Cybersecurity Training

CompTIA Security+

CompTIA Security+ training from New Horizons Learning Group provides an excellent introduction to the security field and is typically a better entry point than jumping right into an advanced security program. With Security+, you’ll build a solid foundation of knowledge that you can build upon—helping you advance your career in the months and years to come.

Whether your goal is to become Security+ certified for your job, to prove your basic knowledge of security concepts or to gain more knowledge to secure your network, expert training from New Horizons is the perfect solution.

Security+ certification candidates must pass one exam. Although not required, it is strongly recommended that candidates possess their A+ and Network+ Certifications.

Course:	CompTIA Security+ Certification
Exam:	SY0-501: CompTIA Security+

Target Audience

This course is intended for students wishing to prepare for the CompTIA Security+ Certification Exam. The qualification is aimed primarily at networking professionals, but because security is vital to all levels and job roles within an organization, it will also benefit PC support analysts, application developers and senior managers in accounting, sales, product development and marketing.

At Course Completion

Upon successful completion of this course, students will learn:

• Identify network attack strategies and defenses
• Understand the principles of organizational security and the elements of effective security policies
• Know the technologies and uses of encryption standards and products
• Identify network- and host-based security technologies and practices
• Describe how remote access security is enforced
• Identify strategies for ensuring business continuity, fault tolerance and disaster recovery

CompTIA CySA+ training from New Horizons provides an excellent intermediate step in the security field. With CySA+, you’ll build on your solid foundational knowledge—helping you advance your career in the months and years to come.

As attackers have learned to evade traditional signature-based solutions such as firewalls, an analytics-based approach within the IT security industry is increasingly important for most organizations. The behavioral analytics skills covered by CySA+ identify and combat malware, and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface.

CompTIA Cybersecurity Analyst (CySA+) certification candidates must pass one exam. Although not required, it is strongly recommended that candidates have their Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, CySA+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.

Course:	CompTIA Cybersecurity Analyst (CySA+) Certification
Exam:	CS0-001: CompTIA CySA+

Target Audience

This course is intended for students expand on their existing knowledge of IT Security and pass the CompTIA CySA+ Certification Exam. CompTIA CySA+ certification is aimed at IT professionals with (or seeking) job roles such as IT Security Analyst, Security Operations Center (SOC) Analyst, Vulnerability Analyst, Cybersecurity Specialist, Threat Intelligence Analyst, and Security Engineer.

At Course Completion

Upon successful completion of this course, students will learn:

• Configure and use threat detection tools.
• Perform data analysis.
• Interpret the results to identify vulnerabilities, threats and risks to an organization.

CompTIA Advanced Security Practitioner (CASP) certification training from New Horizons Learning Group can provide you with the skills necessary to become CASP certified and ready for an advanced career in IT security.

This course is intended for IT professionals who have the technical knowledge and skills required to conceptualize, design and engineer secure solutions across complex enterprise environments. Students should have a minimum of 10 years of experience, including at least 5 years of hands-on, technical security experience.

Course:	CompTIA Advanced Security Practitioner
Exam:	CAS-002: CompTIA Advanced Security Practitioner

At Course Completion

Upon successful completion of this course, students will have learned to:

• Manage risk in the enterprise
• Integrate computing, communications, and business disciplines in the enterprise
• Use research and analysis to secure the enterprise
• Integrate advanced authentication and authorization techniques
• Implement cryptographic techniques
• Implement security controls for hosts
• Implement security controls for storage
• Analyze network security concepts, components, and architectures, and implement controls
• Implement security controls for applications
• Integrate hosts, storage, networks, and applications in a secure enterprise architecture
• Conduct vulnerability assessments
• Conduct incident and emergency responses

About (ISC)2

(ISC)2 is a global non-profit organization whose primary goal is to help educate and certify Information Security professionals world-wide. Earning your (ISC)2 certifications is an excellent way to establish your knowledge and credibility.

Read descriptions of each of the (ISC)2 certifications and associated training below:

CAP - Certified Authorization Professional

The Certified Authorization Professional (CAP) certification is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.

Recommended Training

Course:	Certified Authorization Professional (CAP) Bootcamp
Exam:	CAP® - Certified Authorization Professional

Certified Information Systems Security Professional (CISSP)

New Horizons is proud to be able to provide training to assist you in preparation for the CISSP Information Security Certification exam. The CISSP certification is a globally recognized information security certification governed and bestowed by the International Information Systems Security Certification Consortium, also known as (ISC)2. It was the first information security credential accredited by the international ANSI ISO/IEC Standard 17024:2003.

Course:	Certified Information Systems Security Professional (CISSP)
Exam:	Certified Information Systems Security Professional (CISSP)

Information Systems Security Management Professional (ISSMP)

This concentration requires that a candidate demonstrate two years of professional experience in the area of management, considering it on a larger enterprise-wide security model. This concentration contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a Business Continuity Planning program. A CISSP-ISSMP establishes, presents and governs information security programs demonstrating management and leadership skills. Typically the CISSP-ISSMP certification holder or candidate will be responsible for constructing the framework of the information security department and define the means of supporting the group internally.

Course:	Information Systems Security Management Professional (ISSMP) Certification Boot Camp
Exam:	Information Systems Security Management Professional (ISSMP)

Information Systems Security Architecture Professional (ISSAP)

CISSP-ISSAP requires a candidate to demonstrate two years of professional experience in the area of architecture and is an appropriate credential for Chief Security Architects and Analysts who may typically work as independent consultants or in similar capacities. The architect plays a key role within the information security department with responsibilities that functionally fit between the C-suite and upper managerial level and the implementation of the security program. He/she would generally develop, design, or analyze the overall security plan. Although this role may typically be tied closely to technology this is not necessarily the case, and is fundamentally the consultative and analytical process of information security.

Course:	Information Systems Security Architecture Professional (ISSAP) Certification Boot Camp
Exam:	Information Systems Security Architecture Professional (ISSAP)

Information Systems Security Engineering Professional (ISSEP)

This concentration was developed in conjunction with the U.S. National Security Agency (NSA) providing an invaluable tool for any systems security engineering professional. CISSP-ISSEP is the guide for incorporating security into projects, applications, business processes, and all information systems. Security professionals are hungry for workable methodologies and best practices that can be used to integrate security into all facets of business operations. The SSE model taught in the IATF portion of the course is a guiding light in the field of information security and the incorporation of security into all information systems.

Course:	Information Systems Security Engineering Professional (ISSEP) Certification Boot Camp
Exam:	Information Systems Security Engineering Professional (ISSEP)

About EC-Council

The International Council of Electronic Commerce Consultants (EC-Council) is a long-standing professional certification organization for IT Professionsals. The EC-Council's goal is to provide support for individuals who create and maintain security and IT systems.

Read descriptions of each of the EC-Council certifications and associated training below:

Certified Ethical Hacker (CEH)

Certified Ethical Hacker training and certification at New Horizons will help you learn to stop hackers by thinking and acting like one. The CEH training immerses students in an interactive environment where they will learn how to scan, test, hack, and secure their own systems. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.

Course:	Certified Ethical Hacker (CEH)
Exam:	Certified Ethical Hacker (CEH)

The CEH certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators and anyone who is concerned about the integrity of the network infrastructure.

Computer Hacking Forensic Investigator (CHFI)

The CHFI certification from EC-Council is an advanced certification for forensic network security investigators. As cybercrime has increased, the need for computer forensic investigators has grown dramatically. CHFI certified candidates may investigate invasion or theft of intellectual property, misuse of IT systems and violations of corporate IT usage policies.

Course:	Computer Hacking Forensic Investigator (CHFI)
Exam:	Computer Hacking Forensic Investigator (CHFI)

The CHFI course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber-criminal."

Licensed Penetration Tester (LPT)

EC-Council’s Licensed Penetration Tester (LPT) certification is a natural evolution and extended value addition to its series of security related professional certifications. The LPT standardizes the knowledge base for penetration testing professionals by incorporating best practices followed by experienced experts in the field.

Course:	Complete Penetration Testing – 10 Day
Exam:	Licensed Penetration Tester (LPT)

Gain the in-demand career skills of a professional security tester. Learn the methodologies, tools, and manual hacking techniques used by penetration testers.

EC-Council Certified Security Analyst (ECSA)

The ECSA certification is an advanced ethical hacking training certification that complements the Certified Ethical Hacker (CEH) certification by exploring the analytical phase of ethical hacking. The ECSA penetration testing course provides you with a real-world, hands-on penetration testing experience and is a globally accepted hacking and penetration testing class that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.

Course:	EC-Council ECSA/LPT V8.0
Exam:	EC-Council Certified Security Analyst (ECSA)
Level:	Advanced

From the commencement of the 5-day class and the activation of the ECSA Dashboard on EC-Council’s ASPEN platform, students will have 60 days in total to submit their penetration testing report based on the challenge scenario to EC-Council, which will prove that students understand the concepts taught in the course. This is the eligibility criterion to enable students to challenge the ECSA exam. The Final ECSA exam is a multiple-choice question exam. The ECSA v9 exam includes 2 required stages. Report writing stage requires candidates to perform various penetration testing exercises on EC-Council’s iLabs before submitting a penetration test report to EC-Council for assessment. Students who submit reports to the required standards will be provided with exam vouchers for the multiple-choice exam.

CyberSec First Responder (CFR)

Logical Operations CyberSec First Responder is a course designed for information assurance professionals who perform job functions related to the development, operation, management, and enforcement of cybersecurity capabilities for systems and networks.

There are a number of options in regards to cybersecurity training in the market today. From vendor-based product training to cybersecurity management courses, it can be difficult to determine which is best for any given individual. CFR combines a number of disciplines within cybersecurity and develops an understanding of how everything fits together. Couple this holistic security focus with hands-on, lab-based learning, and students are able to develop the skillset needed to be a valued member of any cybersecurity team.

Course:	CyberSec First Responder
Exam:	CyberSec First Responder

Target Audience
Designed for information assurance professionals whose job functions include development, operations, management, and enforcement of secure systems and networks.

At Course Completion
This course will prepare cybersecurity professionals to become the first line of response against cyber attacks by teaching students to analyze threats, design secure computing and network environments, proactively defend networks, and respond/investigate cybersecurity incidents.

CyberSAFE

CyberSAFE is a course designed for information technology end-users. There is an increasing reliance on workplace technologies and ensuring their proper use is critical to the protection of our information systems.

This course is designed to meet the needs of all organizations, irrespective of size, industry, or geographic location.

Course:

CyberSAFE

Target Audience
This course is designed for non-technical end-users of computers, mobile devices, networks, and the Internet, enabling employees of any organization to use technology more securely to minimize digital risks.

At Course Completion
Students will be able to identify many of the common risks involved in using conventional end-user technology, as well as ways to use it safely, to protect themselves and their organizations from those risks.

About ISACA

ISACA is an independent, non-profit global association founded in 1969 to provide guidance and benchmarks for information systems and risk management.

Read descriptions of each of the ISACA certifications and associated training below:

Certified in Risk and Information Systems Control (CRISC)

CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

Course:	CRISC Boot Camp
Exam:	Certified in Risk and Information Systems Control (CRISC)

CRISC is designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.

Certified in the Governance of Enterprise IT (CGEIT)

CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization-that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.

Course:	Certified in the Governance of Enterprise IT (CGEIT) Boot Camp
Exam:	Certified in the Governance of Enterprise IT (CGEIT) Boot Camp

CGEIT is specifically developed for IT and business professionals who have a significant management, advisory, or assurance role relating to the governance of enterprise IT.

Certified Information Systems Auditor (CISA)

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.

Course:	Certified Information Systems Auditor (CISA) Boot Camp
Exam:	Certified Information Systems Auditor (CISA) Boot Camp

In this course students will perform evaluations of organizational policies, procedures and processes to ensure that an organization's information systems align with overall business goals and objectives. This course is aligned to the objectives established by Information Systems Audit and Control Association (ISACA) for the CISA exam.

Certified Information Security Manager (CISM)

Demonstrate your information security management expertise. The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security.

Course:	Certified Information Security Manager (CISM)
Exam:	Certified Information Security Manager (CISM)

This course is aligned with objectives established by the Information Systems Audit and Control Association (ISACA) for the CISM exam.

The NIST Cybersecurity Framework

In May of 2017, The White House issued an Executive Order for “STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE,” which hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises.

Two key provisions of the executive order included:

1. Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency's cybersecurity risk.
2. Further, the United States seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.

NIST Cybersecurity Framework Workforce Development & Certification

In partnership with itSM Solutions LLC and UMass Lowell a NSA/DHS National Center of Academic Excellence in Cyber Defense Research (CAE-R), New Horizons is proud to offer a new cybersecurity workforce development program based on the NIST Cybersecurity Framework (NCSF). This innovative, cybersecurity workforce development program is built around an NCSF Controls Factory™ model created by Larry Wilson, the CISO in the university President’s office. The itSM/UMass program teaches individuals and organizations the knowledge, skills and abilities to engineer, instrument, test, maintain and continually improve an NCSF program.

The program and its author have won the following industry awards:

• Security Magazine’s Most Influential People in Security, 2016
• SANS People Who Made a Difference in Cybersecurity Award, 2013
• Information Security Executive (ISE) nominee for Executive of the Year for North America, 2013
• ISE North America Project Award Winner I for the Academic and Public Sector Category, 2013

Audience:

IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain. The NCSF Practitioner program teaches the knowledge to prepare for the NSCF Practitioner exam plus the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF.

Benefits of NIST Cybersecurity Framework (NCSF) Certification

All programs come with a certificate of completion and continuing education credits, such as PDU and CEUs. itSM students who successfully complete the certification and meet university requirements may transfer credits and enroll in one of UMass Lowell’s master’s degree programs in information technology, such as network security or cybersecurity.

For information on NIST Cybersecurity Framework, click here.

Get started today by reviewing the NCSF Certification levels and requirements below:

The NCSF Foundation Certification Course (Coming Soon)

This course covers current cybersecurity challenges and explains how organizations that implement an NCSF program can mitigate these risks. This program is focused on candidates who need a basic understanding of the NCSF to perform their daily jobs as executives, business professionals, or information technology professionals. Complete course outline is coming soon.

The NCSF Practitioner Certification Course

This course details the current cybersecurity challenges plus teaches in depth the UMass Lowell NCSF Control Factory Methodology on how to build, test, maintain and continually improve a cybersecurity program based on the NIST Cybersecurity Framework. This program is focused on candidates who need a detailed understanding of the NCSF to perform their daily roles as cybersecurity engineers, testers or operations professionals.

This course looks at cybersecurity risks and instructs students on the best approach to design and build a comprehensive technology focused cybersecurity program and business focused cyber-risk management program that will minimize risks, and at the same time, protect critical assets. Executives are keenly aware of the risks, but have limited knowledge on the best way to mitigate these risks. We will want to enable executives to answer the key question – Are we secure?

The class include lectures, informative supplemental reference materials, quizzes, exercises and tests. Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs.

NCSF Practitioner

What is Penetration Testing?

A penetration test subjects a system or a range of systems to real life security tests. The benefit of a complete penetration suite compared to a normal vulnerability scan system is to reach beyond a vulnerability scan test and discover different weaknesses and perform a much more detailed analysis. The user can perform specified attacks in high detail depending on his specific choices and needs. This is normally done via the many advanced techniques and utilities of a security consultant.

Penetration Testing Compared to Vulnerability Scanning

The advantage of a penetration test compared with an automated vulnerability scan is the involvement of the human element versus automated systems. A human can do several attacks based on skills, creativity. and information about the target system that an automated scanning can not do.

Several techniques like social engineering can usually be done by humans alone since it requires physical techniques that have to be performed by a human and is not covered by an automated system.

Advance your Information Security knowledge and become a specialist in Penetration Testing with training from New Horizons Learning Group.

Foundations and Prerequisites

The following courses are recommended or relevant experience:

• CompTIA A+ Certification
• CompTIA Network+ Certification
• CompTIA Security+

Core Classes

• Certified Ethical Hacking (CEH)
• Advanced Ethical Hacking
• Reverse Engineering

Specialization - select one

• Expert Penetration Testing
• Advanced Reverse Engineering

The Penetration Test Process

Discovery: The Penetrator performs information discovery via a wide range of techniques—that is, whois databases, scan utilities, Google data, and more—in order to gain as much information about the target system as possible. These discoveries often reveal sensitive information that can be used to perform specific attacks on a given machine.

Enumeration: Once the specific networks and systems are identified through discovery, it is important to gain as much information possible about each system. The difference between enumeration and discovery depends on the state of intrusion. Enumeration is all about actively trying to obtain usernames as well as software and hardware device version information.

Vulnerability Identification: The vulnerability identification step is a very important phase in penetration testing. This allows the user to determine the weaknesses of the target system and where to launch the attacks.

Exploitation and Launching of Attacks: After the vulnerabilities are identified on the target system, it is then possible to launch the right exploits. The goal of launching exploits is to gain full access of the target system.

Denial of Service: A DOS (Denial of Service) test can be performed to test the stability of production systems in order to show if they can be crashed or not. When performing a penetration test of a preproduction system, it is important to test its stability and how easily can it be crashed. By doing this, its stability will be ensured once it is deployed into a real environment.

It is important to perform DOS testing to ensure the safeness of certain systems. If an attacker takes down your system during busy or peak hours, both you and your customer can incur a significant financial loss.

Reporting: After the completion of the penetration test, it is important to get user-customized reporting suites for a technical and/or management overview. This includes the executive summary, detailed recommendations to solve the identified vulnerabilities, and official security ID numbers for the vulnerabilities. The reports come in different formats such as html, pdf, and xml. Furthermore, all the reports are open to be modified as of the user’s choice.