Free Course:
Security Operations
Be the first to access this course, links to created videos are down below. This course is in the process of being released.
Course Content
Module 0 – Welcome and Getting Started
| Welcome | https://youtu.be/jLA4T9PQoSA | 0:0:49 |
| Course Overview | https://youtu.be/e4TWt4cBPEU | 0:10:30 |
| Syllabus | N/A | |
| Meet Your Instructor | N/A |
Module 1 – Security Program
| Module Intro | https://youtu.be/reiqmqa6D_A | 0:01:14 |
| Security Operations | https://youtu.be/CH8giGZQuLA | 0:04:30 |
| What is a Cybersecurity Program | https://youtu.be/OuIZkeYsPpQ | 0:07:52 |
| Security Program Documentation | https://youtu.be/uJbrR746NyE | 0:04:35 |
| Policies | https://youtu.be/VBgoePcAcYE | 0:05:57 |
| Information Security Policy (ISP) | https://youtu.be/AyvqYjac5hY | 0:02:46 |
| Standards | https://youtu.be/NLJ7z10oAC8 | 0:03:29 |
| Procedures | https://youtu.be/hZbiMf2ZWY0 | 0:04:42 |
| Guidelines | https://youtu.be/6qhCLZPH0rk | 0:02:26 |
| Controls | https://youtu.be/bMOHOEC1PrU | 0:03:36 |
| Fail-Open vs Fail-Closed | https://youtu.be/3RTOIZVx1mA | 0:06:16 |
| Types of Controls | https://youtu.be/X8wBjWxFbr0 | 0:05:16 |
| Policies, Standards, Procedures, Guidelines | https://youtu.be/I1PGDHnqVf8 | 0:09:07 |
| Cybersecurity Frameworks | https://youtu.be/QlhgY8j4a74 | 0:07:39 |
| Monitoring and Revisions | https://youtu.be/VxknoICuLRA | 0:02:38 |
| Security Program Governance | https://youtu.be/fxIWDqBGS-Q | 0:07:40 |
Module 2 – Security Operations
| Module Intro | https://youtu.be/H3N4aCasjtA | 0:03:56 |
| Compliance Management | https://youtu.be/Wzwhy9WRFkI | 0:01:56 |
| Risk Management | https://youtu.be/6g6VcqPRqL8 | 0:05:13 |
| Asset Acquisition and Management | https://youtu.be/5w-dreWicEU | 0:02:33 |
| Vulnerability Management | https://youtu.be/Fg6XTelPKG4 | 0:06:09 |
| Patch Management | https://youtu.be/wBijFzSeirU | 0:02:59 |
| Data Management | https://youtu.be/z8QbvQ8hKa0 | 0:01:11 |
| Vendor and Supply Chain Management | https://youtu.be/9NdDX-eBjBM | 0:05:08 |
| Personnel Management | https://youtu.be/rp18sO3UwMo | 0:02:30 |
| Identity and Access Management (IAM) | https://youtu.be/UXMJfmIyIRk | 0:01:05 |
| Security Awareness & Training Management | https://youtu.be/jF2ekqGLkuk | 0:01:59 |
| Configuration and Change Management | https://youtu.be/LIoUTD0W4_8 | 0:04:06 |
| Monitoring and Alerting | https://youtu.be/SlZ18dg7YoM | 0:03:17 |
| Incident Management | https://youtu.be/ElsSqnAeleI | 0:02:37 |
| Contingency Planning | https://youtu.be/Pu3zBK0SH6E | 0:02:18 |
| Auditing and Assessments | https://youtu.be/Dre8uA_gHus | 0:02:03 |
| Program Management | https://youtu.be/LBPI66WGWlo | 0:01:22 |
Module 3 – Compliance Management
| Module Intro | https://youtu.be/0xvXjlNA0CE | 0:02:27 |
| Compliance Management | https://youtu.be/g4BCD_n8FDI | 0:05:15 |
| Privacy | https://youtu.be/wx-Q2qrtexM | 0:09:16 |
| Data Roles | https://youtu.be/IpTRSb15G5E | 0:04:08 |
| Compliance Factors | https://youtu.be/-PaDQ0c9sKg | 0:09:35 |
| Regulation, Accreditations, and Standards | https://youtu.be/PdWU6ZckqmQ | 0:04:23 |
| Customer, Vendor, and Partner Agreements | https://youtu.be/IZhGJgcWFxE | 0:04:09 |
| Legal Actions | https://youtu.be/uI2l6LbCX7U | 0:07:46 |
| Compliance Monitoring and Reporting | https://youtu.be/h76Z63_TGRo | 0:10:04 |
| Gap Analysis | https://youtu.be/0g_f_cAop1U | 0:04:01 |
| Consequences of Non-Compliance | https://youtu.be/PKsYh4t2IUM | 0:02:20 |
Module 4 – Risk Management
| Module Intro | https://youtu.be/-LNC8ljRSpE | 0:02:24 |
| Risk Management | https://youtu.be/b3muOmLdZ3o | 0:12:55 |
| Risk Management Approach | https://youtu.be/4Omv3ClgZgI | 0:07:15 |
| Risk Assessment | https://youtu.be/VPcSsrBNXkU | 0:02:52 |
| Risk Appetite, Risk Threshold, and Risk Tolerance | https://youtu.be/zGDiMQaXy8I | 0:10:22 |
| Risk Identification | https://youtu.be/0DJCuhpWvxc | 0:04:39 |
| DEMO: Assessments | https://youtu.be/XrMXPUeWwjw | 0:04:39 |
| Risk Tracking & Risk Register | https://youtu.be/c-W8V4g1FD8 | 0:02:27 |
| Risk Analysis | https://youtu.be/xN3a0eEVKdk | 0:06:01 |
| Qualitative Risk Analysis | https://youtu.be/2vX1Ui3-jC0 | 0:06:01 |
| DEMO: Risk Register and Analysis | https://youtu.be/lUzqiEFJ-9c | 0:03:16 |
| Asset Value (AV) and Total Cost of Ownership (TCO) | https://youtu.be/h8MQ4MJNAeg | 0:06:23 |
| Quantitative Risk Analysis | https://youtu.be/BxWV2BoA70s | 0:05:25 |
| Single-Loss Expectancy (SLE) and Exposure Factor (EF) | https://youtu.be/G2F3Rvs0AC8 | 0:05:22 |
| Annualized Loss Expectancy (ALE) and Annual Rate of Occurrence (ARO) | https://youtu.be/cLD8BKzuBMs | 0:05:22 |
| Risk Reporting | https://youtu.be/BL57aFNuTEI | 0:07:14 |
| Risk Management Strategies | https://youtu.be/5GfIpGefjJk | 0:05:27 |
| Risk Mitigation and Controls | https://youtu.be/HUJezjmZTCI | 0:05:30 |
| Inherent and Residual Risk | https://youtu.be/xbW611wJ3qI | 0:01:37 |
| Trade-Off Analysis | https://youtu.be/imxybEfWafQ | 0:10:36 |
| Cost-Benefit Analysis (CBA) Example | https://youtu.be/HDWdFoCOakI | 0:09:53 |
| Calculating Return On Investment (ROI) | https://youtu.be/q4CsfusndQA | 0:09:40 |
| DEMO: ROI Worksheet | https://youtu.be/PB5MBLu4GqI | 0:03:39 |
| Planning and Prioritization | https://youtu.be/JuJEyGLgxHg | 0:07:14 |
Module 5 – Asset Acquisition and Management
| Module Intro | https://youtu.be/TNUanMGeCxQ | 0:02:18 |
| Asset Management | https://youtu.be/WCb8_N8v_VA | 0:10:36 |
| Acquisition and Procurement | https://youtu.be/Jza1dIYPW9c | 0:07:57 |
| Assignment and Accounting | https://youtu.be/JdfXjk_DpHw | 0:02:55 |
| Monitoring and Asset tracking | https://youtu.be/fn0S0OFxQ3s | 0:04:45 |
| Decommissioning and Disposal | https://youtu.be/4KGsEYJCCWc | 0:07:14 |
Module 6 – Vulnerability and Patch Management
| Module Intro | https://youtu.be/ZSWKUFz6BaA | 0:04:42 |
| Vulnerability Management | https://youtu.be/y6xKWY-0ADM | 0:13:47 |
| Common Vulnerabilities and Exposures (CVE) | https://youtu.be/XZZyRflWIz0 | 0:03:42 |
| Common Vulnerability Scoring System (CVSS) | https://youtu.be/0iNg5XpuvF8 | 0:12:09 |
| Discovering Vulnerabilities | https://youtu.be/zeN5z3w4p0w | 0:07:24 |
| Discovering Application Vulnerabilities | https://youtu.be/VU31jCpp9wA | 0:05:57 |
| Vulnerability Scans | https://youtu.be/LEETqqdhlCc | 0:08:11 |
| Vulnerability Scanner Settings and Considerations | https://youtu.be/LP3OJC_GLt8 | 0:16:18 |
| Penetration Testing (Pentesting) | https://youtu.be/0WAfI3-OVe0 | 0:08:16 |
| Red Teams and Blue Teams | https://youtu.be/c8vNcEwWGNM | 0:02:28 |
| Reporting | https://youtu.be/VQIySU8h0rQ | 0:03:53 |
| Vulnerability Validation | https://youtu.be/yABHFGPtan0 | 0:03:26 |
| Vulnerability Analysis and (Re-)Classification | https://youtu.be/xHsRs7FABAU | 0:03:10 |
| Prioritization and Escalation | https://youtu.be/R-GF4Gp3jq4 | 0:02:50 |
| Action Plan | https://youtu.be/RzE0klvaAjE | 0:06:14 |
| Vulnerability Remediation | https://youtu.be/Aka2XvY1b6Q | 0:07:51 |
| Validation of Remediation | https://youtu.be/ddhix34M-2M | 0:01:43 |
| Patch Management | https://youtu.be/6kOS2dcAFfg | 0:08:41 |
Module 7 – Data Management
| Module Intro | https://youtu.be/Xfa_1OTvp7I | 0:01:56 |
| Data Management | https://youtu.be/85v1d37uU5w | 0:05:13 |
| Compliance, Privacy, and Data Roles | https://youtu.be/I2DdMOjx9kU | 0:07:31 |
| Data Types | https://youtu.be/iAScK_PuQU4 | 0:03:25 |
| Personally Identifiable Information (PII) | https://youtu.be/wgM0UOQxmpE | 0:09:08 |
| Data Classifications | https://youtu.be/C-Vvpd7bFWM | 0:04:56 |
| Data Inventory and Data Labeling | https://youtu.be/j0WA09KjtxY | 0:02:58 |
| Data Protection | https://youtu.be/wgXYTDYcNnM | 0:06:48 |
| Data States | https://youtu.be/yDC_pa4O9HQ | 0:03:46 |
| Keeping Data Confidential | https://youtu.be/vXZMCFCtpfM | 0:07:19 |
| Encrypting Data | https://youtu.be/Nv7PDlQej9Q | 0:05:37 |
| Steganography | https://youtu.be/-HPELXT1Er8 | 0:05:37 |
| Data Masking and Obfuscation | https://youtu.be/DY4nJG-JplE | 0:10:42 |
| Data Loss Detection | https://youtu.be/hr2XvIYcQBI | 0:03:35 |
| Data Loss Prevention | https://youtu.be/kjRMOv–G8c | 0:03:45 |
| Data Retention and Retirement | https://youtu.be/IXrPai3zD7Y | 0:05:29 |
Module 8 – Vendor and Supply Chain Management
| Module Intro | https://youtu.be/tjjLIBVt_-Y | 0:05:16 |
| Vendor Management | https://youtu.be/v1jDWBj1WZM | 0:05:25 |
| Gathering Requirements | https://youtu.be/bVMJfQp_PkI | 0:09:06 |
| Vendor Assessment | https://youtu.be/FHEimY7sNvo | 0:13:30 |
| Cloud Hosting Considerations | https://youtu.be/PaRfLmUezQE | 0:05:34 |
| Supply Chain Management | https://youtu.be/usWr5C8_OLM | 0:04:52 |
| Vendor Selection | https://youtu.be/X90dpxCnmRs | 0:02:28 |
| Agreement Types | https://youtu.be/cjDoyxO5KX4 | 0:10:30 |
| Vendor Monitoring and Termination | https://youtu.be/R0tg8r6_ynA | 0:04:19 |
Module 9 – Personnel Management
| Module Intro | https://youtu.be/2IM2Cg2tpbo | 0:03:01 |
| Personnel Management | https://youtu.be/Ja9CGTsBkSE | 0:11:38 |
| Onboarding and Termination Procedures | https://youtu.be/eheqoK4T5fA | 0:04:59 |
| Least Privilege | https://youtu.be/dczZQgvloUw | 0:03:53 |
| Need to Know | https://youtu.be/YQVDG11gzh8 | 0:03:35 |
| Separation of Duties | https://youtu.be/BiB2143UyO4 | 0:05:11 |
| Job Rotation | https://youtu.be/VlcWQq3fcOk | 0:04:10 |
| Mandatory Vacations | https://youtu.be/G7ueoqtJeWg | 0:02:11 |
Module 10 – Identity and Access Management (IAM)
| Module Intro | https://youtu.be/9owgJAjT2CQ | 0:0:33 |
| Identity and Access Management (IAM) | https://youtu.be/S7lfSVSv4KE | 0:04:48 |
| Authentication, Authorization, and Accounting (AAA) | https://youtu.be/dNdtdDh8uHE | 0:03:26 |
| What Makes a Good Password | https://youtu.be/8eRsKCwV6Q4 | 0:21:56 |
| Password Manager | https://youtu.be/b8iC695TD9w | 0:07:41 |
| Privileged Access Management (PAM) | https://youtu.be/7MHrmrqEbGM | 0:06:16 |
| Key Storage | https://youtu.be/ktBLZUt-p40 | 0:02:06 |
| Multi Factor Authentication (MFA) | https://youtu.be/fhS9Tdy2hFQ | 0:05:39 |
| One-Time Passwords (OTP) | https://youtu.be/dWnnnJbmJ_Q | 0:03:24 |
| HOTP and TOTP | https://youtu.be/HVko8oD0HAk | 0:07:50 |
| IAM Policies and Enforcement | https://youtu.be/3Ya3RM0xFyg | 0:06:18 |
| Single Sign-On (SSO) | https://youtu.be/vcFKiOkDU_M | 0:05:08 |
| Federation | https://youtu.be/JBGQ_jCIGRs | 0:04:27 |
| Identity Proofing | https://youtu.be/giMdO5uFoPo | 0:01:38 |
| Access Control | https://youtu.be/ViDMpB1v4aQ | 0:10:24 |
| Access Control Models | https://youtu.be/q687FIec8q0 | 0:09:28 |
| Physical Access Control | https://youtu.be/yxUGH3R64KU | 0:06:24 |
Module 11 – Security Awareness and Training
| Module Intro | https://youtu.be/6RyzoK5zJyo | 0:01:26 |
| Awareness | https://youtu.be/mOkc7i_SXQo | 0:05:51 |
| Training | https://youtu.be/CaqOviHGQag | 0:05:11 |
| Security Training Content | https://youtu.be/fjGuPTQqbL4 | 0:03:19 |
| Delivery | https://youtu.be/A6AIBr5XeeI | 0:11:04 |
| Awareness Testing | https://youtu.be/HbfsSuQkzXg | 0:04:06 |
| Monitoring and Reporting | https://youtu.be/YR7b9BjDyrU | 0:01:21 |
Module 12 – Configuration and Change Management
| Module Intro | https://youtu.be/HLrzisEJXvc | 0:01:44 |
| Configuration vs Change Management | https://youtu.be/5U7h1_tEZZA | 0:04:09 |
| Change Management | https://youtu.be/q0uQRIBdXx0 | 0:06:48 |
| Planning Considerations | https://youtu.be/zLPqfWzwgNU | 0:08:16 |
| Evaluation and Implementation | https://youtu.be/Wd-zZINvyXE | 0:02:06 |
| Monitoring, Documentation, and Closure | https://youtu.be/yPaYI_z_tlE | 0:02:39 |
| Automation | https://youtu.be/dUuyVfdweYQ | 0:15:26 |
Module 13 – Monitoring and Alerting
| Module Intro | https://youtu.be/38_ulAtvCf0 | 0:03:11 |
| Monitoring | https://youtu.be/MdSBiASORAI | 0:05:25 |
| Monitoring Example | https://youtu.be/xoaIaLFYb3w | 0:09:26 |
| Monitoring Methods | https://youtu.be/6ZcB7sCzWm4 | 0:02:59 |
| Capturing | https://youtu.be/JzOHKzIWBC8 | 0:06:27 |
| Scanning and Probing | https://youtu.be/8iMUIPlTZ3M | 0:03:47 |
| Polling | https://youtu.be/yRKtnZ-Ic4w | 0:04:13 |
| Logging | https://youtu.be/jl3wsh7l6Uc | 0:05:33 |
| Netflow vs SNMP vs Syslog | https://youtu.be/-jqRo8Z7G-g | 0:01:43 |
| Benchmarking | https://youtu.be/fmAil-GcrNY | 0:02:06 |
| Security Information and Event Management (SIEM) | https://youtu.be/HkO9fnO-2L0 | 0:02:43 |
| Indicators of Compromise (IoC) | https://youtu.be/zfQrwwK0xZk | 0:04:55 |
| File Integrity Monitoring (FIM) | https://youtu.be/GU8-NBU-MNw | 0:02:08 |
| Alerting | https://youtu.be/MZzGbmdMbFg | 0:08:21 |
| Log Management and Archiving | https://youtu.be/2XBVcQDZuX4 | 0:02:33 |
| Threat Hunting | https://youtu.be/OsQEFMtsPiE | 0:03:39 |
Module 14 – Incident Management
Module 15 – Contingency Planning
| Module Intro | https://youtu.be/Qwk_a8L_l0Q | 0:01:43 |
| Contingency Planning | https://youtu.be/wzgrrap_0xg | 0:04:59 |
| Business Impact Analysis (BIA) | https://youtu.be/Zp3c2sDmIdA | 0:06:53 |
| RPO and RTO | https://youtu.be/DPmVRAEA_wo | 0:03:57 |
| Disaster Recovery Plan (DRP) | https://youtu.be/K4lhgm5cWLk | 0:05:11 |
| Testing Plans | https://youtu.be/6_kWWqpVqhw | 0:03:48 |
Module 16 – Auditing, Assessment, and Program Management
| Module Intro | https://youtu.be/egSYhtE1abE | 0:01:27 |
| Auditing | https://youtu.be/z1XjmIxyur8 | 0:05:17 |
| Attestation | https://youtu.be/-AoP73n6OoQ | 0:01:35 |
| Compliance Audits Example | https://youtu.be/YbZaZs5DPU0 | 0:03:44 |
| Gap Analysis | https://youtu.be/h5eKiHv5ACA | 0:02:29 |
| Program Management | https://youtu.be/1VZwc8_FagQ | 0:04:38 |
| Evaluation and Metrics | https://youtu.be/O1MPvJqi54w | 0:03:36 |
Appendix A – Regulatory Compliance
| Appendix Intro | https://youtu.be/uxGbcYU60xM | 0:01:27 |
| General Data Protection Regulation (GDPR) | https://youtu.be/umiat_wEoag | 0:04:05 |
| California Consumer Privacy Act (CCPA) | https://youtu.be/czoWru16Nbk | 0:04:02 |
| Payment Card Industry Data Security Standard (PCI DSS) | https://youtu.be/1T5pbwGUDsE | 0:03:43 |
| Sarbanes-Osxley Act (SOX) | https://youtu.be/H2r8xuIflWU | 0:04:35 |
| Health Insurance Portability and Accountability Act (HIPAA) | https://youtu.be/eI_bmbDRdW4 | 0:01:32 |
| Cybersecurity Maturity Model Certification (CMMC) | https://youtu.be/ZpGnSPQzj-k | 0:02:49 |
| Gramm-Leach-Bliley Act (GLBA) | https://youtu.be/ZpGnSPQzj-k | 0:01:54 |
| Children’s Online Privacy Protection Act (COPPA) | https://youtu.be/n0Vw7gorq9Q | 0:01:42 |
| Family Educational Rights and Privacy Act (FERPA) | https://youtu.be/UHJK_CjWXMw | 0:02:57 |
Appendix B – Agreements
| Appendix Intro | https://youtu.be/Fb26fGiN-g8 | 0:01:16 |
| Service-level agreement (SLA) | https://youtu.be/2uzhmPAU5Kg | 0:04:19 |
| Operational Level Agreement (OLA) | https://youtu.be/oA13M146I5k | 0:02:54 |
| Privacy Level Agreement | https://youtu.be/YDgY8OXfEVk | 0:02:00 |
| Master Service Agreement (MSA) | https://youtu.be/u4gtjGql9_E | 0:03:31 |
| Work Order (WO)/Statement of Work (SoW) | https://youtu.be/eY-XRNIuL8Y | 0:02:57 |
| Non-disclosure agreement (NDA) | https://youtu.be/20HOYCrZ0As | 0:01:57 |
| Memorandum of Understanding (MOU) | https://youtu.be/NUfmu8SkLuQ | 0:02:21 |
| Business Partners Agreement (BPA) | https://youtu.be/BF-03FzxNCI | 0:02:08 |
| Memorandum of Agreement (MOA) | https://youtu.be/tbMwByuLsB8 | 0:02:03 |
| Interconnection Security Agreement (ISA) | https://youtu.be/xVtlNNYaA4M | 0:02:29 |
| Aggrement Type Example: Pentesting | https://youtu.be/Lu0mK-3T4jg | 0:05:09 |
| Aggrement Type Example: SaaS | https://youtu.be/_eDBfSC6aQ8 | 0:03:18 |
| Aggrement Type Example: Business Partner | https://youtu.be/J2kfW2GHB_s | 0:03:36 |
Module X – Wrap Up
| Security Operations X-1: Review | https://youtu.be/nffTuFXbeo8 | 0:06:35 |
| Course Wrap Up | https://youtu.be/ze1VSTWAH5o |
Help the Effort
Creating these videos takes a lot of time, effort, and money. There are costs to producing the videos, hosting the site, and buying the equipment, not to mention the 1,000’s of hours I’ve put into recording these videos. So far, I’ve asked for and received very little in return. Please consider helping keep the effort going by one of the following:
- Donate to the cause: buymeacoffee.com/techknowsurge
- Buy TechKnowSurge merch: techknowsurge.myspreadshop.com/
- Like and comment on any YouTube videos you watch
- Subscribe to my channel: youtube.com/@TechKnowSurge
- Let me know if there is any issues with my content, just send me an email: feedback@techknowsurge.com
- Purchase a class on Udemy and leave me a review: www.udemy.com/user/techknowsurge/
- Subscribe to the TechKnowSurge newsletter: techknowsurge.com/newsletter-signup/
- Follow me on social media
- Facebook: www.facebook.com/TechKnowSurge
- Twitter: twitter.com/TechKnowSurge
- Instagram: www.instagram.com/techknowsurge
- LinkedIn: www.linkedin.com/company/techknowsurge
- Tell your others about TechKnowSurge
- Share content links to others
- Repost content on social media
- Tell classmates about what videos helped you