CompTIA Security+ - Live In Person

In-Classroom Hours: 30/ Online Hours: 18
Retail Price: $999.00

General Information:

Call for details - Classes start soon!  Flexible schedules.

Course Overview:

This course can benefit you in two ways. If you intend to pass the CompTIA Security+ (Exam SY0-701) certification examination, this course can be a significant part of your preparation. But certification is not the only key to professional success in the field of computer security. Today's job market demands individuals with demonstrable skills, and the information and activities in this course can help you build your cybersecurity skill set so that you can confidently perform your duties in any entry-level security role.

Recommended Prerequisites:  High School Graduate or GED holder. Operating knowledge of Windows or equivalent operating system.

Course Exam: Upon completion of this in classroom course, the students will be prepared to take the CompTIA Security+ (SY0-701) certification exam.

Course Outline:

Lesson 1: Summarize Fundamental Security Concepts

Security is an ongoing process that includes assessing requirements, setting up organizational security systems, hardening and monitoring those systems, responding to attacks in progress, and deterring attackers. If you can summarize the fundamental concepts that underpin security functions, you can contribute more effectively to a security team. You must also be able to explain the importance of compliance factors and best practice frameworks in driving the selection of security controls and how departments, units, and professional roles within different types of organizations implement the security function.

Lesson 2: Compare Threat Types

To make an effective security assessment, you must be able to explain strategies for both defense and attack. Your responsibilities are likely to lie principally in defending assets, but to do this you must be able to explain the tactics, techniques, and procedures of threat actors. You must also be able to differentiate the types and capabilities of threat actors and the ways they can exploit the attack surface that your networks and systems expose.

Lesson 3: Explain Cryptographic Solutions

The protect cybersecurity function aims to build secure IT processing systems that exhibit the attributes of confidentiality, integrity, and availability. Many of these systems depend wholly or in part on cryptography. As an information security professional, you must understand the concepts underpinning cryptographic algorithms and their implementation in secure protocols and services. A s trong technical understanding of the subject will enable you to explain the importance of cryptographic systems and to select appropriate technologies to meet a given security goal.

Lesson 4: Implement Identity and Access Management

Each network user and host device must be identified with an account so that you can control their access to your organization's applications, data, and services. The processes that support this requirement are referred to as identity and access management (IAM). Within IAM, authentication technologies ensure that only valid subjects (users or devices) can operate an account. Authentication requires the account holder to submit credentials that should only be known or held by them in order to access the account. There are many authentication technologies, and it is imperative that you be able to implement and maintain these security controls.

Lesson 5: Secure Enterprise Network Architecture

Managing user authentication and authorization is only one part of building secure information technology services. The network infrastructure must also be designed to run services with the properties of confidentiality, integrity, and availability. While design might not be a direct responsibility for you at this stage in your career, you should understand the factors that underpin design decisions, so that you can assist with analysis and planning.

Lesson 6: Secure Cloud Network Architecture

Cloud network architecture encompasses a range of concepts and technologies designed to ensure the confidentiality, integrity, and availability of data and applications within cloud-based environments. Cloud architecture and modern software deployment practices enable seamless integration, management, and optimization of resources within cloud-based environments. Key features include on-demand provisioning, elasticity, and scalability, which allow rapid deployment and dynamic adjustments to computing, storage, and network resources as required.

Lesson 7: Explain Resiliency and Site Security Concepts

Security architecture resilience refers to the design and implementation of systems and networks in a way that allows them to withstand and recover quickly from disruptions or attacks. This includes redundancy, fail-safe mechanisms, and robust incident response plans. By building resilience into the security architecture, cybersecurity teams ensure that even if a breach occurs, the impact is minimized, and normal operations can be restored quickly. Physical security protects personnel, hardware, software, networks, and data from physical actions and events that could cause severe damage or loss to an organization. This includes controls like access badges, CCTV systems, and locks, as well as sensors for intrusion detection. Physical security is a critical aspect of cybersecurity, as a breach in physical security can lead to direct access to systems and data, bypassing other cybersecurity measures.

Lesson 8: Explain Vulnerability Management

Vulnerability management is critical to any organization's cybersecurity strategy, encompassing identifying, evaluating, treating, and reporting security vulnerabilities in operating systems, applications, and other components of an organization's IT operations. Vulnerability management may involve patching outdated systems, hardening configurations, or upgrading to more secure versions of operating systems. For applications, it might include code reviews, security testing, and updating third-party libraries.

Lesson 9: Evaluate Network Security Capabilities

Secure baselines, hardening, wireless security, and network access control are fundamental concepts in cybersecurity. Secure baselines establish a set of standardized security configurations for different types of IT assets, such as operating systems, networks, and applications. These baselines represent a starting point for security measures, offering a defined minimum level of security that all systems must meet. Hardening is the process of reducing system vulnerabilities to make IT resources more resilient to attacks. It involves disabling unnecessary services, configuring appropriate permissions, applying patches and updates, and ensuring adherence to secure configurations defined by the secure baselines. Wireless security describes the measures to protect wireless networks from threats and unauthorized access. This includes using robust encryption (like WPA3), secure authentication methods (like RADIUS in enterprise mode), and monitoring for rogue access points.

Lesson 10: Assess Endpoint Security Capabilities

Security strategies may include additional considerations for mobile devices such as smartphones and tablets. While keeping the operating system and applications updated is still crucial, other practices such as disabling unnecessary features (like Bluetooth and NFC when not in use), limiting app permissions, and avoiding unsecured Wi-Fi networks become increasingly important. Installing trusted security apps, enabling device encryption, and enforcing screen locks are essential considerations. Mobile device management (MDM) solutions help manage and control security features across various mobile devices.

Lesson 11: Enhance Application Security Capabilities

Secure protocol and application development concepts are essential pillars of robust cybersecurity. Protocols such as HTTPS, SMTPS, and SFTP provide encrypted communication channels, ensuring data confidentiality and integrity during transmission. Similarly, email security protocols like SPF, DKIM, and DMARC work to authenticate sender identities and safeguard against phishing and spam. Secure coding practices encompass input validation to thwart attacks like SQL injection or XSS, enforcing the principle of least privilege to minimize exposure during a breach, implementing secure session management, and consistently updating and patching software components. Developers must also design software that generates structured, secure logs to support effective monitoring and alerting capabilities.

Lesson 12: Explain Incident Response and Monitoring Concepts

From a day-to-day perspective, incident response means investigating the alerts produced by monitoring systems and issues reported by users. This activity is guided by policies and procedures and assisted by various technical controls. Incident response is a critical security function, and will be a very large part of your work as a security professional. You must be able to summarize the phases of incident handling and utilize appropriate data sources to assist an investigation. Where incident response emphasizes the swift eradication of malicious activity, digital forensics requires patient capture, preservation, and analysis of evidence using verifiable methods. You may be called on to assist with an investigation into the details of a security incident and to identify threat actors. To assist these investigations, you must be able to summarize the basic concepts of collecting and processing forensic evidence that could be used in legal action or for strategic counterintelligence.

Lesson 13: Analyze Indicators of Malicious Activity

The preparation phase of incident response identifies data sources that can support investigations. It also provisions tools to aggregate and correlate this data and partially automate its analysis to drive an alerting and monitoring system. While automated detection is a huge support for the security team, it cannot identify all indicators of malicious activity. As an incident responder, you must be able to identify signs in data sources that point to a particular type of attack.

Lesson 14: Summarize Security Governance Concepts

Security governance is a critical aspect of an organization's overall security posture, providing a framework that guides the management of cybersecurity risks. It involves developing, implementing, and maintaining policies, procedures, standards, and guidelines to safeguard information assets and technical infrastructure. Security governance encompasses the roles and responsibilities of various stakeholders, emphasizing the need for a culture of security awareness throughout the organization. Governance frameworks must manage and maintain compliance with relevant laws, regulations, and contractual obligations while supporting the organization's strategic objectives. Effective security governance also involves continuous monitoring and improvement to adapt to evolving threats and changes in the business and regulatory environment.

Lesson 15: Explain Risk Management Processes

Effective risk management practices involve systematically identifying, assessing, mitigating, and monitoring organizational risks. Audits provide an independent and objective evaluation of processes, controls, and compliance, ensuring adherence to standards and identifying gaps that pose risks. On the other hand, assessments help evaluate the effectiveness of risk management strategies, identify potential vulnerabilities, and prioritize mitigation efforts. By combining audits and assessments, organizations can comprehensively understand risks, implement appropriate controls, and continuously monitor and adapt their risk management strategies to protect against potential threats. These practices are essential for maintaining proactive and resilient security operations while ensuring compliance with legal mandates.

Lesson 16: Summarize Data Protection and Compliance Concepts

Data protection and compliance encompass a range of practices and principles aimed at safeguarding sensitive information, ensuring privacy, and adhering to applicable laws and regulations. Data protection involves implementing measures to secure data against unauthorized access, loss, or misuse. It includes practices such as encryption, access controls, data backup, and secure storage. Compliance refers to conforming to legal, regulatory, and industry requirements relevant to data handling, privacy, security, and transparency. Organizations can safeguard individuals' privacy, ensure data security, fulfill legal requirements, and establish credibility with customers, partners, and regulatory authorities by comprehending and implementing these data protection and compliance principles. Compliance with applicable data protection laws, regulations, and standards is crucial for organizations to avoid legal liabilities, reputational damage, and financial penalties associated with noncompliance.

All necessary course materials are included.

This course includes the official CompTIA course content, hands on virtual labs and practice exam.

Instructional Strategies:

  • Lecture
  • Skills Demonstration
  • Group Activities
  • Individual Activities

Methods of Evaluation:

  • Quizzes & Exams
  • Skills Demonstration
  • Written Assignments

Instructor Biography:

Coming soon!

Grading System:

Student must pass all quizzes, exams, and national exam (if applicable) at a passing rate to be eligible for a Certificate of  Training Completion. If an internship is included in your course you will be required to complete the internship prior to receiving a Certificate of Training Completion.

Attendance:

Students are expected to arrive on time and participate in course discussions. Successful completion of the course of study recommends 100% attendance. If during the course period the student’s attendance level drops below 80%, they will be encouraged and given the opportunity to attend the next scheduled class for the course they enrolled in. Should materials change, student is responsible for all additional cost.

Payment Plan Policy:

Students may withdraw from the program for any reason up to 1 week prior to the start of program. In this case, the student’s payment plan agreement shall be rescinded. If the payment plan has begun a non-refundable administrative fee of $25.00 will be assessed and remaining funds will be returned to payer in check form by mail. 

Refund Policy: 

There can be no refund for the course, once the first class has been concluded; or if any course material, including the eBook, is accessed. If extenuating circumstances exist, case by case situations will be reviewed by ProTrain. If a refund is issued, the refunded amount (- a $25 processing fee) will be dependent upon books being returned in excellent condition (i.e. no writing, missing pages; ripped or damage to pages and/or binding).

Re-Admission Policy:

Any student who has dropped out of the program, or has been suspended from the program for nonattendance may be readmitted within one year by completing a personal interview with the director of education and paying any applicable fees at the time of readmission. Students who were terminated due to conduct issues are not eligible to be readmitted.

Policy on Student Conduct:

Appropriate Conduct: All students are expected to conduct themselves in an orderly and professional manner. Any student not conducting themselves in an orderly and professional manner, which includes use of drugs and alcohol during school hours, dishonesty, disrupting classes, use of profanity, excessive tardiness, insubordination, violation of safety rules, improper usage of lab or classroom computers, or not abiding by the school rules will lead to either probation or dismissal from classes.



** The course outlines displayed on this website are subject to change at any time without prior notice. **