of a hacker. The teams will be able to detect threats that were not blocked, understand patterns in the security data with a variety of attacks and 16 plus scenarios. Through this top-notch learning platform as cybersecurity professionals, they can test the resistance of their defense team by pushing it to its maximum capabilities, early detection of a potential attack, and understand the sequence patterns. Major scenarios include Defacement, DDoS, Drive-by download (Malware analysis), Data exfiltration, Red team skills; Red vs Blue team games, SQL injections, and Golden ticket.

Tools: Purple Range.

The first-year cybersecurity capstone project is designed to ensure a detailed scenario-based analysis of industry-specific challenges in Cybersecurity. It involves identifying potential opportunities as suggested by the mentors and designing solutions and preparing a detailed analysis of the same along with presenting an elaborate case study with implementation. The objective is to develop execution and consulting capabilities for the topics at hand.

Tools: Full-stack

Security analytics is a combination of software, algorithms, and analytic processes used to proactively predict potential cyber threats to an organization. The course provides practical exposure to building machine learning-based defense systems. After completing the course, the participants will be able to run the programming and data structures required for data analysis with Python, identify the source of data, and how to capture test and training sets from the data. They will also be able to develop important ML models to predict intrusion, detection and user behavior analysis.

Tools: Python

The objective of this course is to let the participants learn about different components of Identity and Access Management, security considerations, and some labs with examples. After completing this course, the participants will get developed the capabilities to ensure the right people and things have the right access to the right resources at the right time. The course will provide an overview of zero-trust security products.

Tools: MS Azure, AWS Service

This course introduces the concept of Information Security Governance, Risk and Compliance (GRC) to participants. They will be able to implement the NIST Risk Management Framework (RMF) to manage organizational risks effectively. The course covers key security compliance programs like ISO 27001:2013, PCI-DSS, SSAE 16, and HIPAA, and the course concludes by providing an introduction to data privacy concepts like Privacy by Design and key privacy regulations like GDPR, CCPA, and proposed PDPB.

Tools: NA

This course provides understanding and skills on responding and analysis to breaches. The learners will be able to apply the techniques and lessons in providing the first response to a breach situation and will also be able to analyze a security incident. The course uses case studies and practical labs on Cyber Breach Life Cycle, Handling the Crime Scene, Data Verification and Integrity Preservation (Hashing), Maintaining Chain of Custody, Evidence Protection and Preservation, Evidence Transportation, Evidence Analysis and Reporting, and sharing the learnings.

Tools: SIFT Workstation, FTK, Veracrypt, log2timeline, Wireshark

This module on Cyber Law is designed to give the participants the latest updates on Cyber Laws, Rules, and Regulations, and enable them to understand various techno-legal aspects. Further, the participants will be exposed to practical aspects of learning including drafting privacy policies, disclosure policies as per the law, drafting 65B digital evidence matter of fact and observation certificates, and getting to know the various interpretations of the IT Act.

Tools: NA

This course will provide the participants with an understanding of Secure Software Development Lifecycle, Threat Modeling, Risk Assessments, ability to create and analyze secure designs, codes, development practices, and apply the right security controls. They will have an understanding of underlying principles and technologies of security engineering, security requirements for modern-day application, and the future of it with rapidly changing technologies.

Tools: Microsoft Threat Modeling Tool, Static Code analyser -Fortify), DVWA, BURP, IDS tools like Snort, IPS tools like OSSEC.

Note: Based on industry trends, inputs from mentors or board of studies members, suggestions from participants as per their learning needs, further electives will be offered, subject to a minimum number of ten enrolments

The second-year program will culminate in designing, preparing, demonstrating, and presenting a real-time capstone project on an end-to-end cybersecurity challenge. The scope and industry applications of the project need to be larger than the first-year project. The program office will support with mentoring and report writing. The evaluation is based on viva-voce by an industry panel of experts. The duration of the second-year capstone project is two months.

Tools: Full Stack

This module credits can be earned by writing and publishing a research paper on the capstone project done in the earlier module. The participant needs to publish or present the paper in a peer-reviewed journal or reputed international conference. The participants will learn skills in research paper writing and publishing/presenting. Note: Second-year capstone project needs to be mandatorily published in a peer-reviewed journal or presented at an international conference.