Learning Paths

Skills

Cyber Defense Analyst | PR-CDA-001 | Work Role 511

28 courses
42 hours

A cyber defense analyst uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats.

This path will get you started on your journey to becoming a cyber defense analyst! Begin with the fundamental concepts of networking and endpoint security through hands-on labs, dive into the essential skills necessary to perform the day-to-day functions and then expand your skill set with tools, more advanced concepts and knowledge from adjacent roles!

Path estimated completion time is ~40 hours for total content.

This path aligns to the Knowledge, Skills, Abilities and Tasks (KSAs) within the Workforce Framework for Cybersecurity (CSWF) and the DoD Cyber Workforce Framework (DCWF) for the work role of:

Cyber Defense Analyst Work Role 511 or PR-CDA-001

For complete coverage of skill paths and tooling for the Cyber Defense Analyst role, please navigate to the SOC Analyst Channel

Courses in this path

Fundamentals

Begin your learning journey with the fundamental concepts of operating systems, networking and endpoint security through some hands-on labs and courses!

*Note the lab length is showing the allotted time that the environment will be open and available before resetting. The estimated completion time of each lab is 45 minutes.

NICE Framework Overview

by Pluralsight
5m

Enterprise Security: Executive Briefing

by Aaron Rosenmund
39m
(67)

Identify Common Cyber Network Attacks with Wireshark

by Chris Greer
2h 34m
(48)

Linux Endpoint Security: Processes

by Aaron Rosenmund
25m
(23)

Windows Endpoint Security: Networking

by Michael Teske
21m
(23)

Role Essentials

Now that you know the fundamentals, dive into the essential skills necessary to perform the day-to-day functions of a cyber defense analyst.

Security Event Triage: Operationalizing Security Analysis

by Aaron Rosenmund
54m
(34)

Security Event Triage: Detecting Malicious Traffic with Signature and Session Analysis

by Guillaume Ross
1h 59m
(24)

Security Event Triage: Leveraging Existing Security Device Alerts

by Daniel Lachance
1h 18m
(13)

Security Event Triage: Monitoring Assets and Topology

by Daniel Lachance
1h 36m

Security Event Triage: Detecting Network Anomalies with Behavioral Analysis

by Aaron Rosenmund
2h 1m
(22)

Security Event Triage: Monitoring Network Application Services

by Alan Monnox
2h 32m

Security Event Triage: Revealing Attacker Methodology in Web Application Events

by Aaron Rosenmund
2h 9m
(11)

Security Event Triage: Analyzing Live System Process and Files

by Cristian Pascariu
1h 34m
(17)

Security Event Triage: Detecting System Anomalies

by Aaron Rosenmund
1h 47m
(21)

Security Event Triage: Statistical Baselining with SIEM Data Integration

by Cristian Pascariu
1h 31m
(19)

Expanded Skill Set

It's time to expand your skill set with tools, more advanced concepts and emerging trends and vulnerabilities!

This section gives you a brief introduction into many, additional skills that you will find helpful as a cyber defense analyst. We have full training paths on all of these skills; see the Supplemental Skill Paths section to learn more.

Incident Response: Detection and Analysis

by Aaron Rosenmund
2h 19m
(37)

PowerShell Functions for Security Analysis

by Liam Cleary
1h 51m

Network Activity and Packet Analysis with Python

by Sean Wilkins
2h 15m

System Services and Activity Monitoring with Python

by Sean Wilkins
1h 46m

Network Security Monitoring with Suricata

by Open Information Security Foundation (OISF)
2h 27m
(12)

Elastic Stack: Getting Started

by Aaron Rosenmund
1h 41m
(104)

Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques

by Aaron Rosenmund
19m
(32)

Adjacent Roles

Now that you've mastered all the skills for cyber defense analyst, learn about additional cyber roles and their responsibilities.

Network Security Basics

by Ross Bagurdes
2h 58m
(43)

Pen Testing: Planning, Scoping, and Recon

by Alexander Tushinsky
1h 13m

Red Team Tools for Emulated Adversary Techniques with MITRE ATT&CK

by Aaron Rosenmund
17m
(22)

Information and Cyber Security Literacy: Governance, Risk, and Compliance

by John Elliott
59m
(27)

Security Compliance, Governance, and Frameworks

by Richard Harpur
1h 41m
(22)

Cryptography: Executive Briefing

by John Elliott
29m
(25)

Learn with the best

Aaron Rosenmund

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more

Chris Greer

Chris Greer is a network analyst for Packet Pioneer, delivering training and packet analysis consulting services to customers all over the world. He specializes in using Wireshark to combat network and application performance problems on networks of all sizes. Chris leverages his 20 years of practical experience in network monitoring, analysis, and troubleshooting to heighten the experience of any attendee to his interactive and energetic courses. When he is not digging deep into packets or te... more

Michael Teske

Michael Teske is a principal security author with Pluralsight helping people build their skills toolkit. Michael has 25+ years of experience in the IT Ops/Cloud/Cybersecurity industry including 17 of those years as an IT instructor at a technical college, focusing on Microsoft server infrastructure, security and automation. Michael attained his MBA with an emphasis in Computer Information System Security several years ago. Michael still keeps up with the industry as an independent consultant in ... more

Guillaume Ross

Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc. Having worked in multiple verticals, from Fortune 50 to startups, his specialty is providing the right security program and architecture for each specific environment and company, and leading blue teams.

Daniel Lachance

Daniel Lachance, CompTIA Security+, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams. Mr. Lachance is an experienced trainer having delivered IT training in Canada and the Caribbean since the 1990s on topics ranging f... more

Alan Monnox

Alan is the Lead Architect for the cyber security company Reveille Security. He is also the author of the book Rapid J2EE Development published by Prentice Hall. Alan’s tenure in the IT industry goes back over several decades and during that time he has been fortunate to work on many large-scale systems for a range of business-sectors and industries, including energy, finance, retail and healthcare. His core skills are in information security, solution architecture, and systems integration. Much... more

Cristian Pascariu

Cristian took part in auditing and implementation of infosec capabilities to uplift security posture. He managed codification efforts to extract indicators of compromise and created rules in the scope of defending against new emerging threats. He has also developed tools and scripts to overcome security gaps within the corporate network. Cristian has mentored L1 and L2 analysts to increase triage efficiency and combat new threats. He has experience in the field of Application Security and has pr... more

Liam Cleary

Liam began his career as a trainer of all things computer-related. He quickly realized that programming, breaking, and hacking were much more fun. Liam spent the next few years working within core infrastructure and security services. He is the founder and owner of SharePlicity, a consulting company that focuses on Microsoft 365 and Azure technology. His role within SharePlicity is to help organizations implement Microsoft 365 and Azure technology to enhance internal and external collaboration, ... more

Sean Wilkins

Sean Wilkins, with over two decades of experience in the IT industry, serves as a distinguished networking consultant and contributor at Tech Building Blocks. His professional journey spans multiple prominent enterprises, underlining his extensive field expertise. Sean's credentials include esteemed certifications from Cisco (CCNP/CCDP), Microsoft (MCSE), and CompTIA (A+ and Network+). Academically, he has achieved a Master’s of Science in Information Technology, specializing in Network Architec... more

Open Information Security Foundation (OISF)

The Open Information Security Foundation is a a 501(c)3 nonprofit organization created to build community and to support open source security technologies like Suricata, the world-class IDS/IPS network monitoring engine.

Ross Bagurdes

Ross has had a diverse career. He has a Structural Engineering degree from Milwaukee School of Engineering, but gave up the career shortly after graduating from college. Beginning in 1997, Ross began officially working in IT, implementing and supporting a paperless work order system for a Natural Gas Utility in Illinois. Since then, Ross has spent his years teaching and managing data networks. Ross spent 7 years at University of Wisconsin Hospitals and Clinics, supporting and managing the large ... more

Alexander Tushinsky

Alex has spent the past 30+ years working as a software developer, application architect, cybersecurity professional, and technical trainer. He is a lifelong learner and holds over 20 active certifications in IT. Alex is a Microsoft Certified Trainer and enjoys sharing his knowledge with others. He has taught at Rutgers University, Bergen Community College, County College of Morris, College of Southern Nevada, and UNLV. He holds a BS in Software Development and a Masters in Cybersecurity from We... more

John Elliott

John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S... more

Richard Harpur

Richard is a highly experienced technology leader with a remarkable career ranging from software development, project management through to C-level roles as CEO, CIO, and CISO. Richard is highly rated and ranked in Ireland's top 100 CIOs. As an author for Pluralsight - a leader in online training for technology professionals - Richard's courses are highly-rated in the Pluralsight library and focus on teaching critical skills in cybersecurity including ISO27001 and Ransomware. As a Certified Info... more

Contact Sales