Cyber Academy - Full Program

Download as pdf or txt
Download as pdf or txt
You are on page 1of 43

Avnon Academy Presents:

Cyber Academy
A Comprehensive Training Program to Establish Fully Equipped and Proficient Inhouse
Cyber Units

Submitted to:
By: Avnon Academy
2021
Content
# Topic Page

1 Introduction 3
2 Through the Start-up Nation's Prism -- Israel 4
3 About Us: Avnon Academy 6
4 A Unique Model 7
5 Cyber Academy of Excellence 8
6 The Purpose of the Cyber Academy 12
7 Optimal Team of Cyber Unit - Roles 14
8 Details of Practical Track Programs 15
Annex A Admission to Training Center of Excellence 36
Annex B Result-The Ideal Graduate 37
Annex C Lecturers’ Profile 38
Annex D An Example - MSSP Portal Solution 40
Introduction
In our global knowledge-based economy, differences in economic growth and inter-country income
inequalities are rooted in the grounds of technological knowledge asymmetries.
Technology is an integral part of applying practical science, especially for industrial or commercial
purposes. Science and technology are two parts of the same whole - innovating production mechanisms
and methods, increasing the work volume and efficiency, all resulting in competitive advantages and
profit increases.
As a defined sector with a significant economic influence and as a vital component in any educational &
business aspect and field, technology is considered a critical factor of the economic growth rate at a
national macro level as well as an internal, business-oriented, micro-level.
The use of new technologies paves the way for producing fresh, cost-effective goods that enhance the
international competitiveness of different countries, their research abilities and their political and
cultural development.
Since the dawn of the human trade market, businesses flourished and evolved further effectively as part
of an ecosystem, and all the more forcefully since the Industrial Revolution. Even more so, technology
became crucial to mass-production and raised the bar of business demands, ambitions and expectation.
Nowadays, it is much more common to find businesses that work in symbiotic ecosystems. These
businesses only benefit from co-evolving by sharing scalable resources, developing joint technologies
and creating dynamic interactions that boost entire markets and sectors.
Through the Start-up Nation's Prism -- Israel
Israel is recognized worldwide as the Start-up Nation, with an extensive proven track record of
successful Israeli start-up companies and IPOs over the last two decades. In parallel, there is an
increasing trend of Israeli independent scale-up companies, like Fiverr, IronSource, Wix, Taboola,
Outbrain, and many others. Such companies began to set the tone of the Israeli tech ecosystem: a
"Scale-up Nation" focused on building large, successful multi-national companies with thousands of
employees and significant revenues.
The Israeli tech industry is a massive growth engine to the Israeli economy, with about 50% of all
exports, showing an increase of 3,700% since 1984, and has the highest access to capital markets in the
world (per capita). The tech sector employs are about 8% of the Israeli population, which account
for 13% of the business sector GDP. With that approach and these prospects, Israel turned into an asset
to investors worldwide.
Israel ranks first in the world in R&D expenditure per capita - 4.3% of the country's GDP is invested in
R&D (2018), while the average among the OECD is 2.4%. Israel enjoys the highest percentage of
engineers and scientists per capita in global comparison. The country also holds one of the highest
university degrees and academic publications ratio per capita (2018-2019 Innovation in Israel overview,
Israel Innovation Authority).
Israel continually and actively promotes innovation and entrepreneurship, as evidence to that
innovative spirit - 11 Israelis have received a Nobel prize in various categories since 1966.
Combining education with technology is essential for future generations' prosperity in our modern,
rapidly changing lives. The Israeli case is a perfect example of that and the fruits this approach yields.
Israeli High-Tech Sector Main Achievements:

The Start-Up Nation Central organization report states that 320 multi-national organizations operating
in Israel, 300 of which have R&D centres spread among 360 offices.
Global, sectors-crossing companies, venture capitals, and entrepreneurs converge in the Israeli Silicon
Valley, locally known as Silicon Wadi, all gathering to invest, find partners, and discover new business
models and technologies. Israel has become a global focal point of companies seeking to diversify and
improve their innovation strategies, taking part in local incubators and accelerators.
Avnon Academy
Planting Knowledge, Harvesting Futures
Avnon Academy is part of Avnon Holdings. Over the last thirty years, Avnon HLS Group – a recognized
global leader of HLS & Defense and cyber defence solutions, works with governments and HLS
organisations in over 70 countries, delivering comprehensive solutions and training to the HLS and
defence sectors. As such, there was a natural evolution in the establishment of a dedicated training
academy division.
The foundations of the Avnon Academy Group are built upon years of accumulated knowledge,
experience and uncompromising professionalism. Leveraging the HLS groups' expertise and
understanding of this domain, the Avnon Academy provides professionals with new insights and
capabilities to implement and help build a safer and sustainable future.
We specialise in operating customised professional training programs and large-scale, long-term
projects that benefit individuals and entire communities. We aim to raise the national economy and
social well-being in various countries worldwide by analysing markets, leveraging
strengths, and designing a comprehensive blueprint of supportive pillars that will contribute to public
growth and progress. We work closely with governments, institutions, and private partners globally,
dealing with all aspects - from the initial analysis of the specific requirements through recruiting
investors to the project's entire execution.
Start with One Seed
When planting a seed of knowledge, the possible outcomes are infinite. By doing that simple act, you
inspire curiosity, break imaginative boundaries and unlock potential and possibilities.
Avnon Academy dedicates vast resources and acknowledged experience to provide the necessary tools
to achieve these goals by applying our capabilities in formulating and implementing innovative, tailor-
made initiatives. Each Avnon Academy project is unique yet shares one comprehensive objective: to
open new paths to the future.
How do we imagine the future?
We believe that the prospect of nations depends on the realization of their citizens potential. We
believe that training and knowledge are essential keys to economic progress – for a better quality of life
for individuals, communities and entire nations.
A Unique Model
The academy's cyber program is a comprehensive and intensive curriculum designed to provide officials
and students of all levels with a mastery of advanced technologies and cyber skills. Our goal is to provide
government offices and enterprises with knowledgeable candidates for employment in a more
accessible way than the traditional college route, delivering them with the most relevant skills and
hands-on experience that companies seek.
Avnon's Cyber Academy holds a practical orientation and aims to integrate its students into any
professional cyber team thoroughly.
The studies include practical hours (at least 60%), exercises, labs and simulations. Entrepreneurs and
key-position holders from leading companies around the world will give lectures during the training.

Cyber Academy Areas of Expertise*:

SOC Incident SECOPS Threat


Analyst Response Intelligence

Red Team Forensics Malware CISO


PT Analyst Analyst
The Training flow
Application Process:
The screening process will evaluate the candidates' technical abilities, English level and former
education by an admission test.

Program Operation:
Applicants who successfully passed the admission test will enter our program with close guidance during
the program and a mentoring process after graduation.
Our studies are designed as follow:
• Fundamental - Starting with the basics of cyber: professional terms, basic skills, cyber-teams
positions, related systems and more.
• Profession Training - After the students successfully passed the fundamental course, they will
start their professional training to become skillful members of any cyber team (eventually
positioning as SOC, IRT, SecOps, etc.).

Closure:
• Guiding the students through their final exam and submitting a final project.
• Assisting to gain an international certification.
• Professional networking to kickoff startups.
• Providing students with the training and tools they need to land a professional position based
on the skills they acquired.
• Mentoring after completion the course
Cyber Academy of Excellence
Our advanced, comprehensive pedagogical system is dedicated to implementing cohesive cyber teams
in various sectors and industries, with significant consideration of our clients' needs.
Our academy will form a conceptual project execution plan:
• Annual courses program
• Students' capacity
• Students' profile
• Facilities

How We Operate
• Our cyber academy is a prime centre for excellence and innovative training – we will set up and
manage the cyber academy, according to your needs, to support local units.
• We will fully equip the training complex with full access to all simulations and labs on a cloud.
• Our students will attend lectures (online and frontal), participate in individual and group
exercises, and access virtual labs and simulations.
• Knowledge is power – we will train local tutors and local admins to provide continuity in the
field, professional management and supervision.
• We will set up and manage the site survey, which is essential for data, intelligence collection,
gaps analysis and evaluation, suggested site assessment and creating a roadmap.

Nothing Ventured, Nothing Gained:


We will fully deliver every professional and pedagogical aspect.
On your side, you will provide some essential infrastructures:
• Equipped classrooms
• Strong internet connection
• Local marketing within the organisation and relevant surroundings
• Recruitment of local teams
• Link to local industries recruiting cyber teams.
Our experts establish, train and guide entire cyber units for various sectors, leveraging the Avnon
Groups vast operational experience and the in-depth knowledge of Israeli experts from diverse cyber
realms.

Customer Responsibility:
Facilities: Customer will provide the training complex including strong connection to internet.

Candidates: Customer will promote the program, will locate and sort candidates with a basic level of
requirements.

Train local Tutors and local Staff: Customer will provide local trainers.

Connecting and Placement of Graduates into local Companies: Customer will assist in the placement of
graduates into leading local companies.
Estimated Time Table
Preparation

• Planning: 2 months
• Study Materials: 3 months
• Planning Equipping: 1 month (parallel)
• Fully Equipping: 2 months
• Candidates sorting: 2 months

Pilot: Training

• Fundamental Course

Training per Segment

• Activation

SetUp Pilot Activation - Year #1


Month 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Planning

Study Materials

Planning Equipment

Equipping and Installations

Candidates Sorting

Fundamental Course

Train local tutors

Ongoing Training

Mentoring

Pedagogical management
The Purpose of the Cyber Academy
The purpose of the cyber academy is to provide its students with the high-end cyber skills required to
expand and develop cyber industries and integrate the domestic market into the global market. The
program has two axes: information security and business studies, and it's designed to deliver proficiency
in these two topics that are necessitated to train pro-active, creative leaders who hold entrepreneurship
skills.

The nation economy will not be able to become most developed, modern economy and knowledge
economy in high-tech without the graduates of the cyber academy of excellence, endowed with skills
and forms for this national mission.
Another target that the program sets is to form and sustain knowledge-based economies, which are the
beating heart of our global economic and technological progress that translates to our well-being.
Avnon's Cyber Academy training program focuses on these four objectives to fulfil its purpose and
achieve the goals set:
✓ Profound theoretical understanding
This step includes knowledge of scientific and cultural infrastructures of computer technologies.
Understanding of scientific infrastructure, initial knowledge of high-tech industry sectors
included. Knowledge of cultural infrastructures with the basics of understanding the impact of
the high-tech industry, computer and network, in the life of human beings and societies.
✓ Practical technical proficiency

The main purpose of this objective is to acquire the skills required to work, maintain and improve
high-tech-digital technology. Skills are put into practice automatically by technical thinking.

✓ Agile and creative thinking


This objective includes the development of creativity, invention and innovation of
students. Continuous innovation is the hallmark of the high-tech industry. Professionals in the
high-tech industry are trying to deter the parry and the call sign "think outside the box" and
comply with their instructions.
✓ Entrepreneurship skills
This objective includes a development that characterizes entrepreneurs in the high-tech
industry. Those who advance the high-tech industry, create small businesses with an idea of "big"
products (start-up), create the future of the industry and provide a rich inspirational leadership. It
is the personality that makes the entrepreneurial spirit, the traits of the personality are not innate
but nourished by education.
Optimal Cyber Unit - Roles
Covering all aspects of cybersecurity will require a qualified team, one with defined roles and led by a
Chief Information Security Officer (CISO). After relevant and professional training, such a unit should
create clear and operational protocols for any event. Cybersecurity units are in charge of routinely
conducting penetration tests, recognising security gaps, performing incident response (IR), and analysing
deterred malware. At the end of the day, an optimal cyber unit is always on the watch and stays one
step ahead of the threat by operating routine missions and applying innovative, creative defence
methods.

A typical cybersecurity unit:


Details of Programs
Cyber Fundamentals (240 hours)
AUDIENCE
• Candidates seeking a first job in the cybersecurity industry
PREREQUISITES
• There is no need for prior technical knowledge.
• Technical orientation - an advantage
DESCRIPTION
In this program, the students will learn the basics of cybersecurity in manners of terms, systems and
skills acquirement. Cyber Fundamentals is the first step in the training program, and succeeding in this
course is a condition to continue to advanced classes.
OBJECTIVES
After completing this course, you should be able to:
• Use and maintain Windows and Linux operating systems
• Get familiar with Windows and Linux file systems
• Analyze an infected Windows host using Sysinternals tools
• Understand the TCP/IP model and network/application protocols
• Analyze network traffic to find information and malicious network activity
• Develop Windows PowerShell and batch scripts
• Develop Linux bash scripting for automation and host analysis
• Build and maintain Windows domain environment
• Create security policies as part of the domain environment security
• Use SQL to manage and analyses relational databases
• Develop web applications using client and server-side scripting
• Implement and maintain cloud-based network and computing services
• Get familiar with cloud services and types
• Get familiar with DevOps technologies and implementation
• Create automation using DevOps tools
• Scripting with Python language
SOC Analyst (240 hours)
AUDIENCE
• Candidates seeking a first job in the cybersecurity industry
• Candidates who wish to be a SOC analyst
PREREQUISITES
• Successful completion of the Cyber Fundamentals program
• Experience as an IT team member
• Successfully passed the entrance exams
DESCRIPTION
Security Operation Center, mostly known as SOC, is the heart of corporate defences. SOC is the eyes and
ears of any traffic and action inside the company's network.
SOC analyst training includes practical skills with security systems, offensive security and incident
response alongside a basic understanding of terminology, methodology, and countermeasures.
This program provides the whole skillset to become a SOC analyst for beginners with limited or no prior
experience through theoretical and practical training.
OBJECTIVES
After completing this course, you should be able to:
• Understand what cyber and information security is
• Get familiar with the cyber world and its essential terms
• Implement a defence strategy in any organisation process
• Plan an attack process over organisation or applications
• Execute a cyber-attack using Mitre Att&ck and Cyber Kill Chain models
• Execute penetration tests on web applications and networks
• Maintain and set rule base of network security systems as firewall and IDS/IPS
• Secure endpoints using hardening techniques
• Set auditing policies for better incident response (IR) and analysis
• Analyse cyber-attacks using automate security tools
• Maintain and operate a data system as Splunk and Elastic
• Write SIEM correlation and statistics rules to identify attacks
• Investigate host using data systems
Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
Incident Response - IR (216 hours)

AUDIENCE

• This course is for SOC analysts seeking to enter the field of incident response

PREREQUISITES

• Candidates with experience in the cybersecurity field with a technical background in security
systems, Windows, Linux and networking

• Candidates with a background in communication systems

• Successful completion of the Cyber Fundamentals program

DESCRIPTION

More and more companies now realize the detrimental impact of internet crimes on the company's
revenue and reputation. Quick and accurate responses are vital to handle security incidents successfully.
This course will train the students to provide essential answers regarding each security breach to
prevent the next attempt and secure the organization’s valuable data.

OBJECTIVES

After completing this course, you should be able to:

• Define incident response plan


• Investigate office files, PDF, RTF
• Analyze emails for forensics purposes
• Detect, analyses, and contain malware and attackers
• Find anomalies in network traffic
• Investigate Windows and Linux systems
• Analyze detected malware and create an IOCs / TTP
• Use a big-data system for SIEM, threat hunting and forensics
Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
SecOps (272 hours)

AUDIENCE

• Candidates who wish to be security administrators

PREREQUISITES

• Experience as an IT team member and network administrator

• Successful completion of the Cyber Fundamentals program

DESCRIPTION

Security operations and administration (SecOps) primary role is identifying the organization’s
information assets and the documentation needed for policy implementation, standards, procedures,
and guidelines to ensure confidentiality, integrity, and availability.

During the program, you will understand the process necessary for working with management and
information owners, custodians, and users to define proper data classifications. The SecOps program
addresses basic security concepts and applies them in day-to-day operation and administration.

OBJECTIVES

After completing this course, you should be able to:

• Implement and configure network security systems across the organization

• Implement and configure endpoint security systems across the organization

• Implement and integrate SOAR system

• Manage and maintain security systems

• Prepare the organization for security standards and regulations

• Plan audit and security policy

• Get familiar with cloud technology and leading cloud suppliers

• Create a secure architecture for projects

• Implement identity management systems


Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
Threat Intelligence (40 hours)

AUDIENCE

• Candidates seeking a first job in the cybersecurity industry

• Candidates who wish to be a threat intelligence analyst

PREREQUISITES

• Successful completion of the Cyber Fundamentals program

DESCRIPTION

With the growing number of data breaches making the news, businesses are becoming increasingly
concerned about cyberattacks. However, many business leaders are not sure where to start with
protecting their organizations.

Threat intelligence analyst can identify and examine cyber threats aimed at your business by sifting
through piles of data and studying it contextually, and deploying specific solutions to the problem found.

OBJECTIVES

After completing this course, you should be able to:

• Improve analysis skills to comprehend, synthesize, and leverage complex scenarios

• Analyze open-source resources in automatic ways

• Identify and create intelligence requirements through practices such as threat modelling

• Understand and develop skills in tactical, operational, and strategic-level threat intelligence

• Generate threat intelligence to detect, respond to, and defeat focused and targeted threats

• Learn the different sources to collect adversary data and how to exploit and pivot off it

• Validate information received externally to minimise the costs of bad intelligence

• Establish structured analytical techniques to be successful in any security role


Penetration Tester (336 hours)

AUDIENCE

• Candidates seeking a first job in the cybersecurity industry


• Candidates who wish to be a penetration tester
PREREQUISITES

• Successful completion of the SOC analyst program

DESCRIPTION

Penetration testers need to attack a corporate, steal information and yet, be quiet and stealth. A good
"red" team member is someone with cybersecurity skills alongside development skills that can create a
new and undetectable attacking tool.

In this course, the students will use Python to create and develop new tools to achieve the PT goals. The
student will understand the whole process of penetration testing and have hands-on experience with
each phase of the attack, from reconnaissance to data exfiltration.

OBJECTIVES

After completing this course, you should be able to:

• Develop using Python


• Get familiar with attack methods, models, and processes
• Write detailed reports
• Create advanced risk assessment relate to a technical evidence
• Get public information about corporates using open-source resources
• Develop Macros (VBA) to create malicious office files
• Get access to networks and hosts using enumeration and password attack techniques
• Build anonymous environment for attacking
• Penetrate web applications
• Get familiar with tunnelling methods
• Use PowerShell to attack and spread in Windows domain environment
• Understand the defender's perspective – security systems and forensics
• Avoid detection by anti-viruses, IDS, and firewalls
• Write malware and exploit using Python
• Scan and find out cloud assets
• Have a deep understanding of cloud infrastructure and where to find its exploits
• Develop with JAVA language
• Analyse source code to find bugs and vulnerabilities
• Create malware for mobile devices
Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
Vulnerability Researcher (264 hours)

AUDIENCE

• Penetration testers who wish to change their position to vulnerability research

PREREQUISITES

• Successful completion of penetration tester course

DESCRIPTION

Vulnerability is a bug in an application that usually gives the attacker a way to execute a code on the
victim's host and make his malicious actions.

In this course, the students will learn how to analyse an application or operating system to find new
vulnerabilities and execute malicious code on the victim.

As part of this course, the students will also learn about C language, Assembly language, fuzzing
techniques, buffer and stack overflows, creating payloads, and more.

OBJECTIVES

After completing this course, you should be able to:

• Get a deep understanding of Assembly language

• Develop with C language

• Execute fuzzing techniques to determine if an application is vulnerable

• Develop exploits for vulnerabilities

• Analyse network protocols to find security mechanisms failures

• Get familiar with AD security mechanisms and their vulnerabilities

• Develop payloads and malware

• Attack without being detected by security systems and SOC members

• Scan networks, hosts and cloud assets


Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
Digital Forensics (152 hours)

AUDIENCE

• This course is for incident response team members seeking to expand their capabilities and
knowledge in the digital forensics field

PREREQUISITES

• Each candidate has to pass an entrance exam

• Successful completion of incident response course

DESCRIPTION

Incident response is an approach designed to handle cyber breaches in a way that reduces damages and
costs. Still, there are also other incidents that cyber expert should take care of – data leakage by
employees, mobile devices attacks and, as part of today's organisations – cloud attacks.

In this course, the student will learn how to investigate the host's file system and create timelines from
all OS artefacts. In addition, the student will examine mobile devices to find out malware evidence,
sensitive data, and cloud forensics by getting audit logs, investigating them, and acquiring the relevant
information to complete the analysis.

OBJECTIVES

After completing this course, you should be able to:

• Create timeline from OS file system and analyse it


• Track user and attacker activity second-by-second on the system you are analysing through in-
depth timeline and super-timeline analysis
• Recover data cleared using anti-forensics techniques via Volume Shadow Copy and Restore
Point analysis
• Identify lateral movement and pivots within your enterprise
• Understand how the attacker can acquire legitimate credentials
• Track data movement as the attackers collect critical data and shift them to exfiltration
collection points
• Acquire data from mobile devices
• Recover deleted mobile device data that forensic tools miss
• Detect, decompile, and analyse mobile malware and spyware
• Handle locked or encrypted devices, applications, and containers
• Examine databases containing the application and mobile artefacts
• Create, validate, and verify the tools against real datasets
• Have a deep understanding of cloud services and usage
• Implement cloud services like EC2, Buckets and Security services
• How to configure security auditing, users and roles
• Manage cloud access and APIs
• To analyse cloud services and respond to incidents
• Have a deep understanding of ICS network protocols, architecture and components
• Analyse network of Modbus protocol and HMI-Controller communication

Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
Malware Analyst (350 hours)

AUDIENCE

• This course is for incident response team members seeking to expand their capabilities and
knowledge in the malware analysis field or becoming malware analysts

PREREQUISITES

• Successful completion of digital forensics courses

DESCRIPTION

Over the past few years, the potential damage of cybercrime has become more apparent – billions of
dollars are lost yearly to cybercrimes.

Organisations worldwide are looking to cope with the constantly evolving threat by protecting their
Intellectual Properties, their customers and understanding the incident's scope in an already ongoing
incident.

The Malware Analyst course is designed to prepare students with real-world malware and techniques to
analyse them even if they use evasion techniques or operating system manipulation.

As part of the course, the students will learn two malware analysis types – static and dynamic. Both use
reverse engineering techniques in different ways.

OBJECTIVES

After completing this course, you should be able to:

• Get a deep understanding of Assembly language


• Develop with C language
• Apply advanced static malware analysis techniques
• Apply advanced dynamic malware analysis techniques
• Malware analysis on Linux operating system
• Analyse malware intended for mobile devices
• Get familiar with Windows OS defence mechanisms
• Get a deep understanding of anti-reverse techniques and how to bypass them
• Create efficient and specific host and network-based signatures for malware
Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
CISO (80 hours)

AUDIENCE

• Technically skilled security administrators

• Technically skilled security analyst

PREREQUISITES

• Candidates with an advanced understanding of technology, networks, and info-security.

• Experience in forensics and malware management or "red" team management.

DESCRIPTION

IT security became a critical issue with the evolution of the information age that increased the demand
for professional CISOs in organisations. CISO Training is best suited for:

• IT security-related practitioner

• Security Administrators

• Security Auditors

• Network Analysts

• Security Analysts/Architects

• Information Security Officers (ISO)

• Consultants

• Security Instructors

CISO, or Chief Information Security Officer, is the senior-level executive within an organisation
responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure
information assets and technologies are adequately protected. The CISO course does not focus solely on
technical knowledge but also on applying information security management principles from an
executive management perspective.
OBJECTIVES

After completing this course, you should be able to:

• Implement and achieve the highest information security standards

• Get familiar with all information security and privacy standards

• Describe an overview of the design, roles and function of server and user administration

• Match the right technology to standards demand


SOC Manager, Red Team Manager and Forensics Manager (40 hours)

AUDIENCE

• Technically skilled SOC or penetration tester or vulnerabilities researcher

• A technically proficient incident response team member or malware analyst

PREREQUISITES

• Successful completion of one of the following courses:

o penetration tester

o vulnerability researcher

o incident response

o digital forensics

o malware analyst

DESCRIPTION

Usually, team managers are experienced members promoted to the job after accomplishing knowledge
in security standards, privacy regulations and shown leadership skills.

In this course, the students will learn the essential guidelines, technical aspects and theoretical know-
how to certify them to become team managers.

OBJECTIVES

After completing this course, you should be able to:

• Get familiar with cyber breaches, their business impact and costs

• Get a deep understanding of employees' privacy and data protection

• Make sense of different cybersecurity frameworks

• Understand and analyse risks

• Understand the pros and cons of varying reporting relationships

• Manage technical personnel

• Build a vulnerability management program

• Effectively manage security projects

• Become an effective information security manager


Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
Annex A - Admission to Training Center of Excellence
The conditions of admission to the cyber academy will be as follows:

There will be a personal interview with each candidate, including a review of the motivation and their
genuine desire to study data science and entrepreneurship.

In addition, candidates will have to pass three entrance exams in:

• Mathematics

• Logic

• English

Candidates who have failed the entry exam (minimum 70) will have the opportunity to prepare for new
entrance exams.

Candidates who have passed the entry exam should also meet the specific pre-requirements of the
desired course.
Annex B – Result: The Ideal Graduate
The cyber academy will give graduates the knowledge and skills required to increase their opportunities
and fulfil their integration in the labor force to achieve success and prosperity.

Our graduates will leave our academy with the following skillsets and values:

Life-skills
a. Set objectives
b. Be a leader
c. Understanding different points of view
d. Prospect various job offers and careers

Education & information


a. Gather information
b. Source evaluation
c. Analyse different types of data
d. Develop research programs
e. Information analysis

Technical skills
a. Technical knowledge in tools, software platforms, applications
b. Product development

Creativity & innovation


a. Strategic planning
b. Creative thinking
c. Innovation process methodologies

Communication & collaboration


a. Raising the right questions
b. Effective training methodologies
c. Building and leading presentations
d. Competent writing skills

Critical thinking & solving problems


a. Problem identification
b. Alternatives' evaluation
c. Arguments' assessment
d. Merge information
e. Decision-making methodologies and skillsets
Annex C – Lecturers' Profile
Mr. Buki C.

Mr Buki is the former head of the Israeli Ministry of Defence Cyber and Technology Authority and an Ex-
Officer at one of the IDF's elite technological units. In addition to Mr. Buki's vast experience in the
military and public sector, he is also an entrepreneur with over 30 years of experience leading large C5I
R&D teams.

Mr. Yossi S.

Mr. Yossi is a senior technologist, "white hat" hacker & security researcher and trainer. Since the early
1990s, Mr. Yossi has accumulated experience in practically every possible field of computing: IT
infrastructure, data communications and application development, of which ~12 years as a Technology
leader and Technical group manager at Microsoft.

His professional experience goes from Novell Netware networks through Windows Resource Kit Tools
Development for Windows Server to his appointment as Chief Technology Officer (CTO) of several
international companies.

Mr. Yaniv B.

Mr. Yaniv is a Cybersecurity expert, specializes in digital forensics and encryption, with valuable and
practical experience in the IDF. Today, Yaniv is working as an investigator for ransomware and
cryptographic malware.

Mrs. Etti B.

Mrs. Etti Masters in Law (LLM) with over 25 years of experience in Cyber-security in various positions. An
active and well-established consultant and lecturer in the fields of privacy and cyber technologies.

Mr. Gal Y.

Mr. Gal is an expert in information security and holds valuable experience developing courses and
training programs for penetration testing and SOC teams. Mr. Gal served in the IDF as a Cyber Defense
Officer in the navy's computer unit and in the military school for programming and cybersecurity.
Mr. Dror G.

Mr. Dror has more than 20 years of experience in IT and information security, including characterization,
planning and implementation of cyber solutions in large organizations in Israel, with emphasis on
various communications providers and execution of security projects in Israel and abroad. He also holds
experience in information security consulting, including organizational processes.

Graduate of a senior management track for information systems managers at the Technion, and a
Bachelor's degree in Mathematics and Computer Science from the University of Haifa.

Mr Yair R.

Mr. Yair is a technologist with extensive experience in project management and of development of
information systems. With a broad business vision and a systematic observation that combines IT and
the business world. He managed projects in Ceragon's information systems department and the
development department.

He specializes in developing, designing, and optimizing large and complex systems that process millions
of gigabytes of data.
Annex D - MSSP Portal Solution
Managed Security Service Providers (MSSPs) can benefit greatly from technologies that deliver high-
value, revenue-generating services. To that end, Avnon group's MSSP Portal enables Operators and
Service Providers to resell cybersecurity protection capabilities to their customers as managed services.

Avnon group's Portal for MSSPs is a turnkey, multi-tenant DDoS detection and mitigation service
delivery platform that provides reliable, flexible, and scalable cybersecurity protection. An add-on
component to Avnon group's industry-leading Attack Mitigation System, the Portal collects and
aggregates security attack measurements and events (including traffic utilisation, attack distribution,
and alerts), and displays them in real-time and historical reports.

If you are an MSSP looking for a service delivery platform for DDoS detection and mitigation to expand
your business, the MSSP Portal is the right solution for you.

Real-Time Dashboard

The portal dashboard displays real-time information at the account (tenant) level in a collection of
dynamic, predefined widgets that enable activation/deactivation of traffic diversion to the scrubbing
centre and displays the service status and statistics of accounts managed by an MSSP. It contains
information about all protected assets, their current state, real-time attacks and traffic information.

Each MSSP Portal user can customise and access three persistent dashboards, even after logging out and
logging back into the Portal. The dashboards retain their look and settings per user.
Widget Repository

The dashboard presents a set of widgets, where the user can personalise the display in manners of
location/size, how the data is rendered (chart type/units/scale) and which information they display
(depending on time filter/context/etc.).

The widgets have several predefined sizes, where each shows a different level of information (e.g.,
summary, distribution by category, tabular view, etc.). When changing the dashboard context and date
frame, the data on the widgets adjust accordingly. In addition, several widgets have attributes that can
override some of the global filters (e.g., selected account, time filter, etc.). Widgets can be displayed
depending on the logged-in user role. The following table describes the available widgets and access
level.

Widget Name Description Access level

Displays whether the account is under attack or Account, Service Provider,


Security Status not Operator

Displays a list of account’s assets, their containing


sites and status, and enables
activation/deactivation Account, Service Provider,
Assets of traffic diversion to the scrubbing centre Operator

Displays the CPE and attack status per accounts Account, Service Provider,
Operational Overview sites Operator

Displays top attacks by sources Account, Service Provider,


Top Attacks /destination/vectors Operator

Displays incoming and clean traffic utilization per Account, Service Provider,
Traffic Monitor CPE and SE Operator

Displays a list of security alerts reported by the Account, Service Provider,


Security Alerts security devices Operator

Displays operational alerts such as CPE status Account, Service Provider,


Operational Alerts change, etc. Operator

Displays a list of attacks on respective account and


Accounts Under Attack assets, across the entire portal accounts Service Provider, Operator

Service Provider Displays a list of accounts and their CPE and attack
Operational Overview status, across the entire portal accounts Service Provider, Operator
Reports

The reporting section allows users to define and run ad hoc reports and schedule, export and email
them.

Report templates can be saved, loaded and executed to generate reports with new data. Users can
define complex reporting criteria using the report's criteria panes, enabling operators to automate
routine tasks. For example, users can automatically generate a monthly summary of DDoS protection
service usage per account and receive an email summary report.

Flexible User and Entity Models

The MSSP Portal provides the flexibility and ease-of-use required to deploy, manage and secure multi-
tenant accounts, secure networks from the inside out - from the enterprise core to the perimeter, and
remote sites.

The Portal Persona (user types) represents one or more user accounts that can be defined for each of
the following personas.

• Operator - owns and manages the Portal infrastructure with access to all tenants and
administration tasks

• Service Provider - an optional tier of users that can directly offer the Portal to end-customers
and manage one or more tenants

• Account - a tenant is representing a customer that uses the DDoS protection service. An account
contains a set of sites and assets, where:

• Site - a logical container for a collection of assets (such as geographically-based, customer SLA-
based, or service groups)

• Asset - an entity to be protected by the MSSP Portal (including networks, servers, subnets, or set
of subnets

The MSSP Portal Components

The MSSP Portal supports virtual IT environments and is a fully integrated solution that encompasses
behavioural-based attack mitigation, DDoS attack detection and prevention, and centralised attack
management, monitoring and reporting.

• MSSP Portal is deployed in the Operator or Service Provider's data centre as a virtual appliance
supporting VMware or KVM hypervisors.
• DefensePro is a real-time, behavioural-based attack mitigation device that protects
infrastructure against network and application downtime, application vulnerability exploitation,
malware spread, network anomalies, information theft, and other emerging cyber-attacks.

• DefenseFlow is a network-wide DDoS attack detection and cyber command and control
application designed to protect networks against known and emerging network attacks that
threaten network resource availability.

• APSolute Vision is centralised attack management, monitoring and reporting solution across
multiple DefensePro and DefenseFlow devices and locations. It provides users with real-time
identification, prioritisation, and response to policy breaches, cyber-attacks and insider threats.

• An additional Cloud Scrubbing (e.g., Cloud DDoS Protection Service) can be used for Peak
Protection.

You might also like