Cyber Academy - Full Program
Cyber Academy - Full Program
Cyber Academy - Full Program
Cyber Academy
A Comprehensive Training Program to Establish Fully Equipped and Proficient Inhouse
Cyber Units
Submitted to:
By: Avnon Academy
2021
Content
# Topic Page
1 Introduction 3
2 Through the Start-up Nation's Prism -- Israel 4
3 About Us: Avnon Academy 6
4 A Unique Model 7
5 Cyber Academy of Excellence 8
6 The Purpose of the Cyber Academy 12
7 Optimal Team of Cyber Unit - Roles 14
8 Details of Practical Track Programs 15
Annex A Admission to Training Center of Excellence 36
Annex B Result-The Ideal Graduate 37
Annex C Lecturers’ Profile 38
Annex D An Example - MSSP Portal Solution 40
Introduction
In our global knowledge-based economy, differences in economic growth and inter-country income
inequalities are rooted in the grounds of technological knowledge asymmetries.
Technology is an integral part of applying practical science, especially for industrial or commercial
purposes. Science and technology are two parts of the same whole - innovating production mechanisms
and methods, increasing the work volume and efficiency, all resulting in competitive advantages and
profit increases.
As a defined sector with a significant economic influence and as a vital component in any educational &
business aspect and field, technology is considered a critical factor of the economic growth rate at a
national macro level as well as an internal, business-oriented, micro-level.
The use of new technologies paves the way for producing fresh, cost-effective goods that enhance the
international competitiveness of different countries, their research abilities and their political and
cultural development.
Since the dawn of the human trade market, businesses flourished and evolved further effectively as part
of an ecosystem, and all the more forcefully since the Industrial Revolution. Even more so, technology
became crucial to mass-production and raised the bar of business demands, ambitions and expectation.
Nowadays, it is much more common to find businesses that work in symbiotic ecosystems. These
businesses only benefit from co-evolving by sharing scalable resources, developing joint technologies
and creating dynamic interactions that boost entire markets and sectors.
Through the Start-up Nation's Prism -- Israel
Israel is recognized worldwide as the Start-up Nation, with an extensive proven track record of
successful Israeli start-up companies and IPOs over the last two decades. In parallel, there is an
increasing trend of Israeli independent scale-up companies, like Fiverr, IronSource, Wix, Taboola,
Outbrain, and many others. Such companies began to set the tone of the Israeli tech ecosystem: a
"Scale-up Nation" focused on building large, successful multi-national companies with thousands of
employees and significant revenues.
The Israeli tech industry is a massive growth engine to the Israeli economy, with about 50% of all
exports, showing an increase of 3,700% since 1984, and has the highest access to capital markets in the
world (per capita). The tech sector employs are about 8% of the Israeli population, which account
for 13% of the business sector GDP. With that approach and these prospects, Israel turned into an asset
to investors worldwide.
Israel ranks first in the world in R&D expenditure per capita - 4.3% of the country's GDP is invested in
R&D (2018), while the average among the OECD is 2.4%. Israel enjoys the highest percentage of
engineers and scientists per capita in global comparison. The country also holds one of the highest
university degrees and academic publications ratio per capita (2018-2019 Innovation in Israel overview,
Israel Innovation Authority).
Israel continually and actively promotes innovation and entrepreneurship, as evidence to that
innovative spirit - 11 Israelis have received a Nobel prize in various categories since 1966.
Combining education with technology is essential for future generations' prosperity in our modern,
rapidly changing lives. The Israeli case is a perfect example of that and the fruits this approach yields.
Israeli High-Tech Sector Main Achievements:
The Start-Up Nation Central organization report states that 320 multi-national organizations operating
in Israel, 300 of which have R&D centres spread among 360 offices.
Global, sectors-crossing companies, venture capitals, and entrepreneurs converge in the Israeli Silicon
Valley, locally known as Silicon Wadi, all gathering to invest, find partners, and discover new business
models and technologies. Israel has become a global focal point of companies seeking to diversify and
improve their innovation strategies, taking part in local incubators and accelerators.
Avnon Academy
Planting Knowledge, Harvesting Futures
Avnon Academy is part of Avnon Holdings. Over the last thirty years, Avnon HLS Group – a recognized
global leader of HLS & Defense and cyber defence solutions, works with governments and HLS
organisations in over 70 countries, delivering comprehensive solutions and training to the HLS and
defence sectors. As such, there was a natural evolution in the establishment of a dedicated training
academy division.
The foundations of the Avnon Academy Group are built upon years of accumulated knowledge,
experience and uncompromising professionalism. Leveraging the HLS groups' expertise and
understanding of this domain, the Avnon Academy provides professionals with new insights and
capabilities to implement and help build a safer and sustainable future.
We specialise in operating customised professional training programs and large-scale, long-term
projects that benefit individuals and entire communities. We aim to raise the national economy and
social well-being in various countries worldwide by analysing markets, leveraging
strengths, and designing a comprehensive blueprint of supportive pillars that will contribute to public
growth and progress. We work closely with governments, institutions, and private partners globally,
dealing with all aspects - from the initial analysis of the specific requirements through recruiting
investors to the project's entire execution.
Start with One Seed
When planting a seed of knowledge, the possible outcomes are infinite. By doing that simple act, you
inspire curiosity, break imaginative boundaries and unlock potential and possibilities.
Avnon Academy dedicates vast resources and acknowledged experience to provide the necessary tools
to achieve these goals by applying our capabilities in formulating and implementing innovative, tailor-
made initiatives. Each Avnon Academy project is unique yet shares one comprehensive objective: to
open new paths to the future.
How do we imagine the future?
We believe that the prospect of nations depends on the realization of their citizens potential. We
believe that training and knowledge are essential keys to economic progress – for a better quality of life
for individuals, communities and entire nations.
A Unique Model
The academy's cyber program is a comprehensive and intensive curriculum designed to provide officials
and students of all levels with a mastery of advanced technologies and cyber skills. Our goal is to provide
government offices and enterprises with knowledgeable candidates for employment in a more
accessible way than the traditional college route, delivering them with the most relevant skills and
hands-on experience that companies seek.
Avnon's Cyber Academy holds a practical orientation and aims to integrate its students into any
professional cyber team thoroughly.
The studies include practical hours (at least 60%), exercises, labs and simulations. Entrepreneurs and
key-position holders from leading companies around the world will give lectures during the training.
Program Operation:
Applicants who successfully passed the admission test will enter our program with close guidance during
the program and a mentoring process after graduation.
Our studies are designed as follow:
• Fundamental - Starting with the basics of cyber: professional terms, basic skills, cyber-teams
positions, related systems and more.
• Profession Training - After the students successfully passed the fundamental course, they will
start their professional training to become skillful members of any cyber team (eventually
positioning as SOC, IRT, SecOps, etc.).
Closure:
• Guiding the students through their final exam and submitting a final project.
• Assisting to gain an international certification.
• Professional networking to kickoff startups.
• Providing students with the training and tools they need to land a professional position based
on the skills they acquired.
• Mentoring after completion the course
Cyber Academy of Excellence
Our advanced, comprehensive pedagogical system is dedicated to implementing cohesive cyber teams
in various sectors and industries, with significant consideration of our clients' needs.
Our academy will form a conceptual project execution plan:
• Annual courses program
• Students' capacity
• Students' profile
• Facilities
How We Operate
• Our cyber academy is a prime centre for excellence and innovative training – we will set up and
manage the cyber academy, according to your needs, to support local units.
• We will fully equip the training complex with full access to all simulations and labs on a cloud.
• Our students will attend lectures (online and frontal), participate in individual and group
exercises, and access virtual labs and simulations.
• Knowledge is power – we will train local tutors and local admins to provide continuity in the
field, professional management and supervision.
• We will set up and manage the site survey, which is essential for data, intelligence collection,
gaps analysis and evaluation, suggested site assessment and creating a roadmap.
Customer Responsibility:
Facilities: Customer will provide the training complex including strong connection to internet.
Candidates: Customer will promote the program, will locate and sort candidates with a basic level of
requirements.
Train local Tutors and local Staff: Customer will provide local trainers.
Connecting and Placement of Graduates into local Companies: Customer will assist in the placement of
graduates into leading local companies.
Estimated Time Table
Preparation
• Planning: 2 months
• Study Materials: 3 months
• Planning Equipping: 1 month (parallel)
• Fully Equipping: 2 months
• Candidates sorting: 2 months
Pilot: Training
• Fundamental Course
• Activation
Study Materials
Planning Equipment
Candidates Sorting
Fundamental Course
Ongoing Training
Mentoring
Pedagogical management
The Purpose of the Cyber Academy
The purpose of the cyber academy is to provide its students with the high-end cyber skills required to
expand and develop cyber industries and integrate the domestic market into the global market. The
program has two axes: information security and business studies, and it's designed to deliver proficiency
in these two topics that are necessitated to train pro-active, creative leaders who hold entrepreneurship
skills.
The nation economy will not be able to become most developed, modern economy and knowledge
economy in high-tech without the graduates of the cyber academy of excellence, endowed with skills
and forms for this national mission.
Another target that the program sets is to form and sustain knowledge-based economies, which are the
beating heart of our global economic and technological progress that translates to our well-being.
Avnon's Cyber Academy training program focuses on these four objectives to fulfil its purpose and
achieve the goals set:
✓ Profound theoretical understanding
This step includes knowledge of scientific and cultural infrastructures of computer technologies.
Understanding of scientific infrastructure, initial knowledge of high-tech industry sectors
included. Knowledge of cultural infrastructures with the basics of understanding the impact of
the high-tech industry, computer and network, in the life of human beings and societies.
✓ Practical technical proficiency
The main purpose of this objective is to acquire the skills required to work, maintain and improve
high-tech-digital technology. Skills are put into practice automatically by technical thinking.
AUDIENCE
• This course is for SOC analysts seeking to enter the field of incident response
PREREQUISITES
• Candidates with experience in the cybersecurity field with a technical background in security
systems, Windows, Linux and networking
DESCRIPTION
More and more companies now realize the detrimental impact of internet crimes on the company's
revenue and reputation. Quick and accurate responses are vital to handle security incidents successfully.
This course will train the students to provide essential answers regarding each security breach to
prevent the next attempt and secure the organization’s valuable data.
OBJECTIVES
AUDIENCE
PREREQUISITES
DESCRIPTION
Security operations and administration (SecOps) primary role is identifying the organization’s
information assets and the documentation needed for policy implementation, standards, procedures,
and guidelines to ensure confidentiality, integrity, and availability.
During the program, you will understand the process necessary for working with management and
information owners, custodians, and users to define proper data classifications. The SecOps program
addresses basic security concepts and applies them in day-to-day operation and administration.
OBJECTIVES
AUDIENCE
PREREQUISITES
DESCRIPTION
With the growing number of data breaches making the news, businesses are becoming increasingly
concerned about cyberattacks. However, many business leaders are not sure where to start with
protecting their organizations.
Threat intelligence analyst can identify and examine cyber threats aimed at your business by sifting
through piles of data and studying it contextually, and deploying specific solutions to the problem found.
OBJECTIVES
• Identify and create intelligence requirements through practices such as threat modelling
• Understand and develop skills in tactical, operational, and strategic-level threat intelligence
• Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
• Learn the different sources to collect adversary data and how to exploit and pivot off it
AUDIENCE
DESCRIPTION
Penetration testers need to attack a corporate, steal information and yet, be quiet and stealth. A good
"red" team member is someone with cybersecurity skills alongside development skills that can create a
new and undetectable attacking tool.
In this course, the students will use Python to create and develop new tools to achieve the PT goals. The
student will understand the whole process of penetration testing and have hands-on experience with
each phase of the attack, from reconnaissance to data exfiltration.
OBJECTIVES
AUDIENCE
PREREQUISITES
DESCRIPTION
Vulnerability is a bug in an application that usually gives the attacker a way to execute a code on the
victim's host and make his malicious actions.
In this course, the students will learn how to analyse an application or operating system to find new
vulnerabilities and execute malicious code on the victim.
As part of this course, the students will also learn about C language, Assembly language, fuzzing
techniques, buffer and stack overflows, creating payloads, and more.
OBJECTIVES
AUDIENCE
• This course is for incident response team members seeking to expand their capabilities and
knowledge in the digital forensics field
PREREQUISITES
DESCRIPTION
Incident response is an approach designed to handle cyber breaches in a way that reduces damages and
costs. Still, there are also other incidents that cyber expert should take care of – data leakage by
employees, mobile devices attacks and, as part of today's organisations – cloud attacks.
In this course, the student will learn how to investigate the host's file system and create timelines from
all OS artefacts. In addition, the student will examine mobile devices to find out malware evidence,
sensitive data, and cloud forensics by getting audit logs, investigating them, and acquiring the relevant
information to complete the analysis.
OBJECTIVES
Certificate:
At the end of the course, students will have a certification test to the international organization and
receive an EU certificate
Malware Analyst (350 hours)
AUDIENCE
• This course is for incident response team members seeking to expand their capabilities and
knowledge in the malware analysis field or becoming malware analysts
PREREQUISITES
DESCRIPTION
Over the past few years, the potential damage of cybercrime has become more apparent – billions of
dollars are lost yearly to cybercrimes.
Organisations worldwide are looking to cope with the constantly evolving threat by protecting their
Intellectual Properties, their customers and understanding the incident's scope in an already ongoing
incident.
The Malware Analyst course is designed to prepare students with real-world malware and techniques to
analyse them even if they use evasion techniques or operating system manipulation.
As part of the course, the students will learn two malware analysis types – static and dynamic. Both use
reverse engineering techniques in different ways.
OBJECTIVES
AUDIENCE
PREREQUISITES
DESCRIPTION
IT security became a critical issue with the evolution of the information age that increased the demand
for professional CISOs in organisations. CISO Training is best suited for:
• IT security-related practitioner
• Security Administrators
• Security Auditors
• Network Analysts
• Security Analysts/Architects
• Consultants
• Security Instructors
CISO, or Chief Information Security Officer, is the senior-level executive within an organisation
responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure
information assets and technologies are adequately protected. The CISO course does not focus solely on
technical knowledge but also on applying information security management principles from an
executive management perspective.
OBJECTIVES
• Describe an overview of the design, roles and function of server and user administration
AUDIENCE
PREREQUISITES
o penetration tester
o vulnerability researcher
o incident response
o digital forensics
o malware analyst
DESCRIPTION
Usually, team managers are experienced members promoted to the job after accomplishing knowledge
in security standards, privacy regulations and shown leadership skills.
In this course, the students will learn the essential guidelines, technical aspects and theoretical know-
how to certify them to become team managers.
OBJECTIVES
• Get familiar with cyber breaches, their business impact and costs
There will be a personal interview with each candidate, including a review of the motivation and their
genuine desire to study data science and entrepreneurship.
• Mathematics
• Logic
• English
Candidates who have failed the entry exam (minimum 70) will have the opportunity to prepare for new
entrance exams.
Candidates who have passed the entry exam should also meet the specific pre-requirements of the
desired course.
Annex B – Result: The Ideal Graduate
The cyber academy will give graduates the knowledge and skills required to increase their opportunities
and fulfil their integration in the labor force to achieve success and prosperity.
Our graduates will leave our academy with the following skillsets and values:
Life-skills
a. Set objectives
b. Be a leader
c. Understanding different points of view
d. Prospect various job offers and careers
Technical skills
a. Technical knowledge in tools, software platforms, applications
b. Product development
Mr Buki is the former head of the Israeli Ministry of Defence Cyber and Technology Authority and an Ex-
Officer at one of the IDF's elite technological units. In addition to Mr. Buki's vast experience in the
military and public sector, he is also an entrepreneur with over 30 years of experience leading large C5I
R&D teams.
Mr. Yossi S.
Mr. Yossi is a senior technologist, "white hat" hacker & security researcher and trainer. Since the early
1990s, Mr. Yossi has accumulated experience in practically every possible field of computing: IT
infrastructure, data communications and application development, of which ~12 years as a Technology
leader and Technical group manager at Microsoft.
His professional experience goes from Novell Netware networks through Windows Resource Kit Tools
Development for Windows Server to his appointment as Chief Technology Officer (CTO) of several
international companies.
Mr. Yaniv B.
Mr. Yaniv is a Cybersecurity expert, specializes in digital forensics and encryption, with valuable and
practical experience in the IDF. Today, Yaniv is working as an investigator for ransomware and
cryptographic malware.
Mrs. Etti B.
Mrs. Etti Masters in Law (LLM) with over 25 years of experience in Cyber-security in various positions. An
active and well-established consultant and lecturer in the fields of privacy and cyber technologies.
Mr. Gal Y.
Mr. Gal is an expert in information security and holds valuable experience developing courses and
training programs for penetration testing and SOC teams. Mr. Gal served in the IDF as a Cyber Defense
Officer in the navy's computer unit and in the military school for programming and cybersecurity.
Mr. Dror G.
Mr. Dror has more than 20 years of experience in IT and information security, including characterization,
planning and implementation of cyber solutions in large organizations in Israel, with emphasis on
various communications providers and execution of security projects in Israel and abroad. He also holds
experience in information security consulting, including organizational processes.
Graduate of a senior management track for information systems managers at the Technion, and a
Bachelor's degree in Mathematics and Computer Science from the University of Haifa.
Mr Yair R.
Mr. Yair is a technologist with extensive experience in project management and of development of
information systems. With a broad business vision and a systematic observation that combines IT and
the business world. He managed projects in Ceragon's information systems department and the
development department.
He specializes in developing, designing, and optimizing large and complex systems that process millions
of gigabytes of data.
Annex D - MSSP Portal Solution
Managed Security Service Providers (MSSPs) can benefit greatly from technologies that deliver high-
value, revenue-generating services. To that end, Avnon group's MSSP Portal enables Operators and
Service Providers to resell cybersecurity protection capabilities to their customers as managed services.
Avnon group's Portal for MSSPs is a turnkey, multi-tenant DDoS detection and mitigation service
delivery platform that provides reliable, flexible, and scalable cybersecurity protection. An add-on
component to Avnon group's industry-leading Attack Mitigation System, the Portal collects and
aggregates security attack measurements and events (including traffic utilisation, attack distribution,
and alerts), and displays them in real-time and historical reports.
If you are an MSSP looking for a service delivery platform for DDoS detection and mitigation to expand
your business, the MSSP Portal is the right solution for you.
Real-Time Dashboard
The portal dashboard displays real-time information at the account (tenant) level in a collection of
dynamic, predefined widgets that enable activation/deactivation of traffic diversion to the scrubbing
centre and displays the service status and statistics of accounts managed by an MSSP. It contains
information about all protected assets, their current state, real-time attacks and traffic information.
Each MSSP Portal user can customise and access three persistent dashboards, even after logging out and
logging back into the Portal. The dashboards retain their look and settings per user.
Widget Repository
The dashboard presents a set of widgets, where the user can personalise the display in manners of
location/size, how the data is rendered (chart type/units/scale) and which information they display
(depending on time filter/context/etc.).
The widgets have several predefined sizes, where each shows a different level of information (e.g.,
summary, distribution by category, tabular view, etc.). When changing the dashboard context and date
frame, the data on the widgets adjust accordingly. In addition, several widgets have attributes that can
override some of the global filters (e.g., selected account, time filter, etc.). Widgets can be displayed
depending on the logged-in user role. The following table describes the available widgets and access
level.
Displays the CPE and attack status per accounts Account, Service Provider,
Operational Overview sites Operator
Displays incoming and clean traffic utilization per Account, Service Provider,
Traffic Monitor CPE and SE Operator
Service Provider Displays a list of accounts and their CPE and attack
Operational Overview status, across the entire portal accounts Service Provider, Operator
Reports
The reporting section allows users to define and run ad hoc reports and schedule, export and email
them.
Report templates can be saved, loaded and executed to generate reports with new data. Users can
define complex reporting criteria using the report's criteria panes, enabling operators to automate
routine tasks. For example, users can automatically generate a monthly summary of DDoS protection
service usage per account and receive an email summary report.
The MSSP Portal provides the flexibility and ease-of-use required to deploy, manage and secure multi-
tenant accounts, secure networks from the inside out - from the enterprise core to the perimeter, and
remote sites.
The Portal Persona (user types) represents one or more user accounts that can be defined for each of
the following personas.
• Operator - owns and manages the Portal infrastructure with access to all tenants and
administration tasks
• Service Provider - an optional tier of users that can directly offer the Portal to end-customers
and manage one or more tenants
• Account - a tenant is representing a customer that uses the DDoS protection service. An account
contains a set of sites and assets, where:
• Site - a logical container for a collection of assets (such as geographically-based, customer SLA-
based, or service groups)
• Asset - an entity to be protected by the MSSP Portal (including networks, servers, subnets, or set
of subnets
The MSSP Portal supports virtual IT environments and is a fully integrated solution that encompasses
behavioural-based attack mitigation, DDoS attack detection and prevention, and centralised attack
management, monitoring and reporting.
• MSSP Portal is deployed in the Operator or Service Provider's data centre as a virtual appliance
supporting VMware or KVM hypervisors.
• DefensePro is a real-time, behavioural-based attack mitigation device that protects
infrastructure against network and application downtime, application vulnerability exploitation,
malware spread, network anomalies, information theft, and other emerging cyber-attacks.
• DefenseFlow is a network-wide DDoS attack detection and cyber command and control
application designed to protect networks against known and emerging network attacks that
threaten network resource availability.
• APSolute Vision is centralised attack management, monitoring and reporting solution across
multiple DefensePro and DefenseFlow devices and locations. It provides users with real-time
identification, prioritisation, and response to policy breaches, cyber-attacks and insider threats.
• An additional Cloud Scrubbing (e.g., Cloud DDoS Protection Service) can be used for Peak
Protection.