COURSE SUMMARY This course is one of the essential courses required for certification and designation as a Security and Resilience Professional/Manager under the Infrastructure Resilience Research Group, IRRG, Office of the Dean, Faculty of Engineering and Design, Carleton University.

​

This course has been specifically designed for employees and managers to gain and advance their understanding and knowledge to communicate and participate in discussions with IT and ICS professional to address the growing cyber security threats to organizations and digitalized infrastructure systems.

​

The course is divided into the following four (4) modules:

​

Module 1: Cyber Security Terminologies and Concepts

To be able to participate in cyber security incidents discussions, one needs a clear understanding of the various terms that are used. This section will explain in non-technical concepts, such as: network architecture, virus, ransomware, Stuxnet, cybercrime, IOT, VPN, cloud, exploits, firewall, data breaches, malware, Trojan house, worm, bot/bot net, DDOS, phishing/spear phishing, encryption, BYOD, clickjacking, pen-testing, domain, software, etc.

​

Module 2:  Security in the Digital Age
Discusses the cyber security threat landscape and organizational vulnerabilities, including sabotage, insider threat, the use of intelligence in operational programs and policy analysis, impacts of AI on cybersecurity, etc.

​

Module 3: Cyber Attacker Tradecraft

Discusses recent cyber incidents and their impacts on organizations, how attackers exploit small system vulnerabilities to escalate their access and steal classified/confidential information.

​

Hands – on Demonstration

This section will also include hands – on demonstration of how hackers gain access to files, the tools and techniques used (Linux Operating System, Pineapple, Flipper Zero, Phyton, etc.), social media vulnerability exposures and mitigation strategies, cloning of devices, etc.

​

Module 4: Cyber Security Controls

Covers open-source collection of intelligence, techniques/cycles, social engineering, types of information available to conduct personnel assessments, understanding criminal mindset, modern warfare, cyber security culture, and best practices.

​

At the end of the course, you will be able to:

​

 

• Use OSINT to supplement reliability screening reviews and investigations;

• Recognize the exposure from information publicly available to attackers;

• Explain at a high level the steps behind a cyber attack;

• Express and evaluate cyber risks as business risks;

• Communicate requirements and comprehend feedback from IT personnel with regards to cybersecurity; and

• Explain the rationale behind basic and specific IT security controls.
  
  Upon the successful completion of this training, the course participants will be issued an IRRG certificate, indicating that they have gained the required fundamental cybersecurity knowledge.
   

Who should attend:

​

This course is designed for security managers and practitioners to advance their understanding of IT/ICS security to engage in effective communication and resolve issues with respect to information sharing and cybersecurity.

 

Security professionals, from Government and the Industry, who must interact with their organization’s IT, ICS control room supervisors, officials, and require basic underlining of the threats and techniques to be able to participate in discussions.

 

Managers responsible for addressing their organization’s cybersecurity issues.

 

Generalists interested in gaining awareness of the growing cybersecurity threats and concepts.

​

COURSE INSTRUCTORS:

​

Felix Kwamena,

Ph.D. Adjunct Research Professor Department of Systems and Computer Engineering / Director Infrastructure Resilience Research Group (IR2G)

​

Jerry Shelest,

IRRG Research Associate / Strategic Cybersecurity Analyst

​