Aspire Journeys

Penetration Tester to SecOps Engineer

  • 30 Courses | 26h 37m 55s
  • 4 Labs | 32h
Likes 67 Likes 67
The primary goal of SecOps is to reduce process inefficiencies of traditional enterprise security and operations teams by making them share accountability, processes, tools, and information, which leads to improved security and operational performance. Explore the different stages required to go from a Penetration Tester to a SecOps Engineer.

Track 1: Penetration Tester

In this Skillsoft Aspire track of the Penetration Tester to SecOps Engineer journey, the focus will be on Penetration Testing fundamentals, security measures, end-user behavior, physical and Wi-Fi pen testing, and advanced pen testing techniques.

  • 8 Courses | 9h 10m 43s
  • 1 Lab | 8h

Track 2: Incident Response Leader

In this Skillsoft Aspire track of the Penetration Tester to SecOps Engineer journey, the focus will be on incident response, preemptive troubleshooting, securing network appliances, monitoring systems configuration, patch management, and regulation conformance.

  • 8 Courses | 8h 46m 43s
  • 1 Lab | 8h

Track 3: Ethical Hacker

In this Skillsoft Aspire track of the Penetration Tester to SecOps Engineer journey, the focus will be on Ethical Hacking.

  • 8 Courses | 4h 45m 11s
  • 1 Lab | 8h

Track 4: SecOps Engineer

In this Skillsoft Aspire track of the Penetration Tester to SecOps Engineer journey, the focus will be on SecOps Engineering.

  • 6 Courses | 3h 55m 18s
  • 1 Lab | 8h

COURSES INCLUDED

Penetration Testing Fundamentals
This 14-video course explores penetration testing, and the role it plays in protecting a company's assets and networks from exploitation and attacks. In this course, users learn how penetration testing can expose security weaknesses. You will also learn about different types of penetration testing, and how to test for common penetration types, and you will examine the importance of penetration testing for an organization. This course demonstrates passive information gathering, or open- source gathering to search for available information about the organization. You will learn to use active information gathering to target the organization's systems, the employees, their networks to gain information. Next, explore several different types of exploits that can cause problems, including buffer overflow attacks, client side and website attacks, password attacks, and port forwarding exploits; and learn how to conduct a privilege escalation attack. Finally, you will examine how penetration testers and bad actors can gain access to a system by using network tunneling.
14 videos | 1h has Assessment available Badge
Pen Testing Awareness: Results Management
This 14-video course explores benefits to an organization and the role of penetration testing to protect digital assets and networks. In this course, learners observe how to manage and analyze testing results. You will examine several testing methods, including black box, white box, and grey box testing. Next, you will learn about rules of engagement documents, which is executed prior to starting the penetrations testing. This document outlines rules around the test, and the importance of setting stopping points within a penetration test, and when to stop a penetration test. Explore test findings management, risk, risk tolerance, and how to align recommendations to an organization's needs and goals. You will learn about risk tolerance from a privacy and intellectual property perspective, and how to create good test reports for clients. You will learn to categorize your findings by using CVE (Common Vulnerabilities and Exposure) database, or the CVE details. Finally, you will learn how to communicate needed changes, and to emphasize the importance of further testing after recommendations are implemented.
14 videos | 1h has Assessment available Badge
Security Measures: Implementing Security Controls
Explore the use of security controls with the NIST Cybersecurity Framework in this 14-video course, which examines anatomy of security controls, from common to advanced and complex. You will discover how to test and monitor security controls, including the most basic quick-win controls for several control types. Key concepts covered here include security controls in relation to the overall NIST Cybersecurity Framework, and how security controls are relevant in SecOps; the major security control types and components of a security control; and defensive and quick-win controls for major control types. Next, learn how they are compromised, and steps for root cause analysis; learn the CIS critical security controls and how they are implemented; and observe how to assess security controls, including establishing security metrics for risk management framework and reporting. Learn how to investigate security controls when one fails and describe how to mitigate outcomes; learn processes of auditing security controls; and learn potential risk scenarios and how to mitigate and respond using security controls, including how to test controls to effectively respond.
14 videos | 1h has Assessment available Badge
Pen Testing: End-user Behavior
Explore penetration testing, its limitations, and how end-user behavior affects this process in this 14-video course, which examines several types of penetration testing, the reliance on end-user behavior, and the challenges facing organizations. You will explore the role of human error in causing data breaches, user awareness, preventing attacks, and how to use end-user analytics. You will learn to use tools to perform user behavior analytics, and how to use test results to create and communicate reports. Next, learners will examine how to create a plan for organizations to check user behavior when a threat is received, and explore the need for cybersecurity training for employees. You will learn to use advanced analytics that focus on user activity instead of specific static threat indicators to detect anomalies or malicious behavior. You will explore social engineering attacks, how to perform a social engineering penetration test, and how to counter social engineering attacks. Finally, examine the role played by human behavior in penetration testing.  
14 videos | 1h has Assessment available Badge
PenTesting for Physical Security
This 14-video course explores physical penetration testing, and how to test a business's infrastructure, including IT assets, its data, people, and physical security to locate any exploitable vulnerabilities. In this course, you will learn why lockpicking is essential in cybersecurity, and you will examine different types of locks and lockpick tools. This course demonstrates several types of penetrations, including EM (electromagnetic security vulnerabilities), dumpster diving, and tailgating, and how to protect against these attacks. You will learn about penetration testing types, including network services, web and client applications, Cloud penetration, penetration testing of wireless networks, and social engineering. Learners will explore several penetration tools, including Kali Linux, which comes with tool such as Nmap, Wireshark, and John the Ripper; the Aircrack suite; OpenVas, and several others. You will learn about web app security testing methodologies. Learners will observe the elements of a successful report, and how to document penetration testing results. Finally, this course demonstrates practicing testing skills by using Grier Demo website.
14 videos | 1h has Assessment available Badge
Wi-Fi Penetration Testing
Explore the business convenience of Wi-Fi access, how to recognize the vulnerabilities of wireless networks, and the importance of Wi-Fi penetration testing in this 12-video course, which examines the categories of threats that can compromise a Wi-Fi network. First, you will examine built-in sniffing capabilities used for penetration testing, and the process for performing a rough access point analysis. This course examines Wi-Fi hotspots, web security, and the vulnerabilities of WEP (wired equivalent privacy). This course demonstrates the process used to exploit a Wi-Fi client's vulnerabilities. You will learn how to use Powerfuzzer, an automated customizable web fuzzer, that is part of Kali Linux vulnerability analysis tools. You will learn how to perform a wireless DoS (denial of service) attack against a wireless network. You will examine bugs using the technique of Wi-Fi fuzzing, and how to exploit WPA with PSK secured Wi-Fi. Finally, you will examine the best practices for turning Wi-Fi penetration testing results into policy, security protocols, and user education programs.  
12 videos | 56m has Assessment available Badge
Advanced Pen Testing Techniques
Explore advanced penetration testing tools and techniques used to find vulnerabilities, sniff network traffic, deal with cryptography, and crack passwords in this 14-video course. Learners will discover common techniques used to find weaknesses in both Linux and Windows-based systems. Key concepts covered here include finding vulnerability by using scanners and other techniques; how to capture and analyze network traffic with Wireshark; and learning ab