Cyber Vanguard Series- Enterprise Guardian

5 Day | Instructor Led

One major catalyst of change is the advancement of technology. As the hardware of war improves through technological development, so must the tactical, operational, and strategic usage adapt to its improved capabilities both to maximize our own capabilities and to counteract our enemy's. MCDP-1 Warfighting

For the first time in history, the cyber and warfare climate have intertwined. The blending of these two worlds has shown the importance of functional, practical and aggressive cybersecurity. UKI’s CyberVanguard Series Tier I: Enterprise Guardian focuses on enhancing foundational policies and best practices, with advanced fundamentals, empowering cybersecurity teams to protect their enterprise network.


Inquire About:
Cyber Vanguard Series- Enterprise Guardian

Ideal Candidates for Cyber Vanguard Series- Enterprise Guardian Class

Systems administration experience, familiarization with TCP/IP, and an understanding of UNIX, Linux,and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ Prep Course.

Cyber Vanguard Series- Enterprise Guardian Prerequisites

Systems administration experience, familiarization with TCP/IP, and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ Prep Course.

What You'll Get in Cyber Vanguard Series- Enterprise Guardian

What You'll Learn in Cyber Vanguard Series- Enterprise Guardian

• How to build a comprehensive security program focused on preventing, detecting, and responding to attacks
• Core components of building a defensible network infrastructure and how to properly secure routers, switches, and network infrastructure
• Methods to detect advanced attacks of systems that are currently compromised
• Formal methods for performing a penetration test to find weaknesses in an organization's security apparatus
• Ways to respond to an incident and how to execute the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
• Approaches to remediating malware and how to clean up a compromised system

Cyber Vanguard Series- Enterprise Guardian Certification

There is no certification associated with this course

Cyber Vanguard Series- Enterprise Guardian Outline

Ultimate Knowledge Institute’s CyberVanguard Series: Enterprise Guardian enhances your security foundation with advanced fundamentals focusing on counteracting, exposing, and responding to attacks. This course focuses on gaining the tactical advantage in organizational security through counteracting, exposing, and responding to attacks.

Configuring a system or network correctly in order to minimize adversarial exploitation.  Counteracting is covered in the Defensive Network Infrastructure Module

Identifying a breach at system or network levels. Exposing is covered in the Packet Analysis Module

Immediate and aggressive action taken with evidence collection/forensics. Responding is covered in the First Responder, Pentest, and Data Lost Prevention Modules

Enterprise Network Defense

  • Introduction to network security infrastructure as the target for attacks
  • Impact of compromised routers and switches
  • Escalating privileges at Layers 2 and 3
  • Weaknesses in Cisco router and switch architecture
  • Integrating and understanding existing network devices to defend against attacks
  • Implementing the Cisco Gold Standard to improve security
  • CISecurity Levels 1 and 2 benchmarks for routers
  • Standard switch configuration
  • Implementing security on an existing network and rolling out new devices
  • Advanced Layer 2 and 3 Controls
  • Filtering with access control lists
  • DHCP, ARP snooping, and port security
  • Introduction to network admission control and 802.1x

Network Flow and Packet Analysis

  • Architecture design and preparing filters
  • Building intrusion detection capability into a network
  • Understanding the components currently in place
  • Detection techniques and measures
  • Understanding various types of traffic occurring on a network
  • Knowing how normal traffic works
  • Differentiating between attacks and normal users on a network
  • Advanced IP packet analysis
  • Performing deep packet inspection and understanding usage of key fields
  • Event correlation and analysis
  • Analyzing an entire network instead of a single device
  • Building advanced snort rules
  • Intrusion detection tools
  • Installing and using analysis software
  • Wireshark
  • Building custom filters

Penetration Testing

  • Variety of penetration testing methods
  • Frequency and use of vulnerability analysis, penetration testing, and security assessment
  • Vulnerability analysis
  • How to perform vulnerability analysis
  • Key areas to identify and ways to fix potential problems
  • Key tools and techniques
  • Tools, techniques, and methods used in testing
  • Basic penetration testing
  • Methods and means of performing a penetration test
  • Focus, requirements, and outputs of a successful test
  • Prioritizing and remediation of issues
  • Advanced penetration testing
  • Understanding and mapping to an organization's infrastructure
  • Application testing and system analysis

Cybersecurity Threat Detection and First Responder

  • Assess information security risk in computing and network environments
  • Analyze threats to computing and network environments
  • Design secure computing and network environments
  • Operate secure computing and network environments
  • Assess the security posture within a risk management framework
  • Preparing for a cybersecurity incident
  • Collect cybersecurity intelligence information
  • Analyze collected intelligence to define actionable response
  • Respond to cybersecurity incidents
  • Investigate cybersecurity incidents
  • Containing a cybersecurity incident to preserve mission resilience
  • Recovery system data, including restoring to normal operation
  • Audit secure computing and network environments
  • Forensics and incident response
  • Platform Response Skillset: Windows/Linux

Malicious Code Differentiation

  • Behavior Designation
  • Compromise Identifiers and False Positive Differentiation
  • Compromise Escalation
  • Malicious Code Differentiation
  • Anti-Virus Deployments
  • Anti-Virus Monitoring and Malicious Code Identification
  • Malicious Code Remediation
  • Incident Identification
  • Initial Incident Identifiers
  • Incident Event Collection
  • Identifying Established Baselines
  • Event Characteristic Capture
  • Attack Intent Assessment
  • System Exposure Analysis and Change Identification
  • Attack Timeline Construction
  • Attack Documentation
  • Event Escalation
  • Support Role Designation and Action
  • Incident Response Report Generation
  • Fighting rootkits with basic and advanced tools

Data Loss Prevention

  • Risk management
  • Calculating and understanding risk across an organization
  • Building proper risk mitigation plans
  • Applying proactive risk management processes
  • Incorporating risk management into all business processes
  • Understanding insider threats
  • Data classification
  • Building a data classification program
  • Key aspects of deploying and implementing classification of critical information
  • Staged roll-out of classifying new and existing information
  • Managing and maintaining portable data classification
  • Digital rights management
  • Understanding digital rights
  • Balancing digital rights with data classification
  • Managing access across the enterprise
  • Balancing functionality and security
  • Data loss prevention (DLP)
  • Identifying requirements and goals for preventing data loss
  • Identifying practical DLP solutions that work
  • Managing,evaluating, implementing, and deploying DLP


Upon completion, Enterprise Guardians will be able to:

  • Identify network security threats against enterprise network and build countermeasures that minimize the impact of attacks
  • Utilize current and future procured tools used to analyze the enterprise network to counteract attacks and expose the adversary
  • Decode and analyze packets using various tools to identify anomalies and enhance the enterprise networks security posture
  • Understand how the adversary exploits systems and how to respond with immediate action to attacks
  • Perform penetration testing against the enterprise network in a closed virtual environment, hitting surfaces and gaps,  determine critical vulnerabilities, single points of failure, in order to gain the tactical advantage
  • Engage the incident handling process to a successive end
  • Utilize toolkits to pinpoint and amend malware throughout the enterprise network
  • Establish a data classification guide and place data-loss-prevention procedures at host and enterprise network level


A. Erlich


I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin


The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.

Top Related Courses

The Ransomware exercise is a customized, six-hour, live fire Cyber Range training exercise hosted on ACRE. This exercise is led by expert cyber security engineers and can be executed in a classroom as well as remotely. In this exercise, a ransomware-based attack (i.e., “WannaKry”) is launched via a malicious spear phishing originated compromise. This exercise includes a hands-on keyboard interface, which creates realistic technical training and management interaction opportunities. This exercise is not simulated – it is real malware, detonated in representative network enviroment. Participants are encouraged to view the attack as if it were happening to their institutions in real time, and asked to share what they have done or would do based on the facts provided. Such “range-based” exercises help institutions better understand the impact of an attack and prompt them to improve the ways in which their network defenders respond, communicate, request assistance, and recover from real-world cyber attacks. Institutions that have participated in this exercise have benefited directly by building greater interaction with their security community, as well as increasing capability maturity levels and resiliency across their specific customer sector.

All actions in war, regardless of the level, are based upon either taking the initiative or reacting in response to the opponent. By taking the initiative, we dictate the terms of the conflict and force the enemy to meet us on our terms. The initiative allows us to pursue some positive aim even if only to preempt an enemy initiative. It is through the initiative that we seek to impose our will on the enemy.

Cyber Vanguard Series - Cyber Strike takes the offensive and defensive assault tactics and applies them in several different real world scenarios. The entire course is hands on and builds upon the skills and knowledge the students have previously received. Applications include Offensive only - Hunt Teaming, Data Harvesting, and Asset Extraction, Defensive Only – Defending Your Assets, Setting Active Intrusion Systems, Vulnerability Assessment and Remediation, and Offensive and Defensive – Capture the Flag, where teams are pitted against each other to protect their own resources while attacking the opposing team.

© 2019 Ultimate Knowledge Insitute | All Rights Reserved
GSA# GS-35F-0469W