picto-module-4

Module 4

Training for IT/OT professionals

Duration : 5 consecutive days  | Prerequisite:This training is for professionals: System administrators, Network engineers, IT/OT engineers, OT developers and their managers. The participants must have the following competencies:

  • Network notions: TCP/IP, DNS, DHCP, VLAN, basic routing, firewall, NAT.
  • Culture logs & investigation: knowing how to read journals (system, network, application) and understanding the cycle of an incident (detection → response → recovery).
  • Comfortable with IT tools :
    • Command line (Windows PowerShell / Linux bash).
    • Understanding of AD/LDAP environments (at least certain notions).
  • Soft skills: able to work as part of a team, to document and follow procedures (runbooks).
cyber-range-green-baseline

Module presentation

This week of training, for IT and OT professionals, aims to improve awareness and operational preparation of teams against cyberattacks. It aims to train the participants to detect the threats, contain them, eradicate them and quickly reestablish activity after an incident.

Finally, it will help them to elaborate a practical communication and coordination guide to be used in the case of an incident, a real tool that will serve as a reference material for technicians to ensure efficient and structured management of cybersecurity incidents.

Pedagogical objectives

  • Improve awareness and operational preparation of teams against cyber attacks;
  • Train the participants to detect, contain and eradicate threats and recover the activities after the incidents;
  • Help the participants to elaborate a practical communication and coordination guide to be used in the case of an incident. This tool will be used by technicians to ensure efficient and structures management of cybersecurity incidents.

Number of participants

MAX 15 participants (5 managers + 10 technicians) – MIN 6 (2 managers + 4 technicians)

module-4

Program

For the managers:

  • Day 4: Understand the 4 technical topics address but with a managerial point of view;
  • Day 5: Cooperative practical activity, management of a crisis and debrief of the week.

For the technicians:

  • Day 1: Ransomware – Understanding the attack chain and the initial access vectors: implementing containment and recovery strategies; testing the backup and communication plans;
  • Day 2: Persistence and surveillance – Detecting stealth persistence, escalating privileges, data exfiltration, improving surveillance and journaling;
  • Day 3: OT and sabotage – Recognising specific OT risks, securing the PLC/SCADA, responding to sabotage attempts;
  • Day 4: Forensic – practicing an analysis of the acquisition of volatile and non volatile data, control chain cause analysis with explicit reporting;
  • Day 5: Cooperative practical activity, management of a crisis and debrief of the week.

Sign up for our training