IBM Skills Academy

Cybersecurity
Practitioners Course

CONFIDENTIAL

The content of this document is part of a

commercial offering, and should not be
shared without explicit approval from the
Global University Programs organization

IBM Global
University Programs

1
2
Cybersecurity
Practitioners Course

Contents

Introduction 04
1 Objectives 05
2 Journey 07
3 Tools 09
4 Prerequisites 10

Copyright notices 11

3
Market Landscape
Why Cybersecurity?

Introduction
Build instincts and expertise in security
systems that understand, reason
and learn; proactively reacting to cyber
threats.

Organizations across all industries are faced

with unmanageable levels of cyber threats
brought on by the changing threat landscape.

The optimum strategy in respond to these

threats is to make security an integral part of
culture and overall structure—to help
organizations better prepare for their digital
transformation in the age of the fourth
industrial revolution.

Learn more
www.ibm.com/security

4
1 This course comprises a unique
mix of cybersecurity technical
and real-world industry skills,
brought to provide awareness
on the impact of cybersecurity
threats in key industries and
geographies.

Objectives This course covers the following

objectives:
• Analyze top targeted industries and trends.
Cybersecurity Practitioners • Explore how cyber criminals are using
operating system tools to get control.
Can elevate organizations’ overall security
• Uncover why cyber criminals are changing
posture, by adopting practices, methods their techniques to gain illegal profits.
and tools that increase enterprise cyber
resilience. Practitioners provide awareness
• Determine what steps you can take to protect
your organization against these threats.
on the latest cyber threats and can help set
the foundations for the implementation of • Understand tools used by penetration testers
an incident response team and a security and ethical hackers (network CLI tools, Telnet,
SSH, Nmap, Wireshark, and many others).
operations center.
• Leverage high-end security enterprise
solutions in high demand such as: IBM QRadar
SIEM, Vulnerability Manager, UBA, IBM
QRadar Advisor with Watson, I2 Analyst
Notebook and IBM Cloud X-Force Exchange.
• Gain real-world practice on critical threat
modeling methodologies and frameworks such
as MITRE, Diamond, IBM IRIS, IBM Threat
Hunting, and security intelligence approaches
to threat management.
• Participate in Security Operation Center (SOC)
role-playing scenarios: experiencing research
insights through design thinking practices.
• Experience the basis for SOC—enacting the
roles of triage analysts, incident response
analysts, and threat intelligence analysts.

5
Analyze tens of millions of
spam and phishing attacks
daily, and billions of web
pages and images to detect
fraudulent activity and brand
abuse.

What Is Cybersecurity?

Traditional security won’t reveal low and slow Cyber attacks continue to advance in scale and
lateral movement of advanced persistent threats complexity. At the same time, IT budgets are
across systems. The open-door access from thin, and security talent is simply outstripped by
mobile, shadow IT and increasingly complex demand. The modern security operations center
scams enables attackers to con unknowing (SOC), whether on-site or virtual, needs to deploy
authorized users to reveal enterprise credentials. a combination of technologies and people to
close the gap between attacks and remediation.
Even highly sophisticated Security Information
and Event Management (SIEM) solutions need With the right process you can get clear visibility
simple and speedy scalability to clearly see into enterprise-wide infrastructure activities,
beyond traditional log and event files to uncover coupled with the ability to respond dynamically to
attacker burrows. help protect against advanced, persistent and
opportunistic threats, whether they come from
Too many events. Too many false alarms. Too outside or inside the organization.
many systems to track threats from root to
damage. And not enough expertise to manage all
this data and keep a team ahead of the enemy.
The reality is that analysts need an assist from
artificial intelligence (AI).

AI and machine learning make it easier and faster

to find the root cause and chain of events
comprising advanced persistent threats and
insidious insider activity.

6
2
[25%]

Concepts
LECTURE 1 – CYBERSECURITY LANDSCAPE

• Cybersecurity in the World Today

• Cyber Threats Taxonomy
• Cybersecurity Domains

LECTURE 2 – CYBER RESILIENCE FRAMEWORK & LIFECYCLE

• Cybersecurity Industry Challenges

• Cyber Resilience Frameworks
• Cyber Resilience Lifecycle

LECTURE 3 – IDENTIFY CYBER ATTACK

• Threat Landscape
• Anatomy of a Cyber Attack
• Threat Hunting Methodology

Journey LECTURE 4 – SOC IN ACTION

• Security Operation Centers (SOC) Overview

• SOC Operations Team
• SOC Incident Lifecycle

25% Concepts LECTURE 5 - NETWORK SECURITY

Expanding the knowledge and • Network Security Landscape

understanding of the topic through lecture • Enterprise Network Security
training, examples, videos and quizzes. • Anatomy of a Network Attack
Every lecture approx. 90 min. LECTURE 6 – MOBILE & IOT SECURITY

• Mobile & IoT Global Trends

35% Technologies • Mobile & IoT Security Landscape
Actual implementation of the concepts • End-point Protection
learned through simulations, hands-on LECTURE 7 – APPLICATION SECURITY
labs and games.
• Introduction to Web Applications
Every lab approx. 120 min.
• Application Security Practices
• Application Security Attacks
40% Group Work Activities
LECTURE 8 – DATA SECURITY
Realization of the real-world impact of the
topics covered through the exposure to • Data Breaches – Industry Overview
• Insider Threat and Phishing Attacks
industry case studies.
• Ransomware and Fraud Attacks
Every use case approx. 16 hrs. group work
• Industry Case Study

LECTURE 9 – CLOUD SECURITY

• Cloud Global Trends

• Cloud Security Challenges
• Cloud Security in Practice
• Industry Case Studies

LECTURE 10 – SECURITY INTELLIGENCE

• SIEM Landscape
• SIEM Characteristics
• SIEM in Action
• SIEM Explained
• SIEM Identifies a Phishing Attempt
• Using the SIEM

7
[35%] [40%]

Technologies Group Work Activities

LAB 1 – MONITORING GLOBAL SECURITY
DESIGN THINKING
• Explore interactive security threats
• Design Thinking in Cybersecurity
• Monitor global attacks in real-time
• Security Breach Scenarios
• Empathize with four personas
LAB 2 – NETWORK SECURITY TOOLS - Security Operations Centerr Manager
• Understand the data behind your IP - Triage (L1) Security Analyst
• Explore your Command Line Interface - Incident Response (L2) Security Analyst
• Learn about basic tools attackers use - Cyber Threat Hunter
• Cement industry best practices such as DNS
CHALLENGES
LAB 3 – ENDPOINT SECURITY PRACTICES
Rule Triggers Offence
• Footprinting and how to find vulnerabilities A QRadar rule triggers an offense indicating malicious
• Witness how an attacker takes control files on a single endpoint. How would the Security
• Protect yourself using Secure Shells Operations Center deal with this offense?
• Discover how X-Force keeps tabs online
False Positives
LAB 4 – WEB BANKING DATA BREACH SCENARIO A QRadar rule (Rule 23) triggers a large volume of false
• Understand role of a penetration tester positives. The root cause is a change in the networking
• Discover more methods to attack a system infrastructure that was not communicated to the
Security Operations Center ahead of time. Who should
• Conceptualize repercussions of attacks
do what and when?
LAB 5 – SCAN AND INVESTIGATE VULNERABILITIES
New Threat
• Create and run a patch scan A new X-Force Advisory is published by IBM. FS has not
• Adjust impact scores for important assets heard of this threat previously. Logs for detecting an
• Run a custom scan with active tests intrusion through this vulnerability are not integrated
• Investigate a vulnerability into QRadar. What’s painful about the process of dealing
with this Advisory?
LAB 6 – USING IBM QRADAR

• Navigate the web interface

• Investigate suspicious activity
• Create a report
• Manage network hierarchy

LAB 7 – INVESTIGATING USER BEHAVIOR

• Validate environment
• Run log events to generate user traffic
• Configure rules
• Modify User Behavior Analytics
• Investigate users

LAB 8 – ANALYZING THREATS WITH INTEL

• Prepare data in QRadar

• Trigger an offense and import into i2
• Use ANB to perform investigation
• Import data into i2 Analyst’s Notebook
• Examine human resource data

8
3
Tools
This course uses the
following tools:

IBM X-Force Exchange

i2 Analyst’s Notebook

Mozilla Firefox

PuTTY

QRadar Vulnerability Manager

QRadar

Watson User Behavior Analytics

Wireshark
Zenmap

9
4
Prerequisites Instructor Workshop
Facilitator delivering this course has taken the
course previously and successfully passed the
exam.

• Avid speaker with good presentation skills

• Pedagogical group management skills
• Encourage critical thinking and domain
exploration
• Experience handling data sets and IP
copyrights

Classroom Format
Individuals with an active interest in applying for
entry level jobs to work in cybersecurity related
fields.

• Basic IT Literacy skills*

*Basic IT Literacy – Refers to skills required to

operate at the user level a graphical operating
system environment such as Microsoft Windows®
or Linux Ubuntu®, performing basic operating
commands such as launching an application,
copying and pasting information, using menus,
windows and peripheral devices such as mouse
and keyboard. Additionally, users should be
familiar with internet browsers, search engines,
page navigation, and forms.

10
© Copyright IBM Corporation 2019

IBM Corporation
New Orchard Road
Armonk, NY 10504

Produced in the United States of America, October 2019

IBM, the IBM logo, ibm.com and Watson are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the web at “Copyright and trademark information”
at: ibm.com/legal/copytrade.shtml.

This document is current as of the initial date of publication and may be changed
by IBM at any time. Not all offerings are available in every country in which IBM
operates.

THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY

WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR
CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the
terms and conditions of the agreements under which they are provided.

This report is intended for general guidance only. It is not intended to be a

substitute for detailed research or the exercise of professional judgment. IBM shall
not be responsible for any loss whatsoever sustained by any organization or
person who relies on this publication.

The data used in this report may be derived from third-party sources and IBM does
not independently verify, validate or audit such data. The results from the use of
such data are provided on an “as is” basis and IBM makes no representations or
warranties, express or implied.

GUPSACSUSEN-10.2019

11