• $3999 Due in full, prior to beginning course
  • 11 Weeks
  • Approx. 25 hours/week

The Cyber Academy: Defense builds on the defensive skills and experience students gained in Cyber Attack and Defense: Immediate Immersion. The course is designed to impart a strong foundation of defensive information security skills in 11 weeks of study at 25 hours per week, preparing students for entry-level careers as security operations center analysts and digital forensics analysts.

Development of the 100% project-based, learn-by-doing program was funded in part by the Department of Defense (under agreement C5-16-0023), and the curriculum was designed in conjunction with DoD and industry experts.

Students work through 8 online real-life tasks (spending 1-2 weeks per task) in a private cloud environment with help, advice, and feedback from a knowledgeable mentor and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a government cyber operations agency.

In this 11-week module you will:

A security operations center analyst has seen evidence of a password cracking attempt within a key network. Students analyze a packet capture file (PCAP) and event logs within a security information and event management system (the Splunk SIEM) to determine if any passwords were compromised and if the network was breached as a result. The student must also identify which tools were used by the attacker and which steps should be taken to safeguard specific hosts in the network from similar cracking attempts in the future.

Tasks 2 through 6 are set in the context of a single complex cyber attack.

Students analyze a possible “watering hole” attack in which clicking on a malicious link embedded in an otherwise legitimate website launches an exploit kit that infects a user’s machine with a “banking trojan.” To accomplish this, they must analyze multiple logs within the Splunk SIEM.

Students use a “hash” of a possible malware-containing file to conduct research using VirusTotal, online sandboxes, and open source intelligence sources to determine specific indicators of compromise to guide forensic analysis of memory and file system images of infected devices.

Students perform a forensic examination of a memory image taken from a computer to identify sophisticated malware that infected the system.

Students perform disk forensics on an infected system. By analyzing an image of the computer’s file system, the students are able to identify malware infections and to create a timeline for the attack.

Students are asked to conclude their investigation by compiling a timeline for the attack and writing a comprehensive report for technical and non-technical stakeholders.


Join an upcoming online information session to learn more about the program, curriculum and instructors.
AUGUST 13, 2019 12-1PM CST


Students will learn to:

  • Analyze network traffic
  • Analyze network and system logs using security information and event monitoring system
  • Cross-correlate log information and network packet traffic
  • Use online sandboxes for static and dynamic analysis of malicious executable files to identify indicators of compromise
  • Use threat intelligence
  • Identify malware
  • Perform memory forensics
  • Perform disk forensics
  • Compile a comprehensive timeline of a cyber attack
  • Report appropriately to technical and non-technical stakeholders


In addition to the task-based curriculum, an implicit curriculum runs throughout the course via which students will learn and practice the cognitive skills essential for success in all areas of information security. These include:

  • Understanding complex, novel problems
  • Effectively researching solutions
  • Designing and testing solutions
  • Self-directed learning


Students who have successfully completed Cyber Attack and Defense: Immediate Immersion and who aspire to professional careers in defensive cybersecurity.


Successful completion of Cyber Attack and Defense: Immediate Immersion. Only basic computer skills are required, but basic knowledge of computer networks and protocols and the fundamentals of operating systems is strongly recommended.


Students must successfully complete Cyber Attack and Defense: Immediate Immersion to be permitted to enroll in the next course in this program, The Cyber Academy: Defense. Success will be assessed by a student’s mentors whose decision is final.