fbpx

Training with Iverson classes

Training is not a commodity – all training centres are not the same. Iverson Associates Sdn Bhd is the most established, the most reputable, and the top professional IT training provider in Malaysia. With a large pool of experienced and certified trainers, state-of-the-art facilities, and well-designed courseware, Iverson offers superior training, a more impactful learning experience and highly effective results.

At Iverson, our focus is on providing high-quality IT training to corporate customers, meeting their learning needs and helping them to achieve their training objectives. Iverson has the flexibility to provide training solutions whether for a single individual or the largest corporation in a well-paced or accelerated training programme.

Our courses continue to evolve along with the fast-changing technological advances. Our instructor-led training services are available on a public and a private (in-company) basis. Some of our courses are also available as online, on demand, and hybrid training.

This course is the most comprehensive review of cloud security concepts and industry best practices covering the six domains of the (ISC)2 Common Body of Knowledge (CBK®). You will gain knowledge in identifying the types of controls necessary to administer various levels of confidentiality, integrity, and availability, with regard to securing data in the cloud. You will identify the virtual and physical components of the cloud infrastructure with regard to risk management analysis, including tools and techniques necessary for maintaining a secure cloud infrastructure. You will gain an understanding in cloud software assurance and validation, utilizing secure software, and the controls necessary for developing secure cloud environments. You will identify privacy issues and audit processes utilized within a cloud environment, including auditing controls, assurance issues, and specific reporting attributes.

CCSP Domains

  • Cloud Concepts, Architecture and Design
  • Cloud Data Security
  • Cloud Platform and Infrastructure Security
  • Cloud Application Security
  • Cloud Security Operations
  • Legal, Risk and Compliance

Additional Info

  • Certification Course & Certificate
  • Course Code CCSP
  • Price RM7500
  • Exam Price Include
  • Duration 4 Days
  • CertificationInfo Certified Cloud Security Professional
  • Principals EC-Council
  • Schedule

    17,19-21 Jan 2022

    28-31 Mar 2022

    13-16 Jun 2022

  • Audience

    This training is intended for professionals who have at least five years of full-time IT experience, including three years in information security and at least one year in cloud security, and are pursuing CCSP certification to enhance credibility and career mobility. The seminar is ideal for those working in positions such as, but not limited to:

    • Security Manager   
    • Systems Architect  
    • Systems Engineer   
    • Security Architect   
    • Security Consultant
    • Security Engineer
    • Enterprise Architect
    • Security Administrator
  • Prerequisities

    Experienced information security professionals with at least five years of IT experience, including three years of information security and at least one year of cloud security experience.

    · CISSP Certification Prep Course

  • At Course Completion

    After completing this course, you will be able to:

    1.  Understand legal frameworks and guidelines that affect cloud services.
    2.  Recognize the fundamentals of data privacy regulatory/legislative mandates.
    3.  Assess risks, vulnerability, threats, and attacks in the cloud environment.
    4.  Evaluate the design and plan for cloud infrastructure security controls.
    5.  Evaluate what is necessary to manage security operations.
    6.  Understand what operational controls and standards to implement.
    7.  Describe the types of cloud deployment models in the types of “as a service” cloud models currently available today.
    8.  Identify key terminology, and associated definitions related to cloud technology.
    9.  Establish a common terminology for use within your team or workgroup.
    10. Build a business case for cloud adoption and determine business units that benefit from cloud migration strategies.

  • Module 1 Title Architecture Concepts and Design Requirement
  • Module 1 Content
    • Cloud Computing Concepts
    • Cloud Reference Architecture
    • Security Concepts Relevant to Cloud Computing
    • Design Principles of Secure Cloud Computing
    • Trusted Cloud Services
  • Module 2 Title Cloud Data Security
  • Module 2 Content
    • Cloud Data Lifecycle
    • Design and Implement Cloud Data Storage Architectures
    • Design and Apply Data Security Strategies
    • Implement Data Discovery and Classification Technologies
    • Design and Implement Data Rights Management
    • Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PIN)
    • Plan and Implement Data Retention, Deletion, and Archiving Policies
    • Design and Implement Auditability, Traceability, and Accountability of Data Events
  • Module 3 Title Cloud Platform and Infrastructure Security
  • Module 3 Content
    • Cloud Infrastructure Components
    • Risks Associated to Cloud Infrastructure
    • Design and Plan Security Controls
    • Plan Disaster Recovery and Business Continuity Management
  • Module 4 Title Cloud Application Security
  • Module 4 Content
    • Need for Training and Awareness in Application Security
    • Cloud Software Assurance and Validation
    • Use Verified Secure Software
    • Software Development Life-Cycle (SDLC) Process
    • Apply the Software Development Life-Cycle
    • Specifics of Cloud Application Architecture
    • Design Appropriate Identity and Access Management (IAM) Solution
  • Module 5 Title Operations
  • Module 5 Content
    • Support the Planning Process for the Data Center Design
    • Implement and Build Physical Infrastructure for Cloud Environment
    • Run Physical Infrastructure for Cloud Environment
    • Manage Physical Infrastructure for Cloud Environment
    • Build Logical Infrastructure for Cloud Environment
    • Run Logical Infrastructure for Cloud Environment
    • Manage Logical Infrastructure for Cloud Environment
    • Ensure Compliance with Regulations and Controls (ITIL, ISO/IEC 20000-I)
    • Conduct Risk Assessment to Logical and Physical Infrastructure
    • Collection, Acquisition, and Preservation of Digital Evidence
    • Manage Communication with Relevant Parties
  • Module 6 Title Legal and Compliance
  • Module 6 Content
    • Legal Requirements and Unique Risks within the Cloud Environment
    • Privacy Issues, Including Jurisdictional Variation
    • Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
    • Implications of Cloud to Enterprise Risk Management
    • Outsourcing and Cloud Contract Design
    • Execute Vendor Management
RM7,500.00(+RM450.00 Tax)
* Training Dates:

Certified Threat Intelligence Analyst (C|TIA) is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive, specialist-level program that teaches a structured approach for building effective threat intelligence.

 

In the ever-changing threat landscape, C|TIA is an essential program for those who deal with cyber threats on a daily basis. Organizations today demand a professional-level cybersecurity threat intelligence analyst who can extract the intelligence from data by implementing various advanced strategies. Such professional-level programs can only be achieved when the core of the curricula maps with and is compliant to government and industry published threat intelligence frameworks.

 

C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning the threat intelligence project to building a report to disseminating threat intelligence. These concepts are highly essential while building effective threat intelligence and, when used properly, can secure organizations from future threats or attacks. This program addresses all the stages involved in the Threat Intelligence Life Cycle. This attention to a realistic and futuristic approach makes C|TIA one of the most comprehensive threat intelligence certifications on the market today. This program provides the solid, professional knowledge that is required for a career in threat intelligence, and enhances your skills as a Threat Intelligence Analyst, increasing your employability. It is desired by most cybersecurity engineers, analysts, and professions from around the world and is respected by hiring authorities.

The Purpose of C|TIA is: 

  • To enable individuals and organizations with the ability to prepare and run a threat intelligence program that allows ‘evidence-based knowledge’ and provides ‘actionable advice’ about ‘existing and unknown threats’.
  • To ensure that organizations have predictive capabilities rather than just proactive measures beyond active defense mechanism.
  • To empower information security professionals with the skills to develop a professional, systematic, and repeatable real-life threat intelligence program.
  • To differentiate threat intelligence professionals from other information security professionals

For individuals: To provide an invaluable ability of structured threat intelligence to enhance skills and boost their employability.

Additional Info

  • Certification Course & Certificate
  • Course Code CTIA
  • Price 4982
  • Exam Price Include
  • Exam Code 312-85
  • Duration 3 Days
  • Principals EC-Council
  • Schedule

    Available Upon Request

  • Audience
    • Ethical Hackers
    • Security Practitioners, Engineers, Analysts, Specialist, Architects, and Managers
    • Threat Intelligence Analysts, Associates, Researchers, Consultants
    • Threat Hunters
    • SOC Professionals
    • Digital Forensic and Malware Analysts
    • Incident Response Team Members
    • Any mid-level to high-level cybersecurity professionals with a minimum of 2 years of experience.
    • Individuals from the information security profession and who want to enrich their skills and knowledge in the field of cyber threat intelligence.
    • Individuals interested in preventing cyber threats.
  • Module 1 Title Introduction to Threat Intelligence
  • Module 1 Content
    • Understanding Intelligence
    • Understanding Cyber Threat Intelligence
    • Overview of Threat Intelligence Lifecycle and Frameworks
  • Module 2 Title Cyber Threats and Kill Chain Methodology
  • Module 2 Content
    • Understanding Cyber Threats
    • Understanding Advanced Persistent Threats (APTs)
    • Understanding Cyber Kill Chain
    • Understanding Indicators of Compromise (IoCs)
  • Module 3 Title Requirements, Planning, Direction, and Review
  • Module 3 Content
    • Understanding Organization’s Current Threat Landscape
    • Understanding Requirements Analysis
    • Planning Threat Intelligence Program
    • Establishing Management Support
    • Building a Threat Intelligence Team
    • Overview of Threat Intelligence Sharing
    • Reviewing Threat Intelligence Program
  • Module 4 Title Data Collection and Processing
  • Module 4 Content
    • Overview of Threat Intelligence Data Collection Overview of Threat Intelligence Collection Management
    • Overview of Threat Intelligence Feeds and Sources
    • Understanding Threat Intelligence Data Collection and Acquisition
    • Understanding Bulk Data Collection
    • Understanding Data Processing and Exploitation
  • Module 5 Title Data Analysis
  • Module 5 Content
    • Overview of Data Analysis
    • Understanding Data Analysis Techniques
    • Overview of Threat Analysis
    • Understanding Threat Analysis Process
    • Overview of Fine-Tuning Threat Analysis
    • Understanding Threat Intelligence Evaluation
    • Creating Runbooks and Knowledge Base
    • Overview of Threat Intelligence Tools
  • Module 6 Title Intelligence Reporting and Dissemination
  • Module 6 Content
    • Overview of Threat Intelligence Reports
    • Introduction to Dissemination
    • Participating in Sharing Relationships
    • Overview of Sharing Threat Intelligence
    • Overview of Delivery Mechanisms
    • Understanding Threat Intelligence Sharing Platforms
    • Overview of Intelligence Sharing Acts and Regulations
    • Overview of Threat Intelligence Integration
RM4,700.00(+RM282.00 Tax)

The EC-Council Certified Encryption Specialist (ECES) program introduces professionals and students to the field of cryptography. The participants will learn the foundations of modern symmetric and key cryptography including the details of algorithms such as Feistel Networks, DES, and AES. Other topics introduced:

  • Overview of other algorithms such as Blowfish, Twofish, and Skipjack
  • Hashing algorithms include MD5, MD6, SHA, Gost, RIPMD 256 and others.
  • Asymmetric cryptography includes thorough descriptions of RSA, Elgamal, Elliptic Curve, and DSA.
  • Significant concepts such as diffusion, confusion, and Kerkchoff’s principle.

Participants will also be provided a practical application of the following:

  • How to set up a VPN
  • Encrypt a drive
  • Hands-on experience with steganography
  • Hands on experience in cryptographic algorithms ranging from classic ciphers like Caesar cipher to modern day algorithms such as AES and RSA.

Additional Info

  • Certification Course & Certificate
  • Course Code ECES
  • Price 4700
  • Exam Price Include
  • Exam Code 212-81
  • Duration 3 days
  • Principals EC-Council
  • Schedule

    7-9 Feb 2022

    14-16 Jun 2022

    7-9 Sep 2022

    13-15 Dec 2022

  • Audience

    Anyone involved in the selection and implementation of VPN’s or digital certificates should attend this course. Without understanding the cryptography at some depth, people are limited to following marketing hype. Understanding the actual cryptography allows you to know which one to select. A person successfully completing this course will be able to select the encryption standard that is most beneficial to their organization and understand how to effectively deploy that technology.

     

    This course is excellent for ethical hackers and penetration testing professionals as most penetration testing courses skip cryptanalysis completely. Many penetration testing professionals testing usually don’t attempt to crack cryptography.

  • Prerequisities

    A basic knowledge of cryptanalysis is very beneficial to any penetration testing.

  • At Course Completion
    • Types of Encryption Standards and their differences
    • How to select the best standard for your organization
    • How to enhance your pen-testing knowledge in encryption
    • Correct and incorrect deployment of encryption technologies
    • Common mistakes made in implementing encryption technologies
    • Best practices when implementing encryption technologies
  • Module 1 Title Introduction and History of Cryptography
  • Module 1 Content
    • What is Cryptography?
    • History of Cryptography
    • Mono-Alphabet Substitution
      • Caesar Cipher
      • Atbash Cipher
      • Affine Cipher
      • ROT13 Cipher
      • Scytale
      • Single Substitution Weaknesses
    • Multi-Alphabet Substitution
      • Cipher Disk
      • Vigenère Cipher
        • Vigenère Cipher: Example
        • Breaking the Vigenère Cipher
      • Playfair Cipher
      • ADFGVX Cipher
    • Homophonic Substitution
    • Null Ciphers
    • Book Ciphers
    • Rail Fence Ciphers
    • The Enigma Machine
    • CrypTool
  • Module 2 Title Symmetric Cryptography & Hashes
  • Module 2 Content
    • Symmetric Cryptography
    • Information Theory
      • Information Theory Cryptography Concepts
    • Kerckhoffs’s Principle
    • Substitution
    • Transposition
    • Binary Math
      • Binary AND
      • Binary OR
      • Binary XOR
    • Block Cipher vs. Stream Cipher
    • Symmetric Block Cipher Algorithms
      • Basic Facts of the Feistel Function
        • The Feistel Function
        • Unbalanced Feistel Cipher
      • Data Encryption Standard (DES)
      • 3DES
        • DESx
        • Whitening
      • Advanced Encryption Standard (AES)
        • AES General Overview
        • AES Specifics
      • Blowfish
      • Serpent
      • Twofish
      • Skipjack
      • International Data Encryption Algorithm (IDEA)
      • CAST
      • Tiny Encryption Algorithm (TEA)
      • SHARK
      • Symmetric Algorithm Methods
        • Electronic Codebook (ECB)
        • Cipher-Block Chaining (CBC)
        • Propagating Cipher-Block Chaining (PCBC)
        • Cipher Feedback (CFB)
        • Output Feedback (OFB)
        • Counter (CTR)
        • Initialization Vector (IV)
      • Symmetric Stream Ciphers
        • Example of Symmetric Stream Ciphers: RC4
        • Example of Symmetric Stream Ciphers: FISH
        • Example of Symmetric Stream Ciphers: PIKE
      • Hash Function
        • Hash – Salt
        • MD5
          • The MD5 Algorithm
        • MD6
        • Secure Hash Algorithm (SHA)
        • FORK-256
        • RIPEMD-160
        • GOST
        • Tiger
        • MAC and HMAC
      • CryptoBench
  • Module 3 Title Number Theory and Asymmetric Cryptography
  • Module 3 Content
    • Asymmetric Encryption
    • Basic Number Facts
      • Prime Numbers
      • Co-Prime Numbers
      • Euler’s Totient
      • Modulus Operator
      • Fibonacci Numbers
    • Birthday Theorem
      • Birthday Paradox
        • Birthday Paradox: Probability
      • Birthday Attack
    • Random Number Generator
      • Classification of Random Number Generator
      • Traits of a Good PRNG
      • Naor-Reingold and Mersenne Twister Pseudorandom Function
      • Linear Congruential Generator
      • Lehmer Random Number Generator
      • Lagged Fibonacci Generator (LFG)
      • Blum Blum Shub
      • Yarrow
      • Fortuna
    • Diffie-Hellman
    • Rivest Shamir Adleman (RSA)
      • RSA – How it Works
      • RSA Example
    • Menezes–Qu–Vanstone
    • Digital Signature Algorithm
      • Signing with DSA
    • Elliptic Curve
      • Elliptic Curve Variations
    • Elgamal
    • CrypTool
  • Module 4 Title Applications of Cryptography
  • Module 4 Content
    • FIPS Standards
    • Digital Signatures
    • What is a Digital Certificate?
      • Digital Certificates
        • X.509
        • X.509 Certificates
        • X.509 Certificate Content
        • X.509 Certificate File Extensions
    • Certificate Authority (CA)
      • Certificate Authority – Verisign
      • Registration Authority (RA)
      • Public Key Infrastructure (PKI)
      • Digital Certificate Terminology
      • Server-based Certificate Validation Protocol
      • Digital Certificate Management
      • Trust Models
      • Certificates and Web Servers
      • Microsoft Certificate Services
      • Windows Certificates: certmgr.msc
      • Authentication
        • Password Authentication Protocol (PAP)
        • Shiva Password Authentication Protocol (S-PAP)
        • Challenge-Handshake Authentication Protocol (CHAP)
        • Kerberos
          • Components of Kerberos System
          • Kerberos Authentication Process
    • Pretty Good Privacy (PGP)
      • PGP Certificates
    • Wi-Fi Encryption
      • Wired Equivalent Privacy (WEP)
      • WPA – Wi-Fi Protected Access
      • WPA2
    • SSL
    • TLS
    • Virtual Private Network (VPN)
      • Point-to-Point Tunneling Protocol (PPTP)
        • PPTP VPN
      • Layer 2 Tunneling Protocol VPN
      • Internet Protocol Security VPN
      • SSL/TLS VPN
    • Encrypting Files
      • Backing up the EFS key
      • Restoring the EFS Key
    • BitLocker
      • BitLocker: Screenshot
    • Disk Encryption Software: VeraCrypt
    • Common Cryptography Mistakes
    • Steganography
      • Steganography Terms
      • Historical Steganography
      • Steganography Details
      • Other Forms of Steganography
      • How to Embed?
      • Steganographic File Systems
      • Steganography Implementations
      • Demonstration
    • Steganalysis
      • Steganalysis – Raw Quick Pair
      • Steganalysis – Chi-Square Analysis
      • Steganalysis – Audio Steganalysis
    • Steganography Detection Tools
    • National Security Agency and Cryptography
      • NSA Suite A Encryption Algorithms
      • NSA Suite B Encryption Algorithms
      • National Security Agency: Type 1 Algorithms
      • National Security Agency: Type 2 Algorithms
      • National Security Agency: Type 3 Algorithms
      • National Security Agency: Type 4 Algorithms
    • Unbreakable Encryption
  • Module 5 Title Cryptanalysis
  • Module 5 Content
    • Breaking Ciphers
    • Cryptanalysis
    • Frequency Analysis
    • Kasiski
    • Cracking Modern Cryptography
      • Cracking Modern Cryptography: Chosen Plaintext Attack
      • Cracking Modern Cryptography: Ciphertext-only and Related-key Attack
    • Linear Cryptanalysis
    • Differential Cryptanalysis
    • Integral Cryptanalysis
    • Cryptanalysis Resources
    • Cryptanalysis Success
    • Rainbow Tables
    • Password Cracking
    • Tools
RM4,700.00(+RM282.00 Tax)

EC-Council’s Certified Cloud Security Engineer (C|CSE) course is curated by cloud security professionals in association with renowned subject matter experts to deliver a mix of vendor-neutral and vendor-specific cloud security concepts. The vendor-neutral concepts focus on cloud security practices, technologies, frameworks, and principles. In contrast, the vendor-specific materials deliver the practical skills that are needed to configure specific platforms, such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). This offers candidates a well-balanced mix of theoretical and practical skills. In addition, advanced topics also cover modules on securing the cloud infrastructure by implementing regulations and standards to maintain security. EC-Council’s cloud security course is mapped to the real-time job roles and responsibilities of cloud security professionals and is ideal for beginners as well as experienced cybersecurity professionals.

Additional Info

  • Certification Course & Certificate
  • Course Code CCSE
  • Price 5000
  • Exam Price Include
  • Exam Code 312-40
  • Duration 5 days
  • Principals EC-Council
  • Schedule

    Available Upon Request

  • Audience
    • Network security engineers
    • Cybersecurity analysts
    • Network security analysts
    • Cloud administrators and engineers
    • Network security administrators
    • Cloud analysts
    • Cybersecurity engineers
    • Those working in network and cloud management and operations
  • Prerequisities
    • Have working knowledge in network security management
    • Basic understanding of cloud computing concepts
    • You will need an account (preferably, a new free tier account) on AWS, Azure, and GCP cloud services to perform labs
  • At Course Completion

    Organizations need cloud security engineers to help them build a secure cloud infrastructure, monitor vulnerabilities and implement incidence response plans to mitigate cloud-based threats. C|CSE, with its unique blend of vendor-neutral and vendor-specific concepts, trains candidates in the fundamentals while equipping them with job-ready practical skills. With C|CSE, candidates learn:

    • The fundamentals of cloud security in a vendor-neutral environment
    • How to use tools and techniques to configure public cloud providers such as AWS, Azure, and GCP
    • How to design and maintain a secure cloud environment
    • The knowledge and skills to protect, detect and respond to cloud network infrastructure threats
    • How to design and implement business continuity and disaster recovery plans
    • How to perform a cloud security audit and penetration testing
  • Module 1 Title Introduction to Cloud Security
  • Module 1 Content

    In this module, you will be presented with the core concepts of cloud computing, cloud service models, and cloud-based threats and vulnerabilities. The module highlights service provider components, such as evaluation and the shared security responsibility model, that are essential to confi­guring a secure cloud environment and protecting organizational resources.

  • Module 2 Title Platform and Infrastructure Security in the Cloud
  • Module 2 Content

    This module explores the key components and technologies that form a cloud architecture and how to secure multi-tenant, virtualized, physical, and logical cloud components. This module demonstrates confi­gurations and best practices for securing physical data centers and cloud infrastructures using the tools and techniques provided by Azure, AWS, and GCP.

  • Module 3 Title Application Security in the Cloud
  • Module 3 Content

    The focus of this module is securing cloud applications and explaining secure software development lifecycle changes. It explains the multiple services and tools for application security in Azure, AWS, and GCP.

  • Module 4 Title Data Security in the Cloud
  • Module 4 Content

    This module covers the basics of cloud data storage, its lifecycle, and various controls for protecting data at rest and data in transit in the cloud. It also addresses data storage features and the multiple services and tools used for securing data stored in Azure, AWS, and GCP.

  • Module 5 Title Operation Security in the Cloud
  • Module 5 Content

    This module encompasses the security controls essential to building, implementing, operating, managing, and maintaining physical and logical infrastructures for cloud environments and the required services, features, and tools for operational security provided by AWS, Azure, and GCP.

  • Module 6 Title Penetration Testing in the Cloud
  • Module 6 Content

    This module demonstrates how to implement comprehensive penetration testing to assess the security of an organization's cloud infrastructure and reviews the required services and tools used to perform penetration testing in AWS, Azure, and GCP.

  • Module 7 Title Incident Detection and Response in the Cloud
  • Module 7 Content

    This module focuses on incident response (IR). It covers the IR lifecycle and the tools and techniques used to identify and respond to incidents; provides training on using SOAR technologies; and explores the IR capabilities provided by AWS, Azure, and GCP.

  • Module 8 Title Forensics Investigation in the Cloud
  • Module 8 Content

    This module covers the forensic investigation process in cloud computing, including various cloud forensic challenges and data collection methods. It also explains how to investigate security incidents using AWS, Azure, and GCP tools.

  • Module 9 Title Business Continuity and Disaster Recovery in the Cloud
  • Module 9 Content

    This module highlights the importance of business continuity and disaster recovery planning in IR. It covers the backup and recovery tools, services, and features provided by AWS, Azure, and GCP to monitor business continuity issues.

  • Module 10 Title Governance, Risk Management, and Compliance in the Cloud
  • Module 10 Content

    This module focuses on the various governance frameworks, models, and regulations (ISO/IEC 27017, HIPAA, and PCI DSS) and the design and implementation of governance frameworks in the cloud. It also addresses cloud compliance frameworks and elaborates on the AWS, Azure, and GCP governance modules.

  • Module 11 Title Standards, Policies, and Legal Issues in the Cloud
  • Module 11 Content

    This module discusses standards, policies, and legal issues associated with the cloud. It also covers the features, services, and tools needed for compliance and auditing in AWS, Azure, and GCP.

  • Module 12 Title Appendix (Self-Study): Private, Hybrid, and Multi-Tenant Cloud Security
  • Module 12 Content

    The appendix covers the security of private, hybrid, and multi-tenant cloud models. It lists some of the best practices for securing VMWare Cloud, AWS, GCP, Azure hybrid cloud setups, and multi-tenant clouds.

RM5,000.00(+RM300.00 Tax)

The CND certification aims to equip you with hands-on training to function in real-life situations involving network defense. You will gain the technical skills required to proactively design a secure network with future threats in mind. This program will be akin to learning math instead of just using a calculator.

This program will be akin to learning math instead of just using a calculator. This program teaches a fundamental understanding of the true construct of data transfer, network technologies, and software technologies so that you understand how networks operate, the processes software is automating, and how to analyze the subject material.

You will learn how to mitigate, harden, and defend from the attacks. You will learn network defense fundamentals, the application of network security controls, protocols, perimeter appliances, secure IDS, VPN, and firewall configuration. You will then learn the intricacies of network traffic signature, analysis and vulnerability scanning which will help you when you design greater network security policies and successful incident response plans. These skills will help you foster resiliency and continuity of operations during attacks.

 

What typical students would benefit most from this class?

  • System Administrators
  • System Engineers
  • Firewall Administrators
  • Network Managers
  • IT Managers
  • IT Professionals
  • Anyone interested in network security technologies
  • Managers who want to understand cyber security core principles and practices
  • Operations personnel, who although do not have security as their primary job function, need an understanding of cyber security core principles and practices

Additional Info

  • Certification Course & Certificate
  • Course Code CND
  • Price 5000
  • Exam Price Include
  • Exam Code 312-38
  • Duration 5 Days
  • Schedule

    24-28 Jan 2022

    14-18 Mar 2022

    11-15 Apr 2022 (Penang)

    30 May-3 Jun 2022

    25-29 Jul 2022

    19-23 Sep 2022

    7-11 Nov 2022

    21-25 Nov 2022 (Penang)

  • Audience

    This program will take a typical Network/SysAdmin and immerse them in the world of Hackers and Cyber Defense.

  • Module 1 Title Computer Network Defense Fundamentals
  • Module 2 Title Network Security Threats, Vulnerabilities, and Attacks
  • Module 3 Title Network Security Controls, Protocols, and Devices
  • Module 4 Title Network Security Policy Design and Implementation
  • Module 5 Title Physical Security
  • Module 6 Title Host Security
  • Module 7 Title Secure Firewall Configuration and Management
  • Module 8 Title Secure IDS Configuration and Management
  • Module 9 Title Secure VPN Configuration and Management
  • Module 10 Title Wireless Network Defense
  • Module 11 Title Network Traffic Monitoring and Analysis
  • Module 12 Title Network Risk and Vulnerability Management
  • Module 13 Title Data Backup and Recovery
  • Module 14 Title Network Incident Response and Management
RM5,000.00(+RM300.00 Tax)
* Training Dates:

Decoding Web Application Hacking and Security
Web Application Hacking and Security has challenges derived from the engaging iLab environments of EC Council – from Certified Ethical Hacker (CEH) to the Certified Penetration Testing Professional (CPENT); from Certified Application Security Engineer (CASE) .Net to Java. But Web Application Hacking and Security goes beyond this to more difficult scenarios as you advance through each problem.

Web Application Hacking and Security is like a Capture-The-Flag (CTF) competitions meant to test your hacking skills. But you can keep on trying until you achieve the goal. Test your skills and work alone to solve complex problems or follow the instructor as they do a walkthroughs to help you learn Web Application Hacking and Security.

Watch your name rise on the leader board, a place where you’ll see who’s cracking the most challenges, who’s making the most progress, who’s cranking out the [email protected]$!

What is included
Video tutorials – 1 year access
Break the Code labs (24 challenges) – 3 months access
Exam – Exam Dashboard validity period of 30 days from the day user activates exam dashboard

 

Exam and Certification
The Web Application Hacking and Security exam assesses candidates’ skills and proficiency on a broad spectrum of OWASP Top-10 web application vulnerabilities and attack vectors. Web Application Hacking and Security Exam is a fully online, remotely proctored practical exam that challenges candidates through a grueling 6-hour performance based, hands-on exam.

The exam focuses on candidates’ proficiency in performing a web application security assessment in real life stressful scenario. Candidates who score more than 60% will earn the Certified Web Application Security Associate certification, candidates who score more than 75% will be awarded the Certified Web Application Security Professional certification and candidates who score more than 90% attain the prestigious Certified Web Application Security Expert certification!

Additional Info

  • Certification Course only
  • Exam Price Exclude
  • Duration 1 Year Access
  • Audience

    If you are tasked with implementing, managing, or protecting web applications, then this course is for you. If you are a cyber or tech professional who is interested in learning or recommending mitigation methods to a myriad of web security issues and want a pure hands-on program, then this is the course you have been waiting for.

    • Penetration Tester

    • Ethical Hacker

    • Web Application Penetration

    • Tester/Security Engineer

    • Auditor

    • Red Team Engineer

    • Information Security Engineer

    • Risk/Vulnerability Analyst

    • Vulnerability Manager

    • Incident responder

  • Prerequisities

    Pre-requisite

    It is recommended to have:

    • Good understanding of web application working

    • Basic working knowledge of the Linux command line

    • Basic knowledge of OSes and file systems

    • Basic knowledge of Bash and/or Python scripting

     

    Host System Requirement

    Minimum Hardware Requirements for the Host OS:

    • CPU: Intel i3(3.6 GHz per core) 64-bit/AMD Ryzen 3(3.6 GHz per core)

    • RAM: 8 GB

    • HDD: 60 GB available space

    • Peripherals: External or Integrated Webcam

     

    Software Requirements for the Host OS:

    • Operating system: Windows 8.1 x64 or later/ MAC OSX

    • Virtualization Software: Any latest solution such as VMware Player/VMware Workstation 8.0/VMware Fusion 7.0 or later, Hyper-V, VirtualBox

    • Browser: Any modern browser such as Chrome, Firefox, Internet Explorer

    • Internet: A stable Internet connection with a minimum of 5mbps Download and 1mbps Upload speeds. It is recommended to use hard-wired connection instead of wireless.

     

    Virtual Machine Resource Requirement

    Your virtual machine should be able to run penetration testing Linux distribution such as Parrot Security/Kali Linux or your own penetration testing toolkit.

     

    VPN Software: The virtual machine should be installed with OpenVPN Connect client software. You can download it at https://openvpn.net/download-open-vpn/. The Parrot Security/Kali Linux distros come pre-installed with the OpenVPN client.

  • At Course Completion

    Unlike many Capture-the-Flag challenges and Vulnerable Virtual Machines, Web Application Hacking and Security provides the challenger with the ability to follow an instructor as they make their way through the challenges. The instructor will present alternatives, do scans, upload malicious payloads, and crack passwords from their home computer just like you.

    – But don’t rely on the walkthrough; challenge yourself and see how far you can get. Play some of the walkthroughs, then pause and try some more.

    In the process, you will learn about application vulnerabilities and web application hacking. Even though this will prove useful for other CTF contests, and in cracking VVMs, it will be even more useful to your career as you learn to defend your applications and progress to Web Application Hacking and Security.

     

    Course Outline

    • Advanced Web Application Penetration Testing

    • Advanced SQL Injection (SQLi)

    • Reflected, Stored and DOM-based Cross Site Scripting (XSS)

    • Cross Site Request Forgery (CSRF) – GET and POST Methods

    • Server-Side Request Forgery (SSRF)

    • Security Misconfigurations

    • Directory Browsing/Bruteforcing

    • CMS Vulnerability Scanning

    • Network Scanning

    • Auth Bypass

    • Web App Enumeration

    • Dictionary Attack

    • Insecure Direct Object Reference Prevention (IDOR)

    • Broken Access Control

    • Local File Inclusion (LFI)

    • Remote File Inclusion (RFI)

    • Arbitrary File Download

    • Arbitrary File Upload

    • Using Components with Known Vulnerabilities

    • Command Injection

    • Remote Code Execution

    • File Tampering

    • Privilege Escalation

    • Log Poisoning

    • Weak SSL Ciphers

    • Cookie Modification

    • Source Code Analysis

    • HTTP Header modification

    • Session Fixation

    • Clickjacking

  • Module 1 Content

    • Advanced Web Application Penetration Testing

    • Advanced SQL Injection (SQLi)

    • Reflected, Stored and DOM-based Cross Site Scripting (XSS)

    • Cross Site Request Forgery (CSRF) – GET and POST Methods

    • Server-Side Request Forgery (SSRF)

    • Security Misconfigurations

    • Directory Browsing/Bruteforcing

    • CMS Vulnerability Scanning

    • Network Scanning

    • Auth Bypass

    • Web App Enumeration

    • Dictionary Attack

    • Insecure Direct Object Reference Prevention (IDOR)

    • Broken Access Control

    • Local File Inclusion (LFI)

    • Remote File Inclusion (RFI)

    • Arbitrary File Download

    • Arbitrary File Upload

    • Using Components with Known Vulnerabilities

    • Command Injection

    • Remote Code Execution

    • File Tampering

    • Privilege Escalation

    • Log Poisoning

    • Weak SSL Ciphers

    • Cookie Modification

    • Source Code Analysis

    • HTTP Header modification

    • Session Fixation

    • Clickjacking

RM2,950.00(+RM177.00 Tax)

EC-Council’s Certified Penetration Tester (CPENT) program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you how to pen test IoT systems, OT systems, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.

  • The course is presented through an enterprise network environment that must be attached, exploited, evaded, and defended
  • EC-Council’s CPENT gives the industry an ability to assess a Pen Tester’s skills across a broad spectrum of “network zones”
  • What makes the CPENT different is the requirement to be provided a variety of different scoped of ework so that the candidate can “think on their feet”
  • The result of this is that there are different zones representing different types of testing
  • Anyone attempting the test will have to perfume their assessment against these different zones

Additional Info

  • Certification Course & Certificate
  • Course Code CPENT
  • Price RM8100
  • Exam Price Include
  • Exam Code CPENT
  • Duration 5 Days
  • CertificationInfo EC-Council Certified Security Analyst
  • Principals EC-Council
  • Schedule

    24-28 Jan 2022

    21-25 Mar 2022

    20-24 Jun 2022

    4-8 Jul 2022

    1-5 Aug 2022

    5-9 Sep 2022

    14-18 Nov 2022

  • Audience
    • Ethical Hackers
    • Penetration Testers
    • Information Security Consultant
    • Security Analyst
    • Security Engineer
    • Network server administrators
    • Firewall Administrators
    • Security Testers
    • System Administrators and Risk Assessment professionals
  • Prerequisities

    There are no defined pre-requisite for the exam, but it is strongly recommend that candidates to attempt the CEH (Practical) and/ or ECSA (Practical) prior to attempting CPENT

    Extensive knowledge of penetration testing across multiple disciplines extending from windows, IoTs, inline defenses to automation, operational technology, and advanced skills in binary exploitation. The certification tests the knowledge of tester not only on automated tools but manual testing skills as well.

  • Module 1 Title Course Outline
  • Module 1 Content

    Module 01: Introduction to Penetration Testing

    Module 02: Penetration Testing Scoping and Engagement

    Module 03: Open Source Intelligence (OSINT)

    Module 04: Social Engineering Penetration Testing

    Module 05: Network Penetration Testing – External

    Module 06: Network Penetration Testing– Internal

    Module 07: Network Penetration Testing – Perimeter Devices

    Module 08: Web Application Penetration Testing

    Module 09: Wireless Penetration Testing

    Module 10: IoT Penetration Testing

    Module 11: OT/SCADA Penetration Testing

    Module 12: Cloud Penetration Testing

    Module 13: Binary Analysis and Exploitation

    Module 14: Report Writing and Post Testing Actions

  • Module 2 Title Single Exam, Dual Certification
  • Module 2 Content

    CPENT is a fully online, remotely proctored practical exam that challenges candidates through a grueling 24-hour performance-based, hands-on exam. The exam is broken into 2 practical exams of 12-hours each that will test your perseverance and focus by forcing you to outdo yourself with each new challenge. Candidates have the option to choose either 2 12-hour exams or one 24-hour exam.

     

    Candidates who score more than 70% will earn the CPENT certification. Candidates who score more than 90% attain the prestigious LPT (Master) credential!

     

    Exam features:

    • Choose your challenge! Either two 12-Hour sessions or a single 24-Hour exam!

    • EC-Council specialists proctor the entire exam – Validity is not in question.

    • Score at least 70% and become a CPENT

    • Score at least 90% and earn the highly regarded LPT (Master) designation!

     

    To be a LPT (Master) means that you can find chinks in the armor of defense-in-depth network security models with the help of network pivoting, making exploit codes work in your favor, or by writing Bash, Python, Perl, and Ruby scripts. The live range CPENT exam demands that you think on your feet, be creative in your approach, and not rely on the conventional techniques.

     

    Outsmarting and out maneuvering the adversary is what sets you apart from the crowd. The CPENT’s hands-on exam offers a challenge like no other by simulating a complex network in real time. This experience will test your perseverance and focus by forcing you to outdo yourself with each new challenge.

  • Module 3 Title CPENT Benefits
  • Module 3 Content
    • 100% mapped with the NICE framework.
    • 100% methodology-based penetration testing program.
    • Blends both manual and automated penetration testing approaches.
    • Designed with the most common penetration testing practices offered by the best service providers.
    • Maps to all major Job Portals. Role Title: Penetration Tester and Security Analyst.
    • Provides strong reporting writing guidance.
    • Gives a real-world experience through an Advanced Penetration Testing Range.
    • Provides candidates with standard Pen test for use in the field.
RM8,100.00(+RM486.00 Tax)
* Training Dates:

The C|CISO Training Workshop is a premium Training & Certification program for aspiring Chief Information Security Officers that wish to penetrate the inner sanctum of Information Security Management and Leadership.

 

During the C|CISO Training Workshop, participants will be challenged to develop a business continuity plan for a company in a given industry and situation, use metrics to communicate cyber risk for different audiences, and describe how to align a given security program with the goals of the business in which it resides, among many other exercises. The challenges are aimed at helping aspiring leaders develop business acumen, practice on their managerial skills and further hone their technical expertise by diving deep into how security should be injected into the procurement process and how a CISO should manage budgets and assets.

 

The C|CISO course has certified leading information security professionals around the world and is the first of its kind training and certification program aimed at producing top-level Information Security Leaders. The C|CISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by seasoned CISOs for current and aspiring CISOs. C|CISO Material assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work.

 

The C|CISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the C|CISO Training Program can be the key to a successful transition to the highest ranks of information security management.

Additional Info

  • Certification Course & Certificate
  • Course Code CCISO
  • Price 12000
  • Exam Price Include
  • Exam Code 712-50
  • Duration 4 days
  • Principals EC-Council
  • Schedule

    17-20 Feb 2022

    24-27 Mar 2022

    5-8 May 2022

    23-26 Jun 2022

    4-7 Aug 2022

    15-18 Sep 2022

    10-13 Nov 2022

    15-18 Dec 2022

  • Audience

    The CCISO program is for executives looking to hone their skills & learn to better align their information security programs to the goals of organization as well as aspiring CISOs. Other information security management certification programs focus on middle management. CCISO focuses on exposing middle managers to executive-level content as well as encouraging existing CISOs to continually improve their own processes & programs.

  • Prerequisities

    In order to sit for the CCISO exam, applicants that attend training must apply via the CCISO Eligibility Application showing 5 years of experience in at least 3 of the 5 CCISO domains (experience can be overlapping). Students who do not meeting the eligibility criteria for the CCISO exam can sit for the EC-Council Information Security Manager (EISM) exam & apply for the CCISO exam when they meet the requirements.

  • Module 1 Title Domain 1 Governance (Policy, Legal & Compliance)
  • Module 1 Content

    Domain 1 covers Policy, Legal, and Compliance issues involved in the executive management of an Information Security Program.

  • Module 2 Title Domain 2 IS Management Controls and Auditing Management
  • Module 2 Content

    Domain 2 is concerned with Audit and Risk Management, including understanding your organization’s risk tolerance and managing accordingly.

  • Module 3 Title Domain 3 Management – Projects and Operations (Projects, Technology & Operations)
  • Module 3 Content

    Domain 3 covers many of the day-today aspects of the CISO job including project, technology, and operations management.

  • Module 4 Title Domain 4 Information Security Core Competencies
  • Module 4 Content

    Domain 4 delves into the technology of the CISO’s role, but from an executive perspective.

  • Module 5 Title Domain 5 Strategic Planning & Finance.
  • Module 5 Content

    Domain 5 covers Finance and Strategic management, some of the key skills that help CISOs rise to the level of their peer C-Level executives.

  • Module 6 Title The Exam
  • Module 6 Content

    The C|CISO Exam was developed by practicing CISOs and based on the real-world scenarios professionals from across industries have faced while securing some of the most prestigious organizations in the world. Applicant’s knowledge in all five of the C|CISO Domains will be tested on the exam that focuses on scenario-based questions and requires applicants to apply their real-world experience in order to answer successfully. To that end, in order to qualify to sit for the C|CISO Exam after taking the C|CISO class, applicants have at least 5 years of information security experience in 3 or more of the C|CISO Domains. Any student lacking this experience may take the ECCouncil Information Security Management exam and earn the EISM certification. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements. Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.

    EXAM TITLE : EC-Council Certified CISO

    EXAM CODE : 712-50

    # OF QUESTIONS : 150

    DURATION :2.5 Hours

    AVAILABILITY : ECC Exam Portal

    TEST FORMAT : Scenario-based multiple choice

    PASSING SCORE : 72%

RM12,000.00(+RM720.00 Tax)
* Training Dates:

IT systems are continually evolving to ensure competitiveness, enable reach to global markets and handle external pressures such as regulation. By managing, advising and assessing the enterprise’s IT infrastructure and processes, individuals play a role in IT governance and provide significant support to the board of directors and executive management. The Certified in the Governance of Enterprise IT® (CGEIT®) program supports increasing business demands and recognizes the wide range of professionals whose knowledge and application of IT governance principles are key to managing the forces of transition.

Additional Info

  • Certification Course only
  • Course Code CGEIT
  • Price RM7600
  • Exam Price Exclude
  • Duration 5 Days
  • Schedule

    21-24 Feb 2022

    23-26 Apr 2022

    22-25 Aug 2022

    14-17 Nov 2022

  • Audience
    • Chief Information Officers (CSO)
    • IT Directors
    • Compliance personnel
    • IT Administrators
    • Risk Managers
    • Anyone seeking broader understanding of IT governance best practices
  • Prerequisities

    Five (5) or more years of experience managing, serving in an advisory or oversight role, and/or otherwise supporting the governance of the IT-related contribution to an enterprise is required to apply for certification. This experience is defined specifically by the domains and task statements described in the CGEIT Job Practice.

  • Module 1 Title Framework for the Governance of Enterprise IT
  • Module 1 Content
    • Governance Framework
      • Components of a Governance Framework
      • Organizational Structures, Roles, and Responsibilities
      • Strategy Development
      • Legal and Regulatory Compliance
      • Organizational Culture
      • Business Ethics
    • Technology Governance
      • Governance Strategy Alignment with Enterprise Objectives
      • Strategic Planning Process
      • Stakeholder Analysis and Engagement
      • Communication and Awareness Strategy
      • Enterprise Architecture
      • Policies and Standards
    • Information Governance
      • Information Architecture
      • Information Asset Lifecycle
      • Information Ownership and Stewardship
      • Information Classification and Handling
  • Module 2 Title IT Resources
  • Module 2 Content
    • IT Resource Planning
      • Sourcing Strategies
      • Resource Capacity Planning
      • Acquisition of Resources
    • IT Resource Optimization
      • IT Resource Lifecycle and Asset Management
      • Human Resource Competency Assessment and Development
    • Management of Contracted Services and Relationships
  • Module 3 Title Benefits Realization
  • Module 3 Content
    • IT Performance and Oversight
      • Performance Management
      • Change Management
      • Governance Monitoring
      • Governance Reporting
      • Quality Assurance
      • Process Development and Improvement
    • Management of IT-Enabled Investments
      • Business Case Development and Evaluation
      • IT Investment Management and Reporting
      • Performance Metrics
      • Benefit Evaluation Methods
  • Module 4 Title Risk Optimization
  • Module 4 Content
    • Risk Strategy
      • Risk Frameworks and Standards
      • Enterprise Risk Management
      • Risk Appetite and Risk Tolerance
    • Risk Management
      • IT-Enabled Capabilities, Processes, and Services
      • Business Risk, Exposures, and Threats
      • Risk Management Lifecycle
      • Risk Assessment Methods
RM7,600.00(+RM456.00 Tax)
* Training Dates:

The Red Hat Certified Specialist in Identity Management exam (EX362) tests your knowledge, skills, and ability to create, configure, and manage Red Hat® Enterprise Linux authentication services and integrate those services with a variety of Red Hat and non-Red Hat products and technologies.

By passing this exam, you become a Red Hat Certified Specialist in Identity Management, which also counts toward becoming a Red Hat® Certified Architect (RHCA®).

This exam is based on Red Hat Enterprise Linux 7, Red Hat Satellite Server 6, Red Hat Ansible Tower 2, and Microsoft Windows 10 Active Directory.

Additional Info

  • Certification Certificate only
  • Price RM1800
  • Exam Price Include
  • Exam Code EX362
  • Duration 0.5 Days
  • CertificationInfo Red Hat Certified Specialist in Identity Management
  • Principals Red Hat
  • Audience

    These audiences may be interested in becoming a Red Hat Certified Specialist in Directory Services and Authentication:

    • Any Red Hat Certified Engineer (RHCE) who wishes to become a Red Hat Certified Architect (RHCA).
    • System administrators who want to demonstrate the ability to configure authentication services and link other products to those services.
  • Prerequisities
    • Be a Red Hat Certified System Administrator (RHCSA) or have comparable work experience and skills (Red Hat Certified Engineer (RHCE) certification recommended)
    • Take the Red Hat Security: Identity Management and Active Directory Integration (RH362) course or have comparable work experience
    • Review the Red Hat Certified Specialist in Directory Services and Authentication exam objectives
    • While not required, experience with these products is also recommended:
      • Red Hat Satellite Server 6.3
      • Red Hat Ansible Tower
      • Microsoft Active Directory Server 2016
RM1,800.00(+RM108.00 Tax)
Page 1 of 2

PMP, Project Management Professional (PMP), CAPM, Certified Associate in Project Management (CAPM) are registered marks of the Project Management Institute, Inc.

We are using cookies to give you the best experience on our site. By continuing to use our website without changing the settings, you are agreeing to use of cookies.
Ok Decline