The UofT SCS

CYBERSECURITY
BOOT CAMP
Curriculum Overview
The frequency of data and security breaches in the news grows almost daily, and as a result,
there is tremendous job demand for cybersecurity professionals. It’s important now, more than
ever, to have trained, skilled professionals securing our data and personal information.

The 24-week Cybersecurity Boot Camp is a challenging, part-time program that takes
a multidisciplinary approach to attaining proficiency in IT, networking, and modern
information security.

Throughout the course, you will gain experience with a host of popular tools such as Wireshark,
Kali Linux, Metasploit, Nessus, and more. In addition, registrants will learn skills applicable to
certifications such as the CompTIA Security+, Network+, Linux+, Server+, Cloud+, and Certified
Ethical Hacker (CEH), which can greatly enhance desirability and employability in today’s job
market. You will also learn methods, techniques, and best practices for convincingly conveying
the severity of the risks facing an organization’s security posture.

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC
 IS THIS PROGRAM RIGHT FOR YOU?

If you are eager to become a digital defender and learn how to keep data safe from prying eyes, or
if any of the below describe you, enrolling in this program could help put you on the path to
achieving your goals:

You are currently working in a technical field and want to expand your cyber knowledge, better
understand how to keep data secure, and learn hands-on skills to apply on the job.

You are a part of a company that has urgent cybersecurity needs to protect the confidentiality,
availability, and integrity of data and software.

You understand the growing need for cybersecurity professionals and want to become a part of
making the internet a safer space.

You are a tech enthusiast looking to start your career in tech and get your foot in the door in the
world of networking and security.

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 1
 THE SKILLS YOU’LL GAIN

Upon completion of the program You will have a foundation in Cybersecurity and Networking, including*:

Networking Ethical Hacking and Penetration

• Packet Analysis • Kali Linux
• Wireshark • Metasploit
• Hashcat
• Burp Suite
Systems • Web Vulnerabilities and Security
• Windows and Linux Administration
Techniques
Cybersecurity Careers
• Windows and Linux Hardening
• Digital Forensics Methods
• Penetration Testing

Cybersecurity
• Vulnerability Assessment
• Security Operations and Analytics
• Secure Network Design and Architecture
• Risk Management
• Cryptography
Programming and Scripting
• Vulnerability Assessment
• Bash Scripting
• Identity and Access Management
• PowerShell Scripting
• Cloud Security

* Note: These topics are subject to change based on local market demand and the input of hiring partners.

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 2
BUILDING
ON THE BASICS
Achieving your goals in Cybersecurity requires not only
deep security knowledge, but also experience with the
application of that knowledge.

Our curriculum is designed to give you both the knowledge

you need to move toward the cybersecurity industry and
ample experience applying that knowledge to real-world
problems. Throughout the program, you will learn tools and
technologies vetted by current practitioners, and learn skills
applicable to certifications expected of all serious security
professionals.

As part of our program, we will provide you with two weeks

of certification test prep for the Security+ and CEH exams,
and one year access to CompTIA’s CertMaster online test
prep platform for the Security+ exam, the industry’s most in-
demand entry level general cybersecurity certification.

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 3
 CHOOSE YOUR CERTIFICATION

In addition to the in-class test prep material related to the CompTIA Security+ exam, at the end of
the boot camp, you will receive the opportunity to choose a free CompTIA exam voucher for the
certification that best aligns with your interests and desired career path.

You will be able to select a voucher for one of the following exams: Security+, Network+, Linux+,
Server+, or Cloud+. In addition to the Security+ CertMaster practice tool that you will use during
the boot camp, if you choose to pursue a certification exam other than Security+, you will also be
given access to the CertMaster practice tool that aligns with the certification of your choice at the
end of the boot camp.

REAL WORLD APPLICATION, REAL JOBS

After completion of the Cybersecurity Boot Camp you will learn critical skills
relevant to the following careers:

Cyber Network Defender Information Assurance Specialist

Cybersecurity Analyst SOC Analyst

Vulnerability Assessment Analyst Digital Forensics Examiner

Cybersecurity Operations Specialist Incident Response Analyst

Network or System Security Administrator IT Auditor

Systems Security Analyst

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 4
 WHAT YOU WILL LEARN

By the time you complete the program, you can expect to be able to:

Understand cybersecurity threats, actors, Identify suspicious patterns of user behavior to

and methods identify bots, intruders, and other malicious actors

Analyze packet traffic flowing over a network in order Write Bash scripts to automate security and
to better troubleshoot issues and monitor users operating systems tasks
browsing habits

Articulate important best practices around password

selection and storage, then crack into (mock!)
Understand and implement network theory
user accounts

Configure machines on a virtual network, deploy them Advise on cybersecurity best practices and risk
to the cloud, and investigate cloud security risks management strategies

Perform administrative and security tasks to Windows Implement access control policies as an additional
and Linux Operating Systems layer of security over an organization’s private data

Conduct vulnerability assessments using tools like

Develop best practices in implementing security
Metasploit to profile an application for vulnerabilities,
strategy policies across an organization
and then exploit those vulnerabilities

Perform network, system, and web penetration test-

ing activities

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 5
 COURSE STRUCTURE
The program will consist of both insightful lectures and individual and group exercises, meant to reinforce
the tools and ideas introduced in class. The skills covered in the course are also applicable to in-demand
certifications, such as CompTIA Security+, Network+, Linux+, Server+, Cloud+, and Certified Ethical Hacker
(CEH). Better yet, you’ll learn how to apply these technologies in the real world.

Discussion Certification Knowledge Building Hands-on exercises

Industry professionals lead lectures and Gain valuable experience and learn skills Throughout the course, you will apply the
class discussions on the background, applicable to top certifications in the skills you’ve learned in labs and in other
history, and applications of a new cybersecurity industry including: CompTIA practical scenarios. By the completion of
technology or concept. Security+, Network+, Linux+, Server+, the program, these assignments will give
Cloud+, and Certified Ethical Hacker you a vast array of first-hand cybersecurity
(CEH) certifications. During and after the and networking experience.
boot camp, use the CompTIA CertMaster
companion tool to study for the CompTIA
exam of your choice and take the CompTIA
exam with your one free exam voucher.

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 6
WE’RE HERE TO HELP
As you move up the learning curve, you’re likely to have questions around some of the concepts covered in class.
We’re here to help—through in-person and virtual office hours, as well as a dedicated #slack channel where you
can get assistance from instructors, support staff and your fellow learners. In addition to learning cybersecurity and
network security, you will have access to career services that will help you prepare for technical roles after program
completion, such as:

Career Content and Practice Sessions Online Career Events With Industry Professionals

Database of Customizable Tools and Templates Soft Skills Training

• Multiple Technical Resume Templates
• Github Best Practices
• Guidelines To Building A Portfolio One-on-One Career Coaching
• Creating an Elevator Pitch
• Developing a Bio

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 7
MEETING EMPLOYER EXPECTATIONS
It’s a fact: companies care about what you can do, not what you say you can do. For that
reason, our curriculum teaches you how to apply what you’ve learned to simulated and
lab based environments.

The curriculum emphasizes in-depth exploratory labs, ranging from conducting intrusion
detection to attacking and securing a vulnerable web application. Learners will use
personal laptops to practice the skills and abilities included in this course.

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 8
 SAMPLE PROJECTS

Network Analysis & Skills Needed

Troubleshooting • Wireshark
• Packet and Protocol Analysis
At its most basic level, network security requires monitoring
• Familiarity with TCP/IP, HTTP, and other protocols
and analyzing the data flowing over networks. Familiarity • Tapping into Networks
with patterns at the packet level is essential for both basic
troubleshooting and more intensive tasks like examining
security issues. In this activity, you will monitor the packets
Objectives
being transmitted over a network to gain insight into problems
such as dropped packets and finding what insecure websites • Use Wireshark to analyze packets and identify
transmission patterns
users may have accessed.
• Articulate the relationships between different network
protocols such as TCP/IP and HTTP
• Identify suspicious patterns of network activity to hone
in on malicious users

Network Security Skills Needed

Monitoring and Logging • Network Monitoring
With data breaches becoming an almost daily news story, • Packet Analysis
the importance of secure data is a priority for companies • SIEMs configuration

in all sectors of any size. There is far more data than can
be examined directly, but it all must be protected. Security
specialists use monitoring and logging to identify suspicious Objectives
trends in data, thereby identifying potential incidents and
• Configure logging and monitoring systems
informing future intrusion detection efforts. In this activity, • Collect and analyze data from logging and monitoring
you’ll analyze log data, identify and characterize intrusion systems
evidence from the data, and perform incident response.

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 9
 SAMPLE PROJECTS CONTINUED...

Attacking a Web Application Skills Needed

The modern web is one of the most popular places for • HTTP • XSRF
people to spend their time and store their data. Because of • JavaScript • Familiarity with
this popularity, websites are common avenues of attack. In • SQL cookie-based
this activity, you will explore, attack, and profile a vulnerable
• XSS authentication

website with tools like Burp Suite. Then, you will summarize
the site’s vulnerabilities with policy recommendations for
managers and leadership. Objectives
• Explore common web application exploits—such as SQL
injection XSS and XSS—from an offensive perspective,
to better understand how hostile parties analyze and
assault their targets
• Use Burp Suite to automate web-app vulnerability
scanning
• Explore the various available attack vectors and insertion
points relevant to web applications
• Distill the technical results of a penetration test into policy
recommendations bound for management

Cracking and Skills Needed

Securing Password- • Hashing algorithms • Brute-force attacks

Protected Data • Password storage

best practices
•
•
Rainbow Tables
Hashcat
Let’s be honest: how many of your passwords are • Dictionary attacks

exactly the same or variations of each other? Most of the

web’s user-provided data is secured by little more than
a password. Since users often reuse passwords, never
update passwords, or use easily-guessed combinations, the Objectives
onus is on the cybersecurity professional to enforce best • Guess a user’s password via both dictionary and brute-
practices around password creation, storage, and database force attacks
management. In this activity, you’ll gain experience with
• Articulate the relative strengths and weaknesses of
different password cracking techniques
password cracking strategies, and write a report suggesting
• Articulate policy recommendations for managers to
technical, governance, and UX policies effective for reduce the surface area of password-based attacks
minimizing vulnerability to such attacks.

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 10
 SAMPLE PROJECTS CONTINUED...
Penetration Testing Skills Needed
Ultimately, the best indication of a system’s security is how • Metasploit
well it holds up against an actual attack. Penetration testing • Ability to perform active and passive reconnaissance
is the cybersecurity professional’s opportunity to don the • Ability to perform Open Source Intelligence gathering
proverbial Black Hat, and probe pre-made systems for
• Kali Linux
• Vulnerability scanners
vulnerabilities using tools like Metasploit. You will conclude • Network intrusion
your exploration of these systems with recommendations for
mitigating any vulnerabilities that may have been uncovered
during the pen test.
Objectives
• Use Metasploit to probe an application for vulnerabilities
and then attack the application via a series of pertinent,
Metasploit-provided exploits
• Develop familiarity with the main phases of a penetration
test, including Reconnaissance; Scanning; Access
Acquisition; Access Maintenance; and Clearing Tracks/
Erasing Evidence
• Translate the technical results of the penetration
test into a document with actionable policy resources
for management

Digital Forensics Skills Needed

Users often delete data from devices that they would • Digital Forensics
prefer others not to see—but, sometimes, organizations • Electronic Discovery
find themselves in need of the very information that • Data Recovery
was deleted. You will receive an introduction to digital
forensics investigation and response. Topics include legal
compliance, chain of custody procedures, procedures for Objectives
investigating computer and cybercrime, and concepts for • Discuss the rules, laws, policies, and procedures that
collecting, analyzing, recovering, and preserving affect digital forensics
forensic evidence. • Describe the steps in performing digital forensics from
the initial recognition of an incident through the steps of
evidence gathering, preservation and analysis, through
the completion of legal proceedings
• Use one or more common tools such as FTK, Sleuthkit,
Kali Linux, Volatility, SNORT

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 11
 COURSE CURRICULUM BY MODULE

Module Description What You’ll Learn

Learning Module: In this module, you will learn to think like » CIA Triad
a cybersecurity professional by assessing » Governance
Security Fundamentals
threats and mitigating risks. You will also
» Risk Analysis and Risk Mitigation
look at security from an organizational
perspective as you dive into Governance, » Compliance
Risk, and Compliance. You will learn how » Business Continuity Planning
security controls impact an organization » Disaster Recovery
and its employees. This will enable you to
communicate with non-security professionals,
work with stakeholders outside of the security
space, and understand how teams interact in
an organization.

Learning Module: You will cover both Linux and Windows » Linux Server Configuration
systems administration. You will gain hands- » Tar, Cron, and Cronjobs
Systems Administration
on experience working with the command
» Logging
line and bash commands that are prominent
in IT roles. You will configure and audit » Bash Scripting and Programming
servers, as well as harden and secure them » Windows Server Configuration
from malicious attacks. » Active Directory
» Kerberos

Learning Module: You will dive into network configuration, » Network Architecture, Operations,
design, protocols and data communication. and Security
Networks and
You will study cryptography, network security, » Wireshark and Traffic Analysis
Network Security
cloud security, and virtualization.
» Email Security
» Wireless Security
» Cryptography and Encryption
» Port Scanning
» Cloud Security and Virtualization

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 12
 COURSE CURRICULUM BY MODULE CONTINUED...

Module Description What You’ll Learn

Learning Module: You will dive into SIEMs and network » Splunk
security monitoring. You will cover the » Monitoring and Logging
Defensive Security
Incident Response framework and practice
» Incident Response
responding to different breaches and attacks.
You will also cover Digital Forensics and how » Forensics
to recover deleted data as part of preparing » Data Extraction and Recovery
evidence for a legal case.

Learning Module: You will gain a thorough understanding » Burp Suite

of web applications, databases, and the » XSS Vulnerabilities and Payloads
Offensive Security
vulnerabilities and hardening associated with
» SQL Injection
them. You will dive into penetration testing
using tools like Metasploit to attack and » Webshells
compromise networks and servers. » File Inclusion and Command Injection
Vulnerabilities
» Penetration Testing Execution
Standard
» Searchsploit and Metasploit
» Zenmap
» Metasploit
» Pivoting Networks

Learning Module: You will focus on certification prep for » Security+

Security+ and CEH exams and conclude the » CEH
Test Prep and
program with a final group project.
Final Projects

UofT SCS Cybersecurity Boot Camp - Powered by Trilogy Education Services, LLC 13