INDIVIDUAL LEARNERS

SCHOOL OF CYBERSECURITY

Introduction to
Cybersecurity
Nanodegree Program Syllabus
Overview
Cybersecurity is a critically important field for businesses in every industry, especially given the proliferation of data breaches
(more than 3.2 million records were compromised in the 10 biggest data breaches in the first half of 2020 alone). To reduce
risk and improve security, businesses are rushing to hire for cybersecurity roles, yet there’s projected to be 3.4 million unfilled
cybersecurity jobs by 2022. The Introduction to Cybersecurity Nanodegree program will equip learners with the foundational
skills to get started in this highly in-demand field.

Learning Objectives

A graduate of this program will be able to:

• Evaluate specific security techniques used to administer a system that meets industry standards and core
controls.

• Explain methods for establishing and maintaining the security of a network, computing environment, and
application.

• Apply control techniques to secure networks, operating systems, and applications.

• Conduct threat assessments and vulnerability scans to secure the assets of an organization.

Built in collaboration with:

Introduction to Cybersecurity 2
Program information

Estimated Time Skill Level

4 months at 10hrs/week* Beginner

Prerequisites

A well-prepared learner should:

• Understand basic principles of network connectivity.

• Understand basic operating system fundamentals including Windows or Linux.

Required Hardware/Software

Learners will need a desktop or laptop computer running recent versions of Windows, Mac OS X, or Linux and an unmetered
broadband internet connection.

*The length of this program is an estimation of total hours the average student may take to complete all required
coursework, including lecture and project time. If you spend about 5-10 hours per week working through the program, you
should finish within the time provided. Actual hours may vary.

Introduction to Cybersecurity 3
 Course 1

Cybersecurity Foundations
Security is embedded in all we do online and is a critical job skill and career field. This foundations course explains security
fundamentals including core principles, critical security controls, and cybersecurity best practices. Students will also evaluate
specific security techniques used to administer a system that meets industry standards and core controls, assess high-level
risks, vulnerabilities, and attack vectors of a sample system, and explain ways to establish and maintain the security of
different types of computer systems.

Course Project

Securing a Business Network

In this project, students will apply the skills they have acquired in the Cybersecurity Fundamentals course to
conduct a hands-on security assessment based on a common business problem. Students will investigate
and fix security issues on a Windows 10 client system as a way of demonstrating fundamental cybersecurity
knowledge, skills, and abilities.

• Understand the relevant role of cybersecurity and why it is important.

Lesson 1
• Describe how business stakeholders play a role in cybersecurity.
Cybersecurity Fundamentals
• Become familiar with cybersecurity tools, environments, and dependencies.

• Identify trends in cybersecurity events and protection techniques.

Lesson 2 • Describe careers and skill qualifications of cybersecurity professionals.

What is Cybersecurity • Explain security fundamentals including core security principles, critical security
controls, and best practices.

Introduction to Cybersecurity 4
 • Apply methods to enforce cybersecurity governance.

• Identify common security regulations and frameworks.

Lesson 3
• Explain how current security laws, regulations, and standards applied to
cybersecurity and data privacy.
Maintain Secure
Infrastructure • Recognize components of the NIST Cybersecurity Framework (CSF).

• Recognize components of the Center for Internet Security Critical Security

Controls (CSC).

• Categorize assets, risks, threats, vulnerabilities, and exploits.

• Identify different types of vulnerabilities in a system.

Lesson 4
• Identify the categories of a cyber threat.
Think Like a Hacker
• Determine the phase of a cyber attack.

• Recognize common exploits.

• Explain how security defenses are layered throughout different system

architectures.

• Explain components of identity and access control.

Lesson 5 • Identify common identity and access control protection techniques.

Security Defenses • Determine patch levels for common systems/applications.

• Describe the process and technique for applying patches and updates on
computing devices.

• Understand protection for email and other communication methods.

• Identify organizational asset(s).

Lesson 6
• Analyze vulnerabilities and risks to those organizational assets.
Applying Cybersecurity
• Recommend and apply basic security controls.

Introduction to Cybersecurity 5
 Course 2

Defending and Securing Systems

In this course, students will be exposed to a diverse group of technologies that will provide or enhance the skills needed to
enter the cybersecurity field. Students will apply best practices of Defense in Depth to secure computer systems, use outputs
from security incidents to analyze and improve future network security, and search internal systems to determine network
vulnerabilities. Students will also learn how to recommend mitigations to address common application vulnerabilities and
ensure fundamental encryption techniques for securing data at rest and in transit.

Course Project

Monitoring and Securing Douglas Financials Inc.

Douglas Financials Inc. (DFI) has experienced successful growth and as a result is ready to add a security
analyst position. Acting as that new analyst, students will analyze Windows and Linux servers and report
recommendations on OS hardening, compliance issues, encryption, and network security. Students will also
create firewall rules, analyze threat intelligence, and encrypt files and folders for transport to a client.

• Explain the Defense in Depth approach to a layered security strategy.

Lesson 1 • Explain the NIST 800 framework for defending computer systems.

Defending Computer Systems • Determine if a system has implemented least privileged properly.

& Security Principles • Suggest approaches to correct systems that have inappropriately implemented
least privileged principles.

Introduction to Cybersecurity 6
 • Differentiate between different types of firewalls.

• Analyze the effectiveness of firewall rules and craft a basic rule.

Lesson 2 • Evaluate best practices for securing wireless networks.

• Explain different types of IDS/IPS and craft a basic IDS signature.

System Security:
Securing Networks • Evaluate documentation to determine proper security settings in Windows.

• Identify the impact of services, permissions, and updates on Windows Security.

• Identify the impact of daemons, permissions, and patches on Linux Security.

• Interpret between different types of logs.

Lesson 3
• Define the basic parts of network traffic.

Monitoring & Logging • Interpret the output of a firewall and IDS report.
for Detection of
• Explain the importance of a SIEM.
Malicious Activity
• Explain the pros and cons of open source vs. commercial SIEM.

• Define encryption.

• Differentiate different types of encryption techniques.

Lesson 4
• Determine the appropriate encryption type for a given scenario.
Cryptography Basics • Differentiate between data at rest and data in transit.
(Applied Cryptography)
• Differentiate different types of encryption techniques for data in transit.

• Define and analyze file hashes.

Introduction to Cybersecurity 7
 Course 3

Threats, Vulnerabilities & Incident Response

Cybersecurity breaches happen when a threat is able to successfully exploit a vulnerability within a business. To avoid these
attacks, security professionals must understand threats the company is facing, including the various threat actors and their
motivations. Security professionals must also be able to find vulnerabilities that can enable threats to attack through common
practices such as vulnerability scanning and penetration testing. Finally, security professionals should be able to activate and
follow incident response procedures to address cybersecurity incidents and breaches. Ultimately, during this course, students
will learn how to identify security threats and gaps, fix issues, and respond to inevitable attacks.

Course Project

Navigating a Cybersecurity Incident

Hospital X has seen its worst nightmare become a reality. After several hospitals in its partner network
got hacked, the medical establishment has realized that it’s likely they are next on the attack hit list. In
situations like this, it’s important for the cybersecurity team to understand the threats at hand, whether the
company is vulnerable, how to close the gaps, and ultimately, how to respond if there is indeed a security
incident. In this project, students will apply the skills they have acquired in this security course to navigate a
potential cyber incident.

Students will work to identify the type of threat actor involved and potential motivation behind the
attack. Based on clues provided throughout the scenario, students will conduct scans to discover and test
vulnerabilities that could lead to a successful attack. Students will then assess risk levels associated with
the findings and propose a remediation plan. They will also leverage a provided incident response plan to
navigate the potential breach and make recommendations for improvements to the plan.

The final implementation of the project will showcase students’ vulnerability management and incident
response skills, including their ability to prioritize threats and make recommendations to key stakeholders.

Introduction to Cybersecurity 8
 • Explain the relationship between threats, threat actors, vulnerabilities,
and exploits.
Lesson 1
• Utilize event context to identify potential threat actor motivations.
Assessing Threats • Identify security threats applicable to important organizational assets.

• Use standard frameworks to assess threats, identify risks, and prioritize.

Lesson 2 • Leverage the MITRE ATT&CK framework to understand attack methods.

• Configure and launch scans to find vulnerabilities.

Finding Security
Vulnerabilities • Explain the steps required to conduct a penetration test.

• Conduct vulnerability research using industry resources like MITRE CVE

framework.
Lesson 3
• Validate scan results through manual testing and application of business
Fixing Security Vulnerabilities context.

• Prioritize security gaps and recommend remediation strategies.

• Explain the relationship between incident response, disaster recovery, and

business continuity.
Lesson 4
• Distinguish events from incidents and recognize indicators of compromise.
Preparing for • Explain the incident response lifecycle.
Inevitable Attacks
• Recognize the key incident response team roles and core components of an
incident response plan.

Introduction to Cybersecurity 9
 Course 4

Governance, Risk & Compliance

Cybersecurity governance, risk, and compliance (GRC) has rapidly become a critical part of an effective cybersecurity strategy.
While it’s important to understand why, how, and where to apply cybersecurity controls, GRC connects cybersecurity controls
to business objectives and serves as a safety net to ensure controls are applied efficiently and effectively. In this course,
students will learn about the functions of governance, risk, and compliance and how each function operates alongside
operational controls to strengthen an organization’s security. Students will also learn how to assess control effectiveness,
measure security risk, and ensure that organizations are meeting security compliance objectives.

Course Project

Create the SwiftTech GRC Program

SwiftTech is a company in transition—they are accelerating product development while trying to maintain
a high standard for flexibility and responsiveness with customers, and doing all this while migrating
their infrastructure to the cloud. This fast-paced environment creates challenges for the organization’s
cybersecurity GRC practice. As a brand new GRC analyst for SwiftTech, you’ll need to understand the
business quickly and improve their documentation to help support the organization’s goals.

• Understand the historical underpinnings of cybersecurity GRC.

• Explain the key functions of each of the Governance, Risk, and Compliance
Lesson 1
(GRC) roles.
Introduction to Governance, • Articulate the connection between GRC roles.
Risk & Compliance
• Demonstrate the importance of cybersecurity GRC in accomplishing
cybersecurity objectives and business goals.

Introduction to Cybersecurity 10
 • Understand reliance on governance professionals to align business and
security strategy.

• Describe how governance professionals are expected to communicate with the

Lesson 2
organization.

Governance • Develop organizational security policies and procedures.

• Understand common methods for providing employee security training.

• Explain keys to assessing security controls against expected results.

• Explain how organizations measure cybersecurity risk.

• Develop risk measurement documentation.

Lesson 3 • Remediate risk and report risk measurement and remediation activities to
senior leadership.
Risk
• Develop and interpret risk statements.

• Understand the differences between value based risk assessment and

traditional risk assessment.

• Describe sources of compliance.

Lesson 4 • Locate and assess relevant sources of compliance for your organization.

Compliance • Interpret compliance obligations and develop control objectives.

• Measure existing security controls against control objectives.

• Understand audit and assessment goals.

• Explain the role governance, risk, and compliance professionals have in

Lesson 5
ensuring audits achieve expected goals.
Audit Management • Learn how to facilitate and control audits.

• Develop management responses and remediation plans for audits.

Introduction to Cybersecurity 11
Meet your instructors.

Christine Izuakor, PhD, CISSP

Founder & CEO, Cyber Pop-Up

Dr. Christine Izuakor is the CEO of Cyber Pop-up, an on-demand cybersecurity platform powered
by vetted cyber freelancers. She has over a decade of experience leading cybersecurity functions
within Fortune 100 companies and has her PhD in security engineering.

Jerry Smith
Information Security Engineer

Jerry is a member of the security operations center for the University of Alabama at
Birmingham, where he is the lead threat hunter and a member of the firewall team. Previously
he was an information security engineer for Hibbett Sporting Goods.

Ron Woerner, CISSP, CISM

Chief Security Officer

Ron Woerner is a noted consultant, speaker and writer in the security industry. As chief
security evangelist at Cyber-AAA, LLC, he delivers training and security risk assessments for
small, medium, and large organizations. Woerner also teaches at Bellevue University, an NSA
Center of Academic Excellence.

Sean Pike, Esq., M.S.

Sr. Director, Security & GRC

Sean Pike is a cybersecurity and GRC leader with 20+ years of experience leading cybersecurity
initiatives in regulated companies. Mr. Pike works with organizations to develop unique, proactive
security solutions that follow stringent security principles while accelerating business.

Introduction to Cybersecurity 12
Udacity’s learning
experience

Hands-on Projects Quizzes

Open-ended, experiential projects are designed Auto-graded quizzes strengthen comprehension.
to reflect actual workplace challenges. They aren’t Learners can return to lessons at any time during
just multiple choice questions or step-by-step the course to refresh concepts.
guides, but instead require critical thinking.

Knowledge Custom Study Plans

Find answers to your questions with Knowledge, Create a personalized study plan that fits your
our proprietary wiki. Search questions asked by individual needs. Utilize this plan to keep track of
other students, connect with technical mentors, movement toward your overall goal.
and discover how to solve the challenges that
you encounter.

Workspaces Progress Tracker

See your code in action. Check the output and Take advantage of milestone reminders to stay
quality of your code by running it on interactive on schedule and complete your program.
workspaces that are integrated into the platform.

Introduction to Cybersecurity 13
Our proven approach for building
job-ready digital skills.
Experienced Project Reviewers

Verify skills mastery.

• Personalized project feedback and critique includes line-by-line code review from
skilled practitioners with an average turnaround time of 1.1 hours.

• Project review cycle creates a feedback loop with multiple opportunities for
improvement—until the concept is mastered.

• Project reviewers leverage industry best practices and provide pro tips.

Technical Mentor Support

24/7 support unblocks learning.

• Learning accelerates as skilled mentors identify areas of achievement and potential
for growth.

• Unlimited access to mentors means help arrives when it’s needed most.

• 2 hr or less average question response time assures that skills development stays on track.

Personal Career Services

Empower job-readiness.
• Access to a Github portfolio review that can give you an edge by highlighting your
strengths, and demonstrating your value to employers.*

• Get help optimizing your LinkedIn and establishing your personal brand so your profile
ranks higher in searches by recruiters and hiring managers.

Mentor Network

Highly vetted for effectiveness.

• Mentors must complete a 5-step hiring process to join Udacity’s selective network.

• After passing an objective and situational assessment, mentors must demonstrate

communication and behavioral fit for a mentorship role.

• Mentors work across more than 30 different industries and often complete a Nanodegree
program themselves.

*Applies to select Nanodegree programs only.

Introduction to Cybersecurity 14
Learn more at
www.udacity.com/online-learning-for-individuals →

12.02.22 | V1.0