Apprentices progress at their own pace – they demonstrate
competency in skills and knowledge through assessment tests,
but are not required to complete a specific number of hours.
competency in skills and knowledge through assessment tests,
but are not required to complete a specific number of hours.
Cyber Security Support Technician
Anonymous
North Carolina (SAA)
Documents
View Redacted Document
Personal and employer info redacted
Individual state requirements may vary. Please contact your local apprenticeship office to ensure this version is suitable to your state’s requirements.
Work Process Content
On the Job Training
Anonymous
37
Skills
Security and It's Threats
1
Security and It's Threats
1
- Analyze attacks using malware: Viruses, Crypto-malware, Ransomware, Worm, Trojan, Rootkit, Keylogger, Adware, Spyware, Bots, RAT, Logic bomb, Backdoor
Threats, Attacks and Vulnerabilities
9
Threats, Attacks and Vulnerabilities
9
- Analyze types of attacks: SOCIAL ENGINEERING Phishing, Spear phishing, Whaling, Vishing, Tailgating, Impersonation, Dumpster diving, Shoulder surfing, Hoax, Watering hole attack.
- Analyze types of attacks: SOCIAL ENGINEERING Principles (reasons for effectiveness): Authority, Intimidation, Consensus, Scarcity, Familiarity, Trust, Urgency
- Analyze types of attacks: SOCIAL ENGINEERING - Application/service attacks DoS, DDoS, Man-In-The-Middle, Buffer overflow, Injection, Cross-site scripting, Cross-site request forgery, Privilege escalation, ARP poisoning, Amplification, DNS poisoning, Domain hijacking, Man-in-the-browser, Zero day, Pass the hash, Hijacking and related attacks ( Clickjacking, Session hijacking, URL hijacking, Typo squatting), Driver manipulation (Shimming, Refactoring), MAC spoofing
- Analyze types of attacks: SOCIAL ENGINEERING - Wireless Attacks Replay, IV, Evil twin, Rogue AP, Jamming, WPS, Bluejacking, Bluesnarfing, RFID, NFC, Disassociation
- Analyze types of attacks: SOCIAL ENGINEERING - Cryptographic attacks Birthday, Known plain text/cipher text, Rainbow tables, Dictionary, Brute force (Online vs offline), Collision, Downgrade, Replay, Weak implementations.
- Analyze threat actor types and attributes: Type of Actors ( Script kiddies, Hactivist, Organized crime, Nation states/APT, Insiders, Competitors), Attributes of Actors ( Internal/External, Level of sophistication, Resources/Funding, Intent/Motivation), Use of open-source intelligence.
- Explain penetration testing concepts: Active reconnaissance, Passive reconnaissance, Pivot, Initial exploitation, Persistence, Escalation of privilege, Black box, White box, Gray box, Pan testing vs. vulnerability scanning.
- Explain and demonstrate vulnerability scanning concepts: Passively test security controls, Identify vulnerability, Identify lack of security controls, Identify common misconfigurations, Intrusive vs. non-intrusive, credentialed vs. non-credentialed, false positive.
- Explain the impact associated with the types of vulnerabilities: Race conditions, Vulnerabilities due to (End-of-life systems, Embedded systems, Lack of vendor support), Improper input handling, Improper error handling, Misconfiguration/weak configuration, Default configuration, Resource exhaustion, Untrained users, Improperly configured accounts, Vulnerable business processes, Weak cipher suites and implementations, Memory/buffer vulnerability ( Memory leak, Integer overflow, Buffer overflow, Pointer dereference, DLL injection), System sprawl/undocumented assets, Architecture/design weaknesses, New threats/zero day, Improper certificate and key management
Technologies and Tools
6
Technologies and Tools
6
- Install and configure network components, both hardware- and software- based, to support organizational security. Firewall (ACL, Application-based vs. network-based, Stateful vs. stateless, Implicit deny), VPN Concentrator( Remote access vs. site-to-site, IPSec[Tunnel mode, Transport mode, AH, Tunnel mode, ESP], Split tunnel vs. full tunnel, TLS, Always-on VPN), NIPS/NIDS (Signature-Based, Heuristic/Behavioral, Anomaly, Inline vs. passive, In-band vs out-of-band, Rules, Analytics[False positive, False negative]), Router( ACLs, Antispoofing), Switch (Port security, Layer 2 vs. Layer 3, Loop prevention, Flood guard), Proxy ( Forward and reverse proxy, Transparent, Application/multipurpose, Load balancer, Scheduling [Affinity, Round-robin], Active-passive, Active-active, Virtual IPs), Access Point ( SSID, MAC filtering, Signal strength, Band selection/width, Antenna types and placement, Fat vs. thin, Controller-based vs. standalone), SIEM (Aggregation, Correlation, automated alerting and triggers, Time Synchronization), Event deduplication (Logs/WORM), DLP (USB blocking, Cloud-based, Email), NAC (Dissolvable vs. permanent, Host health checks, Agents vs. agentless), Mail gateway (Spam filter, DLP, Encryption), Bridge, SSL/TLS accelerators, SSL decryptors, Media Gateway, Hardware security module.
- Utilize the appropriate software tools to assess the security posture of an organization: Protocol, Network scanners, Rogue system detection, Network mapping, Wireless scanners/cracker, Password cracker, Vulnerability scanner, Configuration compliance scanner, Exploitation frameworks, Data sanitation tools, Steganography tools, Honeypot, Backup utilities, Banner grabbing, Passive vs. active Command line tools (ping, netstat, tracert, nslookup/dig, arp, ipconfig/ip/ifconfig, tcpdump, nmap, netcat).
- Troubleshoot common security issues: Unencrypted credentials/clear text, Logs and events anomalies, Permission issues, Access violations, Certificate issues, Data exfiltration, Misconfigured devices (Firewall, Content filter, Access points), Weak security configurations, Personnel issues (Policy violation, Insider threat, Social engineering, Social media, Personal email), Unauthorized software, Baseline deviation, License compliance violation[availability/integrity], Asset management, Authentication issues.
- Analyze and interpret output from security technologies: HIDS/HIPS, Antivirus, File integrity check, Host-based firewall, Application whitelisting, Removable media control, Advanced malware tools, Parch management tools, UTM, DLP, Data execution prevention, Web application firewall.
- Deploy Mobile Devices Securely: Connection methods (Cellular, WiFi, SATCOM, Bluetooth, NFC, ANT, Infrared, USB), Mobile device managements concept ( Application management, Content management, Remote wipe, Geofencing, Geolocation, Screen locks, Push notification services, Passwords and pins, Biometrics, Context-aware authentication, Containerization, Storage segmentation, Full device encryption), Enforcement and monitoring for (Third-party app stores, Rooting/jailbreaking, Sideloading, Custom firmware, Carrier unlocking, Firmware OTA updates, Camera use, SMS/MMS, External media, USB OTG, Recording microphone, GPS tagging, WiFi direct/ad hock, Tethering, Payment methods), Deployment models (BYOD, COPE, CYOD, Corporate - owned, VDI)
- Implement secure protocols: Protocols ( DNSSEC, SSH, S/MIME, SRTP, LDAPS, FTPS, SFTP, SNMPv3, SSL/TLS, HTTPS, Secure POP/IMAP(Use cases), Voice and video, Time synchronization, Email and web, File transfer, Directory services, Remote access, Domain name resolution, Routing and switching.
Architecture and Design
9
Architecture and Design
9
- Implement secure network architecture concepts: Zones/topologies, DMZ, Extranet, Intranet, Wireless, Guest Honeynets, NAT, Ad hoc, Segregation/segmentation/isolation, Physical, Logical (VLAN), Virtualization, Air gaps, Tunneling/VPN (Site-to-site, Remote access), Security device/technology placement (Sensors, Collectors, Correlation engines, Filters, Proxies, Firewalls, VPN concentrators, SSL accelerators, Load balancers, DDoS mitigator, Aggregation switches, Taps and port mirror, SDN.
- Identify cases and purpose for frameworks, best practices and secure configuration guides: Industry-standard frameworks and reference architectures ( Regulatory, Non-regulatory, National vs. international, Industry-specific frameworks), Benchmarks/secure configuration guides( Platform/vendor-specific guides [Web server, Operating system, Application server, Network infrastructure devices], General purpose guides), Defense-in-depth/layered security(Vendor diversity, Control diversity [Administrative, Technical]) User training.
- Implement Secure Systems Design: Hardware/firmware security (FDE/SED, TPM, HSM, UEFI/BIOS, Secure boot and attestation, Supply chain, Hardware root of trust, EMI/EMP), Operating systems (Types: Network, Server, Workstation, Appliance, Kiosk, Mobile OS), Patch management, Disabling unnecessary ports and services, Least functionality, Secure configurations, Trusted operating system, Application whitelisting/blacklisting, Disable default accounts/passwords, Peripherals( Wireless keyboards, Wireless mice, Displays, WiFi-enabled MicroSD cards, Printers/MFDs, External storage devices, Digital cameras)
- Explain the importance of secure staging deployment concepts. (Sandboxing, Environment (Development, Test, Staging, Production), Secure baseline, Integrity measurement.
- Explain the security implications of embedded systems. SCADA/ICS, Smart devices/IoT (Wearable technology, Home automation), HVAC, SoC, RTOS, Printers/MFDs, Camera systems, Special purpose( Medical devices, Vehicles, Aircraft/UAV)
- Summarize secure application development and deployment concepts. Development life-cycle models (Waterfall vs. Agile), Secure DevOps (Security automation, Continuous integration, Baselining, Immutable systems, Infrastructure as code), Version control and change management, Provisioning and deprovisioning, Secure coding techniques (Proper error handling, Proper input validation, Normalization, Stored procedures, Code signing, Encryption, Obfuscation/camouflage, Code reuse/dead code, Server-side vs. client-side execution and validation, Memory management, Use of third-party libraries and SDKs, Data exposure), Code quality and testing (Static code analyzers, Dynamic analysis (e.g., fuzzing), Stress testing, Sandboxing, Model verification), Compiled vs. runtime code
- Analyze cloud and virtualization concepts. Hypervisor (Type I, Type II, Application cells/containers, VM sprawl avoidance), VM escape protection, Cloud storage, Cloud deployment models(SaaS, PaaS, IaaS, Private, Public, Hybrid, Community), On-premise vs. hosted vs. cloud, VDI/VDE, Cloud access security broker, Security as a Service.
- Explain how resiliency and automation strategies reduce risk. Automation/scripting (Automated courses of action, Continuous monitoring, Configuration validation), Templates, Master image, Non-persistence (Snapshots, Revert to known state, Rollback to known configuration, Live boot media ), Elasticity, Scalability, Distributive allocation, Redundancy, Fault tolerance, High availability, RAID.
- Explain the importance of physical security controls. Lighting, Signs, Fencing/gate/cage, Security guards, Alarms, Safe, Secure cabinets/enclosures, Protected distribution/Protected cabling, Airgap, Mantrap, Faraday cage, Lock types, Biometrics, Barricades/bollards, Tokens/cards, Environmental controls (HVAC, Hot and cold aisles, Fire suppression), Cable locks, Screen filters, Cameras, Motion detection, Logs, Infrared detection, Key management.
Risk Management
8
Risk Management
8
- Explain the importance of policies, plans, and procedures related to organizational security. Standard operating procedure, Agreement types ( BPA, SLA, ISA, MOU/MOA), Personnel managements ( Mandatory vacations, Job rotation, Separation of duties, Clean desk, Background checks, Exit interviews, Role-based awareness training) , Data owner (System administrator, System owner, User, Privileged user, Executive user), NDA, Onboarding, Continuing education, Acceptable use policy/rules of behavior, Adverse actions, General security policies( Social media networks/applications, Personal email).
- Summarize business impact analysis concepts. RTO/RPO: MTBF, MTTR, Mission-essential functions, Identification of critical systems, Single point of failure, Impact (Life, Property, Safety, Finance, Reputation), Privacy impact assessment, Privacy threshold assessment.
- Explain risk management processes and concepts. Threat assessment (Environmental, Manmade, Internal vs. external), Risk assessment(SLE, ALE, ARO, Asset value, Risk register, Likelihood of occurrence, Supply chain assessment, Impact, Quantitative, Qualitative, Testing( Penetration testing authorization, Vulnerability testing authorization), Risk response techniques (Accept, Transfer, Avoid, Mitigate, Change management).
- Follow incident response procedures. Incident response plan (Documented incident types/category definitions, Roles and responsibilities, Reporting requirements/escalation, Cyberincident response teams, Exercise), Incident response process (Preparation, Identification, Containment, Eradication, Recovery, Lessons learned).
- Utilize the basic concepts of forensics. Order of volatility, Chain of custody, Legal hold, Data acquisition (Capture system image, Network traffic and logs, Capture video, Record time offset, take hashes, Screenshots), Preservation, Recovery, Strategic intelligence/counterintelligence gathering, Active logging, Track man-hours.
- Demonstrate disaster recovery and continuity of operation concepts. Recovery sites( Hot site, Warm site, Cold site), Order of restoration, Backup concepts (Differential, Incremental, Snapshots, Full), Geographic considerations (Off-site backups, Distance, Location selection, Legal implications, Data sovereignty), Continuity of operation planning (Exercises/tabletop, After-action reports, Failover, Alternate processing sites, Alternate business practices)
- Compare and Contrast various types of controls. Deterrent, Preventive, Detective, Corrective, Compensating, Technical, Administrative, and Physical.
- Carry out data security and privacy practices. Data destruction and media sanitization (Burning, Shredding, Pulping, Pulverizing, Degaussing, Purging, Wiping), Data sensitivity labeling and handling (Confidential, Private, Public, Proprietary, PII, PHI), Data roles (Owner, Steward/custodian, Privacy officer), Data retention, Legal and compliance.
Cryptography and PKI
4
Cryptography and PKI
4
- Know the basic concepts of cryptography. Symmetric algorithms, Modes of operation, Asymmetric algorithms, Hashing, , Salt, IV, nonce, Elliptic curve, Weak/deprecated algorithms, Key exchange, Digital signatures, Diffusion, Confusion, Collision, Steganography, Obfuscation, Stream vs. block, Key strength, Session keys, Ephemeral key, Secret algorithm, Data-in-transit, Data-at-rest, Data-in-use, Random/pseudo-random number generation, Key stretching ( Implementation vs. algorithm selection, Crypto service provider, Crypto modules), Perfect forward secrecy, Security through obscurity, Common use cases (Low power devices, Low latency, High resiliency, Supporting confidentiality, Supporting integrity, Supporting obfuscation, Supporting authentication, Supporting non-repudiation, Resource vs. security constraint).
- Explain cryptography algorithms and their basic characteristics. Symmetric algorithms (AES, DES, 3DES, RC4, Blowfish/ Twofish, Cipher modes, CBC, GCM, ECB, CTM, Stream vs. block), Asymmetric algorithms (RSA, DSA, Diffie-Hellman [Groups, DHE, ECDHE], Elliptic curve, PGP/GP), Hashing algorithms (MD5, SHA, HMAC, RIPEMD), Key stretching algorithms ( BCRYPT, PBKDF2), Obfuscation(XOR, ROT13, Substitution ciphers)
- Install and configure wireless security settings Cryptographic protocols (WPA, WPA2, CCMP, TKIP), Authentication protocols (EAP, PEAP, EAPFAST, EAP-TLS, EAP-TTLS, IEEE 802.1x, RADIUS Federation, PSK vs. Enterprise vs. Open, WPS, Captive portals)
- Implement public key infrastructure. Components (CA, Intermediate CA, CRL, OCSP, CSR, Certificate, Public key, Private key, Object identifiers (OID)), Concepts, Online vs. offline CA, Stapling, Pinning, Trust model, Key escrow, Certificate chaining), Types of certificates (Wildcard, SAN, Code signing, Self-signed, Machine/computer, Email, User, Root, Domain validation, Extended validation), Certificate formats (DER, PEM, PFX, CER, P12, P7B).
Related Instruction Content
Training Provider(s):
Be Prepared America
Security and Information Technology Threats
Security and Information Technology Threats
Threats, Attacks and Vulnerabilities
Threats, Attacks and Vulnerabilities
T echnologies and Tools
T echnologies and Tools
Architecture and Design
Architecture and Design
Risk Management
Risk Management
Cryptography and P KI
Cryptography and P KI
Similar Programs
Cyber Security Support Technician
Competency
•
15-1122.00
Cyber Security Support Technician
Competency
•
15-1212.00
Cyber Security Technician
Competency
•
15-1212.00
Cyber Security Support Analyst
Competency
•
15-1212.00
Cyber Security Support Technician (2050CBV1) Competency-Based
Competency
•
15-1212.00