Module 1: Introduction to Ethical Hacking
Module 2: Footprinting and Reconnaissance
Module 3: Scanning Networks
Module 4: Enumeration
Module 5: Vulnerability Analysis
Module 6: System Hacking
Module 7: Malware Threats
Module 8: Sniffing
Module 9: Social Engineering
Module 10: Denial-of-Service
Module 11: Session Hijacking
Module 12: Evading IDS, Firewalls, and Honeypots
Module 13: Hacking Web Servers
Module 14: Hacking Web Applications
Module 15: SQL Injection
Module 16: Hacking Wireless Networks
Module 17: Hacking Mobile Platforms
Module 18: IoT Hacking
Module 19: Cloud Computing
Module 20: Cryptography

Wayne Burke

His experience in the public / defense sectors is equally complemented by assignments undertaken for heavyweight world renowned corporations including Yahoo, Xerox, AT&T and Texas Instruments to name but a few. He is imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and IT Security (CIW-SA, Security+, CEH, ECSA, LPT, CHFI) besides a bachelor’s degree in science.

Wayne is currently the CSO for Sequrit CSI, responsible for the technical realm and security management, which includes consulting teams. He is a captain of a global operating group of penetration testers and security experts. Wayne and his group have delivered security assessments, Penetration Test assignments and customized training for International Corporations and many Government Agencies such as: EPA, FAA, DOJ, DOE, DOD + 8570: Air force, Army, Navy, Marines, FBI and Statewide Law Enforcement Offices in the USA.

In Europe: NATO, Europol, MOD (Military of Defense UK) various EU Law Enforcement, Dutch Ministry of Defense, Ministry of Justice, local European Law Enforcement: UK, Ireland, Switzerland, Belgium, Holland, Denmark.

Module 1: Computer Network and Defense Fundamentals
Response & Handling
Module 2: Network Security Threats, Vulnerabilities, and Attacks
Module 3: Network Security Controls, Protocols, and Devices
Module 4: Network Security Policy Design and Implementation
Module 5: Physical Security
Module 6: Host Security
Module 7: Secure Firewall Configuration and Management
Module 8: Secure IDS Configuration and Management
Module 9: Secure VPN Configuration and Management
Module 10: Wireless Network Defense
Module 11: Network Traffic Monitoring and Analysis
Module 12: Network Risk and Vulnerability Management
Module 13: Data Backup and Recovery
Module 14: Network Incident Response and Management

Michael Angelo Vien

Head of Cyber for Measured Risk

Michael Angelo Vien has extensive experience in security consulting for organizations in the Financial, Military, Government, Consumer, Gaming, and Telecommunications sectors. His technical strengths include the ethical hacking/penetration testing of web applications, desktop applications and networks, social engineering, operating system security, digital forensics, networking protocols and scripting languages.

Additionally, Mr. Vien has extensive experience in malware analysis including reverse engineering, detection and trending. He has performed penetration tests, network design/implementations, and application development for some of the largest corporations in the world, in addition to researching and developing viruses to help organizations better understand advanced threats.

Currently the Head of Cyber for Measured Risk, Vien has held positions with key organizations including CounterTack, where he serves as a key trainer in our malware analysis curriculum.

Module 1: Need for Security Analysis
Module 2: TCP IP Packet Analysis
Module 3: Penetration Testing Methodologies
Module 4: Customers and Legal Agreements
Module 5: Rules of Engagement
Module 6: Penetration Testing Planning and Scheduling
Module 7: Pre-penetration Testing Steps
Module 8: Information Gathering
Module 9: Vulnerability Analysis
Module 10: External Penetration Testing
Module 11: Internal Network Penetration Testing
Module 12: Firewall Penetration Testing
Module 13: IDS Penetration Testing
Module 14: Password Cracking Penetration Testing
Module 15: Social Engineering Penetration Testing
Module 16: Web Application Penetration Testing
Module 17: SQL Penetration Testing
Module 18: Penetration Testing Reports and Post Testing Actions

Kevin Cardwell

Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.

He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2017. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region. He holds the CEH, ECSA, LPT and a number of other certifications.

Module 1: Computer Forensics in Today’s World
Module 2: Computer Forensics Investigation Process
Module 3: Searching & Seizing Computers
Module 4: Digital Evidence
Module 5: First Responder Procedures
Module 6: Computer Forensics Lab
Module 7: Understanding Hard Disks & File Systems
Module 8: Windows Forensics
Module 9: Data Acquisition & Duplication
Module 10: Recovering Delete Files & Deleted Partitions
Module 11: Forensics Investigation Using Access Data FTK
Module 12: Forensic Investigation Using EnCase
Module 13: Steganography & Image File Forensics
Module 14: Application Password Crackers
Module 15: Log Capturing & Event Correlation
Module 16: Network Forensics, Investigating Logs & Investigating Network Traffic
Module 17: Investigating Wireless Attacks
Module 18: Investigating Web Attacks
Module 19: Tracking Emails and Investigating Email Crimes
Module 20: Mobile Forensics
Module 21: Investigative Reports
Module 22: Becoming an Expert Witness

Eric Reed

MCEI, CEH, CNDA, CHFI, ECSA, LPT, CISSP, MCT, MCSE:Security, MCDST, CNA, SCNS, SNCP, SCNA, Security+, A+, Network+, iNet+

Eric Reed has over 12 years of experience in the IT consulting and training field, specializing in security since 2005. He has consulted and delivered certification and customized training to all branches of the U.S. Military, and for many Fortune 100 and Fortune 500 companies, including: FBI, DCMA, SAIC, EPA, General Dynamics, Northrop Grumman, Best Buy, Target, Mayo Clinic, Medtronic, Blue Cross, Wells Fargo, US Bank, NASA, Boeing, Lockheed Martin, General Mills, Proctor and Gamble, AT&T,and Verizon, to name a few.

He has delivered CEH, CHFI, and ECSA/LPT for the last seven years, and has enjoyed a better than 95% pass across the board. He is a regular instructor for EC-Council’s iClass online training, and was also selected as the instructor for the official EC-Council iLearn self-study product for CEH v7.

Eric was awarded EC Council Instructor of the Year in 2009 and 2012, as well as the Circle of Excellence in 2006, 2007, and 2010.

1. Definitions
2. Information Security Management Program
3. Information Security Laws, Regulations, & Guidelines
4. Privacy Laws

2 – IS Management Controls and Auditing Management (Projects, Technology, and Operations)

1. Design, Deploy, and Manage Security Controls in Alignment with Business
Goals, Risk Tolerance, and Policies and Standards
2. Information Security Risk Assessment
3. Risk Treatment
4. Residual Risk
5. Risk Acceptance
6. Risk Management Feedback Loops
7. Business Goals
8. Risk Tolerance
9. Policies and Standards
10. Understanding Security Controls Types and Objectives
11. Implementing Control Assurance Frameworks
12. COBIT (Control Objectives for Information and Related Technology)
13. BAI06 Manage Changes
14. COBIT 4.1 vs. COBIT 5
15. ISO 27001/27002
16. Automate Controls
17. Understanding the Audit Management Process

Domain 3: Management – Projects & Operations

1. The Role of the CISO
2. Information Security Projects
3. Security Operations Management

Domain 4: Information Security Core Competencies

1. Access Controls
2. Physical Security
3. Disaster Recovery
4. Network Security
5. Threat and Vulnerability Management
6. Application Security
7. Systems Security
8. Encryption
9. Computer Forensics and Incident Response

Domain 5: Strategic Planning & Finance

1. Security Strategic Planning
2. Alignment with Business Goals and Risk Tolerance
3. Relationship between Security, Compliance, & Privacy
4. Leadership
5. Enterprise Information Security Architecture (EISA) Models, Frameworks, and Standards
6. Security Emerging Trends
7. It’s all about the Data
8. Key Performance Indicators (KPI)
9. Systems Certification and Accreditation Process
10. Resource Planning
11. Financial Planning
12. Procurement
13. Vendor Management
14. Request for Proposal (RFP) Process
15. Integrate Security Requirements into the Contractual Agreement and Procurement Process
16. Statement of Work
17. Service Level Agreements

Keith Rayle

CISSP, CISA, CCISO, Principal Security Consultant, World Wide Technology

With over 20 years of experience in security and privacy, Mr. Rayle has provided executive-level consulting in all industries, to include public and private sectors. Keith has designed and implemented most business services aspects of security at the corporate level, and has lead large multi-project security programs. On several occasions Mr. Rayle has acted as CISO, providing operational management of corporate security while defining and implementing programs, technical implementations, metrics collection, and reporting requirements. Keith has also assisted large organizations in defining CISO responsibilities and executive peer level reporting requirements.

Keith’s consulting experience also includes direct sales support, customer requirements definition, creation of contracts, and delivery of services, to include large multi-project/multi-year programs. He has provided executive advisory services in a variety of industries, to include retail, aerospace engineering, national/international banking, healthcare, manufacturing, logistics and transportation, federal/state organizations, and others. His wide range of regulatory experience includes PCI, SOX, FFIEC/FIDC, HIPAA, NERC CIP, and his framework knowledge extends to ISO/IEC 27001/27001, NIST, FISMA, OCTAVE and others.

Keith has provided program level services for customers, to include advising Fortune 100 executives (CIO and CISO), creation of corporate security programs and strategies, risk program creation and implementation, performing compliance and audit reviews, and delivering security/privacy framework implementations. Mr. Rayle has also led large, geographically dispersed technical implementation teams. He has provided all aspects of creating and implementing multi-project technical programs, from requirements gathering to shifting systems into normal SDLC maintenance cycles. Keith has assisted customers in defining technical and non-technical needs, creating roadmaps for remediation, implementing solutions, and auditing results. He has created large risk management frameworks for global enterprises, to include complex operations such as mergers, acquisitions, and divestitures.