CompTIA SecurityX (CAS-005) Crash Course
Published by Pearson
High-impact bootcamp designed to prepare you for exam success in just two days
- Master the most challenging concepts and topics in the CompTIA SecurityX exam (formerly CASP+).
- Acquire the strategies and tactics needed to pass SecurityX on your first attempt.
- Build upon an existing information security foundation to become an advanced security architect.
With global organizations and industries facing a surge in cybersecurity threats, it is crucial to make the best move into a career that lasts for the long term. Statistics show that startup organizations and enterprises are primary targets of cybercrime, and the financial costs are trending significantly higher. Industries that are experiencing a high demand for specialized cybersecurity professionals include information security, financial services, transportation, retail, education, and many others.
This course is essential to develop the expertise needed to protect organizations from evolving cyber threats. It provides the skills required to meet the growing demand for cybersecurity professionals in high-risk industries.
The CompTIA SecurityX (formerly CASP+) certification exam validates that the successful candidate has the knowledge and skills necessary to:
- Architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise.
- Use automation, monitoring, detection, and incident response to proactively support ongoing security operations in an enterprise environment.
- Apply security practices to cloud, on-premises, and hybrid environments.
- Consider cryptographic technologies and techniques, as well as the impact of emerging trends on information security.
- Use the appropriate governance, compliance, risk management, and threat-modeling strategies throughout the enterprise.
What you’ll learn and how you can apply it
- Governance, Risk, and Compliance: Learn how to measure cybersecurity resilience and ensure compliance with regulations such as HIPAA, GDPR, PCI-DSS, and more.
- Security Architecture: Evaluate security needs in hybrid networks to develop an enterprise-wide zero-trust architecture using advanced cloud and virtualization solutions.
- Security Engineering: Configure endpoint security, mobility solutions, and enterprise-wide PKI for secure cloud and hybrid environments.
- Security Operations: Master advanced threat management, vulnerability assessments, incident response, and digital forensics.
This live event is for you because...
- You are preparing for the SecurityX certification (formerly CASP+).
- You want to focus on the more difficult and complex aspects of the exam in a condensed format.
- You are looking to advance a career in IT and cloud security.
Prerequisites
- Although there are no prerequisites for this course, CompTIA recommends minimum of 10 years of general, hands-on IT experience that includes at least 5 years of broad, hands-on IT security experience before taking the exam.
Course Set-up
- N/A
Recommended Preparation
- Read: CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide by Robin Abernathy, Troy McMillan
- Read: CompTIA CASP+ CAS-004 Certification Guide by Mark Birch
Recommended Follow-up
- Attend: CISSP Certification Crash Course [2024 Edition] by Sari Greene
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1
Segment 1: Implementing the appropriate governance, risk management, and compliance components and activities (50 minutes)
- Security program documentation and management
- Change/configuration management and Governance risk and compliance (GRC) tools
- Risk management activities
- Standards, frameworks, and regulations
Break and Q&A (10 minutes)
Segment 2: Performing threat modeling and artificial intelligence integration activities (50 minutes)
- Threat actor characteristics and patterns
- Attack surface determination
- Legal and privacy issues of AI
- Threats and risks to AI adoption
- AI-enabled attacks
Break and Q&A (10 minutes)
Segment 3: Implementing design resilient systems, life cycle security, and security architecture design (50 minutes)
- Component placement and configuration
- Availability and integrity design considerations
- Software and hardware assurance
- Continuous integration/continuous deployment (CI/CD)
- Attack surface management and reduction
- Detection and threat-hunting enablers
Break and Q&A (10 minutes)
Segment 4: Access, authentication, and authorization systems, cloud security, and Zero Trust initiatives (50 minutes)
- Designing access, authentication, and authorization systems
- Access control models
- Public key infrastructure (PKI) architecture
- Securely implementing cloud solutions
- Integrating Zero Trust into the enterprise
Q&A (10 minutes)
Day 2
Segment 1: Identity and access management (IAM), server and endpoint security, complex network infrastructure and hardware security (50 minutes)
- Troubleshoot common issues with IAM
- Authentication and authorization
- Securing endpoints and servers
- Complex network infrastructure security issues with misconfiguration, IDPS, DNS, email, TLS, and PKI
- Hardware roots of trust
- Threat-actor TTPs
Break and Q&A (10 minutes)
Segment 2: Securing specialty systems, using automation, advanced cryptographic concepts and use cases (50 minutes)
- Operational technology (OT)
- IoT and embedded systems
- Security, privacy, and industry-specific consideration
- Automation with configuration files, SOAR, and SCAP
- Post-quantum cryptography (PQC) and homomorphic encryption
- Applying the proper cryptographic use case
Break and Q&A (10 minutes)
Segment 3: Analyzing data for monitoring and response, analyzing vulnerabilities and attacks, and reducing the attack surface (50 minutes)
- Analyzing data to enable monitoring and response activities
- Vulnerabilities
- Attacks
- Mitigations
Break and Q&A (10 minutes)
Segment 4: Threat-hunting, threat intelligence, malware analysis, and incident response (50 minutes)
- Internal and external intelligence sources
- (IoC) sharing and rule-based languages
- Malware analysis and reverse engineering
- Incident response analysis techniques
- Cloud workload protection platform (CWPP)
Q&A and Wrap-up (10 minutes)
Your Instructor
Michael J. Shannon
Michael J Shannon began his IT career when he transitioned from recording studio engineer to network technician for a major telecommunications company in the early 1990’s. He soon began to focus on security and was one of the first 10 people to attain the HIPAA Certified Security Specialist. Throughout his 30 years in IT he has worked as an employee, contractor, and consultant for several companies including Platinum Technologies, Fujitsu, IBM, State Farm, MindSharp, Thomson, Pearson, and Skillsoft among others. Mr. Shannon has authored several books, training manuals, blog articles, and CBT modules over the years as well. He has attained the CISSP, ITIL 4 Managing Professional, CCNP Security, Palo Alto PCNSE7 and OpenFAIR certifications in the security field as well as several cloud-based certifications for AWS, Google Cloud, and Azure. His hobbies are playing guitar, songwriting, and golf. He resides with his wife in Abilene Texas.