Training Modules

The growing Internet security sector requires an in-depth understanding of cyber security issues, and fundamental Internet architecture and protocols. We design customized training modules based on the assessment of the infrastructure and tech resources engaged in managing environments within your organization. We are experts in the field of training of cyber security solutions. We design training programs for support level to C level executives.We identify lapses and implement customized training to make organizational teams strong and we are leaders in tailored training solutions.

Our Corporate Cyber Security Training Program provides the key concepts of information security, technical and practical skills necessary to secure, protect and defend network infrastructures and an organization's valuable data assets. Participants will gain an in-depth understanding of cyber security concepts, industry best practices for information security and key security concepts to protect an organization against fraud, data breaches and other vulnerabilities. All of our training and examinations are administered in collaboration with the EC-Council.

Specialized Training Courses & Certifications:

Certified Chief Information Security Officer

Certified CISCO Body of Knowledge

The EC-Council CCISO Body of Knowledge covers all five the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs.  Domain 1 covers the Policy, Legal, and Compliance aspects of Governance. Domain 2 delves into the all-important topic of audit management from the CISO’s perspective and also covers IS controls.  Domain 3 covers the Role of the CISO from a Project and Operations Management perspective.  Domain 4 summarizes the technical aspects that CISOs manage in their day-to-day jobs, but from an executive standpoint.  Domain 5 is all about Strategic Planning and Finance – crucial areas for C-Level executives to understand in order to succeed and drive information security throughout their organizations.

 

 

Certified Ethical Hacker

The Certified Ethical Hacker program is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one, but an ethical one! The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, “To beat a hacker, you need to think like a hacker”.

This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. The security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment.

This ethical hacking course puts you in the driver’s seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be taught the five phases of ethical hacking and the ways to approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.

Underground Hacking tools:

The hacking tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. By using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious hackers use, identify weaknesses and fix the problems before they are identified by the enemy, causing what could potentially be a catastrophic damage to your respective organization.

We live in an age where attacks are all susceptible and come from anyplace at any time and we never know how skilled, well-funded, or persistent the threat will be. Throughout the CEH course, you will be immersed in a hacker’s mindset, evaluating not just logical, but physical security. Exploring every possible point of entry to find the weakest link in an organization. From the end user, the secretary, the CEO, mis-configurations, vulnerable times during migrations even information left in the dumpster.

 

 

Network Defense Architect Licensed Penetration Tester

One of the key skill areas of a penetration tester is to successfully carry out all the three phases of a network hack, namely – Reconnaissance phase, where a pen tester gets familiar with the network by observing and scanning, Exploitation phase where the tester, using the intelligence from the previous phase, actually breaks into the network and/or individual machines; and Post-Exploitation phase where data exfiltration, documentation and effect of exploitation is documented and enumerating leading to deeper vulnerabilities that eventually lead to ownership of the core network and key machines controlling the entire organizations computer systems.

Understanding the system vulnerabilities and learning tools to exploit the vulnerable systems can put anyone at an edge in the information and data security domain. Corporations are craving for the individuals who can contribute effectively in applying security measures on the compromised systems. Only identifying the threats are not going to help but documenting the findings in ethical manner and constantly evolving is equally important. We train the individuals for performing penetration testing in an organized manner so that once they are out in the market they are well crafted with the novel ways of handling the vulnerability.

Being an LPT (Master) means that you can find chinks in the armor of defense-in-depth network security models with the help of network pivoting, making exploit codes work in your favor, or by writing Bash, Python, Perl, and Ruby scripts. Your job description demands that you think on your feet, be creative in your approach, and not rely on the conventional techniques. Outsmarting and outmaneuvering the adversary is what sets you apart from the crowd.

 

 

Advanced Penetration Testing

CAST On-site provides personalized Advanced Security training to meet the needs of the individual or company and are planned to ensure maximum flexibility in terms of logistics, dates and cost issues. Our certified expert trainers are experienced educators and highly knowledgeable in their respective fields. CAST On-site prides itself on strict quality control principles at all times to ensure that clients receive the highest standard of training and service. CAST On-Site training is designed to add great value to your work force by increasing staff efficiency and skills ensuring improved productivity and output that far exceeds the value of the initial training costs.

Each of the courses selected from the CAST Advanced Training Suite will be specifically designed to meet the needs of each individual, based according to their current skills and pace of learning to meet your organisation’s unique objectives and goals

CAST On-site expert/trainers will be flown down to your premise of choice at a date most suitable to you

CAST On-site allows students to receive training in more manageable sessions arranged over a spread of a few days that allowing for greater absorption of knowledge with an opportunity to practice and verify the new skills after each session prior to commencing the next one

With CAST On-site Advanced Security courses students will be able to take advantage of directly conversing with the chosen expert in matters unique to the student and your organisation

You can be rest assured that all challenges and objectives pertaining to your organisation’s goals can be discussed in an environment that ensures complete confidentiality

Each individual client receives the required high level of training that is benchmarked to international best practise and standards

Each student receives a CAST Advanced Security Training Courseware that allows them to follow and revise the material that has been taught to them

Upon completion of the course, each student will receive a CAST On-Site Advanced Security Training certificate of attendance

 

 

Advanced Hacking Hardening Corporate Web Apps

A well thought out course designed with the average security unaware programmer in mind. Your developers will be astonished at the things they do every day that turn out to have security flaws in them. To drive the point home, the course is designed with more than 50% involving hands-on coding labs. The ideal participant should have a development background, coding or architecture background either currently or previously. The candidate currently could be a developer trying to raise his or her cyber awareness. Or the Candidate may either now or have moved into a managerial position perhaps making them even more responsible for any security breach. In today’s world, there is not one day that goes by that the national evening news mentions a break in. While that may not seem that ground breaking in and of itself, the truth of the matter is much more staggering. Those costs may be hard costs as well as costs of reputation. This can be not only a job limiting oversight but a career limiting one as well.

Much thought was put into the course to be sure it worked and could be taught as a language agnostic course providing both the developer as well as management types to be exposed to how their own web site/web app could be compromised.

The course will require no special pen testing tools that are normally used during a course similar to this. The author expects that you simply understand program logic. If you know development techniques and have an architecture background you will walk away with a heightened sense of awareness about the things you do on a day to day basis.

To get the most from the course all participants should have at least some programming experience. This course is NOT language specific although program logic and design concepts both are an absolute must have.

NOTE: Students must be familiar with IT Security best practices, and have a good understanding of programming logic and common web technologies Course is designed for Developers.

 

 

Advanced Network Defense

This is a comprehensively structured and fast paced program that immerses you into world of an ethical hacker, providing insights of their mindset which is a critical weapon for defending against some of the most malicious attacks around.

With this course you can be among the few who transcend the old idea of the hacker having all the fun, take pride being the defender, form an offensive mindset to skillfully orchestrate robust and solid defenses and reinvent popular belief by beating the hacker at his own game.

You will be evaluating advanced hacking methods of defense fortification bringing you closer to establishing perfect security best practices and methodologies you can apply to secure environments. This course provides segmentation and isolation to reduce the effectiveness of the advanced persistent threats.

CAST 614 will cover fundamental areas of fortifying your defenses by discovering methods of developing a secure baseline and how to harden your enterprise architecture from the most advanced attacks. Once a strategy for a fortified perimeter is defined the course moves on to defending against the sophisticated malware that is on the rise today and the importance of live memory analysis and real time monitoring.

 

 

Advanced Mobile Hacking & Forensics

Digital Mobile Forensics is fast becoming a lucrative and constantly evolving field, this is no surprise as the mobile phone industry has been witnessing some unimaginable growth, some experts say it may even replace the Computer for those only wishing to send and receive emails. As this area of digital forensics grow in scope and size due to the prevalence and proliferation of mobile devices and as the use of these devices grows, more evidence and information important to investigations will be found on them. To ignore examining these devices would be negligent and result in incomplete investigations. This growth has now presented new and growing career opportunities for interested practitioners in corporate, enforcement, and military settings. Mobile forensics is certainly here to stay as every mobile device is different and different results will occur based on that device requiring unique expertise.

This course was put together focusing on what today’s Mobile Forensics practitioner requires, some of the advanced areas this course will be covering are the intricacies of manual Acquisition (physical vs. logical) & advanced analysis using reverse engineering understanding how the popular Mobile OSs are hardened to defend against common attacks and exploits.

CAST On-site provides personalized Advanced Security Courses to meet the needs of the individual or company and are planned to ensure maximum flexibility in terms of logistics, dates and cost issues. Our certified expert trainers are experienced educators and highly knowledgeable in their respective fields. CAST On-site prides itself on strict quality control principles at all times to ensure that clients receive the highest standard of training and service. CAST On-Site training is designed to add great value to your work force by increasing staff efficiency and skills ensuring improved productivity and output that far exceeds the value of the initial training costs.

 

 

Advanced Securing Windows Infrastructure

This 3 day technical course focuses on the key aspects of Windows Infrastructure Security, applying best practices to secure interconnected information systems within your organization providing a holistically reliable framework to support an entire enterprise structure.

Windows Infrastructure Hardening has become a mandatory step performed on a regular basis by any organization that sees security as a priority. Businesses nowadays are almost fully dependent on IT services, making the hardening and securing processes even more intense. The number of possible attack surfaces has emerged exponentially in direct relation to the increasingly competitive field of current technology we are witnessing where developers try to achieve more and more functionality from implemented solutions and applications.

The CAST 616: Securing Windows Infrastructure is designed with the single purpose of providing Info-Sec professionals with complete knowledge and practical skills necessary to secure their network infrastructure which is fast becoming if already not a top priority plus a major tech challenge for most security conscious organizations.

This 3 day training deep dives into the key aspects of solving infrastructure-related problems by appreciating the key elements of how Windows Internal Security mechanisms actually work and how it can be further optimized without jeopardizing or easing an organization’s IT Environment configuration settings which becomes common as time passes. Some of the highlights of this course are techniques used in Kernel Debugging, Malware hunting, deep diving into BitLocker and the automation of the whole hardening process.

 

 

Certified Network Defender

Organizational focus on cyber defense is more important than ever as cyber breaches have a far greater financial impact and can cause broad damage to reputation. Despite best efforts to prevent breaches, many organizations are still being compromised. Therefore organizations must have, as part of their defense mechanisms, trained network engineers who are focused on protecting, detecting, and responding to the threats on their networks.

Network administrators spends a lot of time with network environments, and are familiar with network components, traffic, performance and utilization, network topology, location of each system, security policy, etc.

Organizations can be much better in defending themselves from vicious attacks if the IT and network administrators equipped with adequate network security skills .Thus Network administrator can play a significant role in network defense and become first line of defense for any organizations.

Certified Network Defender (CND ) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on a job-task analysis and cyber security education framework presented by the National Initiative of Cyber security Education (NICE). The course has also been mapped to global job roles and responsibilities and the Department of Defense (DoD) job roles for system/network administrators. The course is designed and developed after extensive market research and surveys.

The program prepares network administrators on network security technologies and operations to attain Defense-in-Depth network security preparedness. It covers the protect, detect and respond approach to network security. The course contains hands-on labs, based on major network security tools and techniques which will provide network administrators real world expertise on current network security technologies and operations.

 

 

Forensic Investigator

Computer Hacking Forensic Investigation (CHFI) is the process of detecting hacking attacks and properly extracting evidence to report a crime and conduct audits to prevent future attacks. Computer forensics training teaches the process of detecting hacking attacks and properly extracting evidence to report a crime and conduct audits to prevent future attacks.

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to: theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer Hacking Forensic investigators (CHFI) can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. Securing and analyzing electronic evidence is a central theme in an ever-increasing number of conflict situations and criminal cases.

About the Program:

 Computer forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crimes or misuse, including but not limited to; theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensic investigators can draw from an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.

The CHFI course will give participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Many of today’s top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. It is no longer a matter of “will your organization be comprised (hacked)?” but, rather, “when?” Today’s battle between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now, the battlefield starts in the technical realm, which ties into most every facet of modern day life.

 

 

Security Analyst

The ECSA penetration testing certification is a security credential like no other!

The ECSA penetration testing course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.

About the Program:

The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology

  • Focuses on pentesting methodology with an emphasis on hands-on learning
  • The exam will now have a prerequisite of submitting a pentesting report
  • The goal of these changes is to make passing ECSA more difficult; therefore making it a more respected certification

Certified Secure Programmer .net

Software defects, bugs, and flaws in the logic of a program are consistently the cause for software vulnerabilities. Analysis by software security professionals has proven that most vulnerabilities are due to errors in programming. Hence, it has become crucial for organizations to educate their software developers about secure coding practices.

Attackers scan for security vulnerabilities in applications and servers and attempt to use these vulnerabilities to steal secrets, corrupt programs and data, and gain control of computer systems and networks. Sound programming techniques and best practices should be used to develop high quality code to prevent web application attacks. Secure programming is a defensive measure against attacks targeted towards application systems.

Course Description:

The ECSP.Net course will be invaluable to software developers and programmers alike to code and develop highly secure applications and web applications. This is done throughout the software life cycle that involves designing, implementing, and deployment of applications.

.Net is widely used by organizations as a leading framework to build web applications. ECSP.Net teaches developers how to identify security flaws and implement security countermeasures throughout the software development life cycle to improve the overall quality of products and applications.

EC-Council Certified Secure Programmer lays the foundation required by all application developers and development organizations to produce with greater stability and fewer security risks to the consumer. The Certified Secure Programmer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in the various domains.

This course is built with tons of labs peppered throughout the three days of training, offering participants critical hands on time to fully grasp the new techniques and strategies in secure programming.

 

 

Certified Secure Programmer Java

Java is embedded in more than 3 billion devices such as laptops, data centers, game consoles, super computers, mobile phones, smart cards, and many, more devices. Java is widely adopted because of its platform and architecture independent characteristics that encourage developers and industries alike.

ECSP-Java is comprehensive course that provides hands-on training covering Java security features, policies, strengths, and weaknesses. It helps developers understand how to write secure and robust Java applications and provides advanced knowledge in various aspects of secure Java development that can effectively prevent hostile and buggy code. The end result of security Java coding practices include saving valuable effort, money, time, and possibly the reputation of organizations using Java coded applications.

Software defects, bugs, and flaws in the logic of a program are consistently the cause for software vulnerabilities. Analysis by software security professionals has proven that most vulnerabilities are due to errors in programming. Hence, it has become crucial for organizations to educate their software developers about secure coding practices.

Attackers scan for security vulnerabilities in applications and servers and attempt to use these vulnerabilities to steal secrets, corrupt programs and data, and gain control of computer systems and networks. Sound programming techniques and best practices should be used to develop high quality code to prevent web application attacks. Secure programming is a defensive measure against attacks targeted towards application systems.

 

 

Network Security Administrator

EC-Councils’ ENSA certification looks at network security in a defensive view while the CEH certification looks at the security in an offensive mode. The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information. Students will learn how to evaluate network and Internet security issues and design, as well as how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them.

 

 

Disaster Recovery Professional

The EDRP certification validates the candidate’s ability to plan, organize, and direct the testing of disaster response, recovery support, and business recovery procedures.

A survey of 189 data center decision makers found a severe lack of IT preparation for natural and man-made disasters

Faced with a potential catastrophe caused by anything from the weather to a malicious attack, companies need to make sure their IT disaster recovery training plans match best practices.

The EDRP course teaches you the methods in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. It also provides the networking professional with a foundation in disaster recovery course principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and an understanding of the roles and relationships of various members of an organization, implementation of a plan, and recovering from a disaster.

This IT disaster recovery course takes an enterprise-wide approach to developing a disaster recovery plan. Students will learn how to create a secure network by putting policies and procedures in place, and how to restore a network in the event of a disaster.

 

 

Security Specialist

EC-Council Certified Security Specialist (ECSS) allows students to enhance their skills in three different areas namely information security, network security, and computer forensics.

Information security plays a vital role in most organizations. Information security is where information, information processing, and communications are protected against the confidentiality, integrity, and availability of information and information processing. In communications, information security also covers trustworthy authentication of messages that covers identification of verifying and recording the approval and authorization of information, non-alteration of data, and the non-repudiation of communication or stored data.

 

 

Incident Handler

The ECIH certification will provide professionals with greater industry acceptance as an incident handler, risk administrator, pen tester, forensic investigator, etc.

The EC-Council Certified Incident Handler (ECIH) program is designed to provide the fundamental skills to handle and respond to the computer security incidents in an information system. The course addresses various underlying principles and techniques for detecting and responding to current and emerging computer security threats. Students will learn how to handle various types of incidents, risk assessment methodologies, and various laws and policies related to incident handling. After attending this course, they will be able to create incident handling and response policies as well as deal with various types of computer security incidents.

The IT incident management training program will enable students to be proficient in handling and responding to various security incidents such as network security incidents, malicious code incidents, and insider attack threats. In addition, students will learn about computer forensics and its role in handling and responding to incidents. The course also covers incident response teams, incident management training methods, and incident recovery techniques in detail. The ECIH certification will provide professionals greater industry acceptance as the seasoned incident handler.

This course will significantly benefit incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, venerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals and anyone who is interested in incident handling and response.

 

 

Secure Computer User

The purpose of the CSCU training program is to provide individuals with the necessary knowledge and skills to protect their information assets. This class will immerse students into an interactive environment where they will acquire a fundamental understanding of various computer and network security threats such as identity theft, credit card fraud, online banking phishing scams, virus and back-doors, emails hoaxes, sex offenders lurking online, loss of confidential information, hacking attacks and social engineering. More importantly, the skills learned from the class helps students take the necessary steps to mitigate their security exposure.

This course prepares an individual as a complement to educational offerings in the domain of security and networking.

 

 

Inscription Specialist

The EC-Council Certified Encryption Specialist (ECES) program introduces professionals and students to the field of cryptography. The participants will learn the foundations of modern symmetric and key cryptography including the details of algorithms such as Feistel Networks, DES, and AES.

This training is designed for anyone involved in the selection and implementation of VPN’s or digital certificates. Without understanding the cryptography at some depth, people are limited to following marketing hype. Understanding the actual cryptography allows you to know which one to select. A person successfully completing this course will be able to select the encryption standard that is most beneficial to their organization and understand how to effectively deploy that technology.

This course is excellent for ethical hackers and penetration testing professionals as most penetration testing courses skip cryptanalysis completely. Many penetration testing professionals testing usually don’t attempt to crack cryptography. A basic knowledge of cryptanalysis is very beneficial to any penetration testing.