The Becoming a Cybersecurity Consultant course is the perfect choice for individuals planning to develop a career in cybersecurity, middle managers and executives. The course covers the following main learning objectives: Threats - Technology - Economics.
The curriculum is designed to cover theoretical concepts which a Cybersecurity Consultant (medium level) should know. It is structured in 4 modules and is aimed to be finished in about 3-4 weeks-time.
The course contains a set of quizzes with a pass mark of 60%. Learners interested in getting the certificate have to pass all the quizzes and get a total score of 70% or above.
Except otherwise noted, the reuse of these presentations/videos is authorized under the Creative Commons Attribution 4.0 International (CC BY 4.0) license (https://creativecommons.org/licenses/by/4.0/). This means that reuse is allowed provided appropriate credit is given and any changes are indicated. For any use or reproduction of material that is not owned by the CONCORDIA partner providing the respective course, permission must be sought directly from the copyright holders.
The course Becoming Cybersecurity Consultant was developed as part of the CONCORDIA project, and it is a joint effort of the following partners: University of Milan, University of Lorraine, University of Zurich, University of Insubria, Industrial Systems Institute Athens, Bitdefender, TUV IT Austria, EIT Digital.
The CONCORDIA project is funded by the European Union’s Horizon 2020 Research and Innovation program under Grant Agreement No 830927.
Overview
Syllabus
- INTRODUCTION
- Cybersecurity Principles
- The main focus of this module is to set up the stage for the rest of the course presenting key concepts that will be extended in the following modules. It will present an introduction to security and security properties as well as details on privacy and privacy preserving mechanisms. It will introduce the concept of accountability in the context of a Continuous Appropriate Dynamic Accountability strategy. Finally it will address elements linked to Risk Management. The module is organized in 3 lessons tackling the above aspects in a theoretical way leaving to other modules the deep dive into the relevant technical aspects. It is expected that at the end of the module, learners will acquire (a) knowledge on cyber threats and vulnerabilities, (b) knowledge on confidentiality, integrity, and availability principles (c) knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data, (d) Skill in applying confidentiality, integrity, and availability principles, (e) Knowledge of risk/threat assessment, (f) Skill in performing impact/risk assessments.
- Cybersecurity Offensive Methods
- The main focus of this module is to provide learners with an overview of offensive methods and techniques that are used to carry out security attacks targeting IT infrastructures and their services. The module is organized into 4 lessons tackling different aspects of cybersecurity offensive methods and techniques. The first lesson introduces attacker capabilities and attack stages, the second lesson discusses the current gaps and emerging security issues, the third lesson is dedicated to network attacks methods, while the fourth lesson will present novel technologies and the relative attack surface. It is expected that at the end of the module, learners will acquire (a) knowledge on cyber attack stages and attacker capabilities, (b) knowledge on emerging security issues, risks, and vulnerabilities, and (c) knowledge on computer networking concepts and protocols, and network security methodologies. This course will allow students to develop some basic but fundamental skills including including (i) skills to anticipate new security threats, (ii) skills to applying confidentiality, integrity, and availability principles, and (iii) skills to design countermeasures to identified security risks.
- Cybersecurity Defensive Methods
- The main focus of this module is to provide learners with an overview and provide details regarding defensive methods and techniques that are used to prevent, detect and mitigate security attacks targeting IT infrastructures and their services. The module is organized into five lessons tackling different aspects of cybersecurity defensive methods and techniques. The first lesson introduces the principles of security-by-design, the second lesson discusses vulnerability assessment and prevention methods, the third lesson is dedicated to network protection methods, the fourth lesson relates to application/OS protection techniques, while the fifth lesson addresses more specifically data protection.It is expected that at the end of the module, learners will acquire (a) knowledge on information technology (IT) security principles and methods, (b) knowledge on cyber defense and vulnerability assessment methods and their capabilities, and (c) knowledge on cybersecurity and privacy principles related to data protection.

With this knowledge and course participation, several skills are developed, such as (i) skill in discerning the protection needs (i.e., security controls) of information systems and networks, (ii) skill in creating policies that reflect system security objectives, (iii) skill in designing countermeasures to identified security risks, and (iv) skill in evaluating the adequacy of security designs.
- Cybersecurity Risk Management
- The main focus of this module is to provide students with an overview and present details regarding risk management from an economic perspective so that once the module finishes, the student can assess the possible risks and their economic impact on a company. The lesson starts by explaining the importance of looking into cybersecurity from an economic perspective, then discussing the costs to consider when planning for cybersecurity measures. Also, it introduces theoretical and practical models for cybersecurity investments and decision-making while applying them to a concrete case using a cybersecurity economic tool called SECAdvisor. It is expected that at the end of the module, students will acquire (a) knowledge of integrating the organization’s goals and objectives into the architecture, and (b) knowledge of risk/threat assessment. With this knowledge and course participation, several skills are developed, such as (i) skill in evaluating the adequacy of security designs, (ii) skill in conducting capabilities and requirements analysis, (iii) skill to use critical thinking to analyze organizational patterns and relationships, and (iv) skill to understand the operational, financial and policy-related parameters and the effective implementation of cybersecurity in practice.
Taught by
Marco Anisetti, Barbara Carminati, Elena Ferrari, Lama Sleem, Apostolos P. Fournaris, Eder John Scheid, Argyro Chatzopoulou, Dumitru Bogdan PRELIPCEAN, Remi Badonnel and Muriel Figueredo Franco