Advanced Analytics for Security Operations

Course Description

CYBV474 provides students an in-depth examination of how the Python scripting language can be used to support advanced analysis in offensive and defensive security operations. Students will use hands-on scripting exercises to evaluate the strengths and weaknesses of automated tools to solve complex security-related problems; practice creating and using Python-based algorithmic solutions; and gain a technical understanding on how to apply the existing Python libraries to support common security-related tasks.

Learning Outcomes

The student will:

  • Identify elements of cyber-operations that can benefit from advanced Python scripts:
    • Digital Forensics
    • Digital Forensics for Incident Response (DFIR)
    • Asset Mapping
    • Network Monitoring
    • Host Monitoring
    • User Behavior Monitoring
    • Threat Intelligence
    • Log Analysis
    • Deception Methods
    • Describe and explain how Python scripts, specialized libraries and tools could be deployed in each of these areas.

Course Objectives

The student will:

  • Experiment with Python libraries in each of the above areas
  • Evaluate their effectiveness in each of the identified elements of cyber operations
  • Evaluate their effectiveness against potential attacks
  • Develop new methods, scripts and libraries for selected cyber operations applications