“100% guarantee to make you an IT Auditor and Penetration Testor.“
Course Description:
Are you passionate about cybersecurity? Do you dream of becoming a cybersecurity expert but don’t know where to start? This course is crafted for those who have the hunger to learn and excel in the rapidly growing field of cybersecurity. Whether you’re a beginner or someone looking to advance your skills, this 6-month comprehensive program is designed to take you from fundamentals to mastery, providing both theoretical knowledge and practical hands-on experience that comes with a 100% guarantee to make you IT Auditor and Penetration Testor.
Aligned with industry-recognized certifications such as ISC2 Certified in Cybersecurity (CC), CISA, CISM, and CompTIA Security+, this course equips you with the skills and confidence to excel in real-world scenarios. You will engage in intensive lab sessions using tools like Parrot OS, Kali Linux, Metasploitable, and PortSwigger Academy, ensuring you gain hands-on experience in key areas such as network security, ethical hacking, and threat mitigation.
What You’ll Learn:
- Cybersecurity Fundamentals: Understand key principles like the CIA Triad and security frameworks.
- Network Security: Master networking concepts, firewall configuration, VPN setup, and intrusion detection/prevention.
- Database Security: Learn how to secure databases through user management, encryption, and auditing.
- Web Penetration Testing: Identify and exploit web vulnerabilities and learn remediation techniques.
- AI in Cybersecurity: Leverage Generative AI for threat detection, incident response, and vulnerability management.
- Windows & Linux Server Security: Configure secure environments, manage firewalls, and implement auditing.
- IT Audit & GRC: Learn IT auditing, risk management, compliance frameworks, and develop audit reports.
Course Structure:
Duration: 5-6 Months
Start Date: 12th February 2025
Mode: Online (Live Interactive Sessions)
Timing: Morning(7 to 9 AM) and Evening(6 to 8 PM) * 5 days a week(Monday to Friday)
Internship: Guaranteed after course completion
Placement Support: Available for top-performing students
Month 1: Foundational Concepts & Security Fundamentals
Introduction to Cybersecurity Concept
- Objective: Introduction to cybersecurity Fundamentals and career path
- Topics:
- Key cybersecurity principles: CIA Triad, security fundamentals.
- Hands-on Activity: Scenario Based Questions
Security Policies, Risk Management, and Compliance
- Objective: Introduction to risk management, compliance, and security governance.
- Topics:
- Risk management frameworks, governance, and compliance standards.
- Common policies: password, access control, data protection.
- Hands-on Activity: Classroom assignment on Presentation of Standards
Basic Networking and OSI Model
- Objective: Understand networking basics and the OSI model.
- Topics:
- OSI model: Roles of each layer in networking and security.
- IP addressing, subnetting, VLANs, and TCP/IP protocols.
- Network devices: routers, switches, and firewalls.
- Hands-on Activity: Network security using Packet Tracer
Cryptography Basics
- Objective: Learn cryptographic techniques for secure communications.
- Topics:
- Encryption (AES, RSA), hashing algorithms, PKI.
- Digital certificates, SSL/TLS.
- Hands-on Activity: Create and deploying Ransomware
Month 2: Network Security and Database Security
Network Security
Introduction to Computer Network and Network Security
- Objective: Build foundational knowledge of computer networking and device security principles.
- Topics:
- Overview of computer networks and network security fundamentals.
- Importance of securing network devices to prevent unauthorized access.
- Basics of network architecture and security threats.
- Hands-on Activity: Scenario-based network security questions.
Basic Cisco Device Hardening
- Objective: Learn to secure Cisco network devices against common vulnerabilities.
- Topics:
- Setting strong passwords for user/enable modes.
- Configuring login banners (e.g., MOTD).
- Disabling unused ports to limit attack surfaces.
- Enabling password encryption using service password-encryption.
- Configuring SSH for secure remote management.
- Hands-on Activity: Implement basic hardening techniques on Cisco devices.
Port Security and VLAN Management,NAT Security and IPsec VPN Configuration
- Objective: Secure switch ports and manage VLANs to mitigate network threats.
- Topics:
- Enabling port security and configuring MAC address limits.
- Setting actions for security violations (shutdown, restrict, protect).
- Creating VLANs and securing trunk ports.
- Disabling unused interfaces and preventing VLAN hopping.
- Configuring inter-VLAN routing for network segmentation.
- Hands-on Activity: Set up VLANs, secure trunk ports, and configure port security on switches.
STP Security and ACL Configuration
- Objective: Implement Spanning Tree Protocol (STP) security and access control lists (ACLs).
- Topics:
- Enabling BPDU Guard on access ports to protect STP.
- Using Root Guard to prevent rogue root bridges.
- Configuring standard and extended IPv4 ACLs.
- Applying ACLs to vty lines for remote access restrictions.
- Managing named ACLs for scalability and troubleshooting.
- Hands-on Activity: Secure STP and configure ACLs on network devices.
NAT Security and IPsec VPN Configuration
- Objective: Implement Spanning Tree Protocol (STP) security and access control lists (ACLs).
- Topics:
- Configuring static NAT for specific devices.
- Setting up dynamic NAT and PAT (Port Address Translation).
- Testing and verifying NAT operations.
- Configuring site-to-site IPsec VPNs with strong encryption and authentication.
- Configuring OSPF with authentication.
- Implementing EIGRP authentication and route filtering.
- Securing BGP using MD5 authentication and prefix lists.
- Testing and verifying secure routing configurations.
- Hands-on Activity: Configure NAT and set up an IPsec VPN between two network sites,Configure and secure OSPF and EIGRP protocols on a multi-router topology
Database Security
Foundations of Database Security
- Objective: Introduction to database and database security fundamentals.
- Topics:
- Overview of databases and the importance of securing them.
- Common threats to database security and their mitigation.
- Hands-on Activity: Scenario-based threat mitigation for a sample database.
User Management and Role-Based Access Control (RBAC)
- Objective: Understand user management and role-based access control to manage privileges.
- Topics:
- Create users with specific profiles.
- Assign roles and implement password policies (e.g., expiration, complexity).
- Lock/unlock user accounts.
- Create custom roles and assign privileges.
- Hands-on Activity: Create users and roles, configure privileges, and test RBAC functionality.
Object Privileges and Fine-Grained Access Control
- Objective: Manage object privileges and implement fine-grained access control techniques.
- Topics:
- Grant and revoke object privileges (e.g., SELECT, INSERT).
- Use views to restrict access to specific columns/rows.
- Implement Virtual Private Database (VPD) policies using DBMS_RLS.
- Hands-on Activity: Configure and test object privileges and VPD policies.
Auditing and Database Encryption
- Objective: Learn database auditing and encryption methods.
- Topics:
- Enable unified auditing and configure specific audit policies.
- Use Transparent Data Encryption (TDE) for encrypting tablespaces or columns.
- Manage encryption keys using Wallet Manager.
- Hands-on Activity: Configure auditing and encrypt sensitive data using TDE
Securing Sensitive Data and Managing Database Patches: Data Masking, Redaction, and Patch Application
- Objective: Securing Sensitive Data and Database Patch Management
- Topics:
- Securing Sensitive Data Using Views
- Data Masking and Redaction.
- Database Patch Management.
- Hands-on Activity:Implement data masking and redaction policies, and perform a simulated patch management process.
Web Penetration and AI in Cybersecurity
Information Gathering, Vulnerability Scanning
- Objective: Learn about common web security threats and vulnerabilities.
- Topics:
- Conduct Information gathering
- Vulnerability assessment and management.
- Hands-on Activity: Information gathering using Dirbuster, web data extractor and Conduct a vulnerability scan using Nessus or OpenVAS.
Exploitation of Vulnerabilities and Remediation
- Objective: Learn to exploit web vulnerabilities and prevent them.
- Topics:
- Learn techniques to exploit vulnerabilities
- Gain knowledge about preventing those vulnerabilities
- Hands-on Activity: Brute force, directory traversal, session hijacking
AI in Cyber Security (Foundational Concepts)
- Objective: Gain knowledge of generative AI prompt Engineering concepts and apply these AI skills to address standard and advanced cybersecurity needs.
- Topics:
- Introduction to Generative AI.
- How to use AI to boost your cybersecurity career.
- Hands-on Activity: use of generative AI in cybersecurity against threats, like phishing and malware, and understand potential NLP-based attack techniques.
Generative in AI Security
- Objective: Apply generative AI techniques to real-world cybersecurity scenarios, including UBEA, threat intelligence, report summarization, and playbooks.
- Topics:
- Use AI in Cybersecurity analytics, including incident response and forensic analysis.
- How to complement generative AI in traditional vulnerability management
- Hands-on Activity:Using generative AI or crafting detailed incident reports, covering the identification, containment, eradication, and recovery phases.
Month 4: Windows and Linux Server Security
Windows Server Security
Windows Server Security Essentials
- Objective: Understand fundamental security features of Windows Server and configure essential settings.
- Topics:
- Overview of Windows Server 2022 security features.
- Securing server roles and services.
- Configuring secure communication using SSL/TLS.
- Hands-on Activity: Install and configure Windows Server 2022 with SSL/TLS.
User and Group Security Management
- Objective: Manage users, groups, and their permissions to secure server access.
- Topics:
- Creating and managing user accounts in Active Directory.
- Configuring Group Policies (GPOs) for security enforcement.
- Implementing password policies for complexity and expiration.
- Hands-on Activity: Create organizational units and enforce GPOs for user restrictions.
Network Security Configuration
- Objective: Configure Windows Firewall and IPsec policies for secure network communication.
- Topics:
- Configuring Windows Firewall rules.
- Implementing IPsec policies for secure communication.
- Protecting Remote Desktop Protocol (RDP) access.
- Hands-on Activity: Configure advanced firewall rules and IPsec policies.
File Server Security and Permissions
- Objective: Secure file storage and manage access permissions.
- Topics:
- Configuring shared folders with proper permissions.
- Using Access-Based Enumeration (ABE) for secure file access.
- Implementing Encrypting File System (EFS) for sensitive data.
- Hands-on Activity: Configure NTFS permissions and encrypt files using EFS.
Linux Server Security
Linux Server Security Essentials
- Objective: Understand and implement basic Linux server security configurations.
- Topics:
- Overview of Ubuntu Linux Server 24 security features.
- Hardening SSH access and secure remote management.
- Configuring Uncomplicated Firewall (UFW) for basic protection.
- Hands-on Activity: Configure SSH with key-based authentication and set UFW rules.
User and Group Security Management
- Objective: Manage users, groups, and sudo privileges securely.
- Topics:
- Adding, deleting, and managing users and groups.
- Configuring sudo privileges for limited administrative access.
- Implementing password policies using pam_pwquality.
- Hands-on Activity: Create users and groups, configure sudo, and enforce password complexity.
Network Security Configuration
- Objective: Secure network communication on Linux servers.
- Topics:
- Configuring UFW with advanced rules.
- Enabling Fail2ban to protect against brute-force attacks.
- Securing data in transit using OpenSSL for HTTPS.
- Hands-on Activity: Set up Fail2ban and configure HTTPS with a self-signed certificate.
File System and Data Security
- Objective: Learn to secure file storage and sensitive data.
- Topics:
- Configuring file and directory permissions using chmod, chown, and setfacl.
- Encrypting sensitive data using gpg and ecryptfs.
- Implementing secure file transfers using SCP or SFTP.
- Hands-on Activity: Secure critical files and encrypt data using gpg.
Month 5: IT Audit and Governance, Risk and Compliance
Auditing and Compliance
- Objective: Learn auditing and compliance standards in cybersecurity.
- Topics:
- IT auditing principles, audit lifecycle.
- Key frameworks: COBIT, ISO 27001, PCI-DSS, NIST.
- Hands-on Activity: Scenario Discussion.
IT Audit and Governance, Risk, and Compliance (GRC)
- Objective: Learn how to manage governance, risk, and compliance (GRC).
- Topics:
- GRC frameworks, risk management, and business continuity.
- Security policies and procedures for GRC.
- Hands-on Activity: Create a risk management plan and business continuity strategy.
Incident Response and Forensics
- Objective: Learn incident response and digital forensics principles.
- Topics:
- Incident response lifecycle (preparation, detection, recovery).
- Forensics: data acquisition, log analysis, and chain of custody.
- Hands-on Activity: Development of Incident response plan.
IT Audit Report Writing
- Objective: Learn how to effectively document audit findings, create comprehensive IT audit reports, and communicate key risks and recommendations to stakeholders.
- Topics:
- Structure of an IT Audit Report
- Audit Report Best Practices
- Hands-on Activity: Write an IT audit report
Final Assignment:
Assignment Overview:
The final assignment is designed to assess the students’ ability to apply their theoretical knowledge and practical skills in a real-world scenario by performing an IT Risk Assessment, Vulnerability Assessment, and Penetration Testing. The students will act as trainee cybersecurity consultants tasked with securing a company’s network. The assignment involves designing a virtual environment, conducting a risk assessment, performing penetration testing, and presenting the results.
Assignment Brief:
- Phase 1: IT Risk Assessment Report (Part A – 30%)
- Objective: Conduct an IT Risk Assessment for a fictional organization.
- Key Deliverables:
- Develop an IT asset inventory.
- Define the scope of work.
- Perform a threat assessment and risk analysis.
- Provide risk ratings and suggest appropriate remediation measures.
- Report Length: Maximum 1500 words.
- Presentation: Students will present their findings in a 5-7 minute session.
- Phase 2: Vulnerability Assessment and Penetration Testing Report (Part B – 70%)
- Objective: Set up a virtual lab environment using VirtualBox and conduct a network, server, and web application penetration test.
- Environment Setup:
- Firewall: Use PFsense.
- Switch: Use VirtualBox network interface.
- Database Server: Install MySQL on Windows Server 2012 R2 using XAMPP.
- Application Server: Install PHP and Apache on Windows 7 using XAMPP.
- Vulnerable Application: Use BWAPP (from itsecgames.com).
- Testing Methodology:
- Choose a security testing methodology (e.g., OWASP, NIST).
- Conduct vulnerability scans using tools like Nessus or OpenVAS.
- Perform penetration testing using tools like Kali Linux, Metasploit, and Burp Suite.
- Key Sections of the Report:
- Threat modeling.
- Security testing methodology.
- Detailed penetration testing findings with proof of concept.
- Remediation recommendations.
- Critical evaluation of the proposed solution’s effectiveness.
- Report Length: Maximum 2500 words.
- Presentation: Demonstrate the environment setup and testing results.
Assessment Criteria:
- IT Risk Assessment: 30%
- Vulnerability Assessment and Penetration Testing: 70%
- Bonus Marks: Awarded for originality, depth of analysis, and clarity of the presentation.
Hands-On Labs:
Gain practical experience by working on real-world scenarios and using industry-standard tools:
- Networking Labs: Network security using Cisco Packet Tracer, firewalls, and VPNs.
- Ethical Hacking Labs: Practice penetration testing on vulnerable systems using Kali Linux and Metasploitable.
- AI in Security Labs: Use Generative AI tools to analyze threats, craft incident reports, and enhance security analytics.
- Cloud Security Labs: Set up secure infrastructure on AWS and configure IAM policies.
- IT Audit Labs: Develop risk management plans, conduct audits, and write professional audit reports.
Who Should Enroll?
This course is perfect for:
- Beginners with no prior experience but a strong desire to learn cybersecurity.
- IT Professionals looking to transition into cybersecurity roles.
- Students aiming to build a career in cybersecurity.
- Enthusiasts who have a hunger for mastering cybersecurity skills and want to become experts in the field.
Why Choose This Course?
- Comprehensive Curriculum: Covers everything from basic concepts to advanced topics.
- Certification Aligned: Prepares you for globally recognized certifications like ISC2 CC, CISA, and CompTIA Security+.
- Expert Guidance: Learn from industry professionals with years of experience in cybersecurity.
- Real-World Application: Gain hands-on experience through labs and real-world projects.
- Flexible Learning: Learn at your own pace with a well-structured weekly schedule.
Prerequisites:
- No prior experience is required! Just bring your enthusiasm and hunger to learn cybersecurity.
Special Offer:
- Course Fee: NPR 65,000
- Early Bird Discount: 10% off if registered by 1st February 2025
- Seats Available: 🚀 15 positions filled, only 10 seats remaining!
Free Orientation:
Join our free online orientation session on 8 February 2025, 6 PM to 7 PM to learn more about the course structure, learning methodology, and career opportunities. Don’t miss this chance to interact with industry experts and get all your questions answered!
How to Enroll:
Interested students can secure their seat by filling out the Google Form linked below:
Enroll Now !!!
Coordinator:
![]() |
KIRAN KUMAR SHAHCISA|CISSPLinkedin: https://www.linkedin.com/in/kirankumarshah/ |