All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Core Tech
    •

Security Control Assessor | Work Role ID: 612 (NIST: OG-WRL-012)

38 Courses
5 Labs
55 Hours
Skill IQ

A **security control assessor** conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37).

This path will get you started on your journey to becoming a cyber defense incident responder! Begin with the fundamental concepts of network protocols and common network analysis and data governance hands-on labs, dive into the essential skills necessary to perform the day-to-day functions and then expand your skill set with, automation, deeper/advanced concepts and additional knowledge from adjacent roles!

This path aligns to the Knowledge, Skills, Abilities and Tasks (KSAs) within the **Workforce Framework for Cybersecurity (CSWF)** and the **DoD Cyber Workforce Framework (DCWF)** for the work role of:

**Security Control Assessor** Work Role 612 or OG-WRL-012

Get started

Content in this path

Fundamentals

Begin your learning journey with the fundamental concepts of networking and security!

Course

IT Professional Fundamentals: Networking

  • by Vlad Catrinescu
  • 2h 31m
  • Mar 16, 2022
Course

Security Engineering: Secure Networks

  • by Chris Jackson
  • 1h 43m
  • Aug 13, 2024
Course

Enterprise Security: Executive Briefing

  • by Aaron Rosenmund
  • 39m
  • Oct 12, 2024
Course

Security Controls: CIS Controls

  • by Bobby Rogers
  • 1h 32m
  • Dec 20, 2021
Course

Information and Cyber Security Literacy: Security Operations

  • by Christopher Rees
  • 56m
  • Jul 08, 2024
Course

Data Governance: Understanding Data Privacy and Security

  • by Mike Woolard
  • 33m
  • Nov 27, 2023
Course

Data Security Champion: Data Privacy Regulations

  • by Kevin James
  • 15m
  • May 17, 2024
Course

Security Framework: NIST RMF

  • by Bobby Rogers
  • 1h 8m
  • Jun 12, 2023
Course

Information Systems Operations and Business Resilience: Business Resilience

  • by Kevin Henry
  • 1h 4m
  • Aug 13, 2024
Course

Information Security Management: Compliance Audits

  • by Christopher Rees
  • 2h 3m
  • Jan 15, 2025
Course

Governance and Management of IT: Governance

  • by Kevin Henry
  • 1h 43m
  • Aug 08, 2024
Course

Information Systems Auditing Process: Planning

  • by Kevin Henry
  • 1h 59m
  • Aug 01, 2024

Skill Essentials

Now that you know the fundamentals, dive into the essential skills necessary to perform the day-to-day functions of a security control assessor.

Course

Protection of Information Assets: Information Asset Security and Control

  • by Kevin Henry
  • 3h 27m
  • Sep 11, 2024
Course

Information and Cyber Security GRC: Governance

  • 1h
  • Nov 09, 2023
Course

Information and Cyber Security GRC: Risk Management

  • by Po Yau
  • 1h 36m
  • Feb 27, 2024
Course

Information Systems Auditing Process: Audit Execution

  • by Kevin Henry
  • 1h 46m
  • Aug 01, 2024
Course

Conducting Network Vulnerability Analysis

  • by Kevin Cardwell
  • 2h 28m
  • Jul 31, 2025
Course

Testing Security Controls and Detecting Vulnerabilities with Nmap 7

  • by Matt Glass
  • 1h 38m
  • Jul 31, 2025
Course

Scanning for Vulnerabilities with Nmap 7 Scripting Engine (NSE)

  • by Matt Glass
  • 57m
  • Jun 23, 2022
Course

Maximizing Nmap 7 for Security Auditing

  • by Matt Glass
  • 1h 3m
  • Jun 23, 2022
Lab

Web Attacks: Automated Scanning with OWASP Zap

  • by Laurentiu Raducu
  • 55m
  • Aug 04, 2025
Course

Automate Web Application Scans with OWASP ZAP and Python

  • by Mike Woolard
  • 1h 8m
  • Aug 04, 2025

Expanded Skillset

It's time to expand your skill set with tools, and more advanced concepts! This section gives you a brief introduction into many, additional skills that you will find helpful as a security control assessor. We have full training paths on all of these skills; see the Supplemental Skill Paths section to learn more.

Course

Fundamentals of OT Security

  • by Matthew Lloyd Davies
  • 41m
  • Sep 14, 2023
Course

Getting Started with Zeek

  • by Joe Abraham
  • 1h 26m
  • Aug 04, 2025
Lab

Assets and Topology: Vulnerability Analysis

  • by Zach Roof
  • 2h
  • Aug 05, 2025
Course

Specialized Engineering: Enterprise Hybrid Cloud

  • by Michael Brown
  • 1h 9m
  • Dec 05, 2022
Course

Incident Response: Network Analysis

  • by Brandon DeVault
  • 1h 10m
  • Mar 09, 2022
Course

Specialized Testing: XSS

  • by Christian Wenz
  • 1h 14m
  • Jul 30, 2022
Course

Specialized Testing: SQL Injection

  • by Christian Wenz
  • 1h 13m
  • Oct 06, 2022
Course

Specialized Testing: CSRF

  • by Christian Wenz
  • 48m
  • Nov 30, 2022
Course

Specialized Testing: Deserialization

  • by Peter Mosmans
  • 1h 1m
  • Feb 27, 2023
Course

Specialized Testing: API Testing

  • by George Smith
  • 56m
  • Dec 14, 2022

Adjacent Skill Knowledge

Now that you've mastered all the skills for a security control assessor, learn about additional cyber roles and their responsibilities.

Course

Governance and Management of IT: Management

  • by Kevin Henry
  • 1h 12m
  • Aug 01, 2024
Course

Information and Cyber Security GRC: Compliance with External Factors

  • by Dr Lyron H Andrews
  • 1h 19m
  • Jul 28, 2023
Course

IT Security Champion: Cyber Threat Intel and Emerging Threats

  • by Christopher Rees
  • 16m
  • Feb 29, 2024
Lab

Monitoring and Detection: Elastic Stack

  • by Sean Wilkins
  • 1h 35m
  • Aug 04, 2025
Lab

Network Analysis: Packet Capture

  • by Miguel Saavedra
  • 50m
  • Aug 04, 2025
Course

Getting Started with Snort 3

  • by Matt Glass
  • 1h 6m
  • Jun 23, 2022
Course

OpenVAS Concepts and Scanning

  • by David Clinton
  • 50m
  • Jul 31, 2025
Course

The PCI Security Standards

  • by John Elliott
  • 1h 35m
  • Aug 19, 2024
Course

Zero Trust Identity and Access Management

  • by Phil Chapman
  • 1h 2m
  • Aug 01, 2024
Course

Sandworm: C2 over HTTP Emulation

  • by Matthew Lloyd Davies
  • 5m
  • Nov 12, 2024
Lab

Sandworm: C2 over HTTP Emulation Lab

  • by Matthew Lloyd Davies
  • 55m
  • Aug 05, 2025
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
Have questions? Get them answered now.
Start a live chat
What You'll Learn
Prerequisites
  • None
Related topics
  • cswf
  • dcwf
  • Security Control Assessor
  • nice framework
  • GRC
  • cyber security
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Vlad Catrinescu
Vlad Catrinescu
Vlad is a Microsoft 365 and Power Platform expert specializing in empowering organizations to securely and effectively integrate AI-powered tools, such as Microsoft 365 Copilot and AI Agents, into their digital workplaces. An IT professional at heart, Vlad excels at preparing, securing, and governing modern environments, enabling IT administrators and business users to automate processes, enhance productivity, and drive digital transformation with confidence. As a Microsoft Certified Trainer, a...
Chris Jackson
Chris Jackson
Chris Jackson is a cybersecurity professional with years of experience in identifying security incidents, securing applications and security training. Over the years, he has tested web applications for vulnerabilities, helped deploy SIEM platforms and more. He is passionate about teaching cybersecurity and committed to learning new technologies.
Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur...
Bobby Rogers
Bobby Rogers
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the U.S. Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a master’s degree in information assura...
Christopher Rees
Christopher Rees
Chris is a professional information technologist, author, trainer, manager and a lifelong learner. He is married with 3 beautiful children and interested in working out, spending time with family and friends and being creative whenever possible. He has been an author for over 25 years and has created over 60 IT Certification training courses. Chris really enjoys helping people advance in their careers through training and personal development.
Mike Woolard
Mike Woolard
Mike is an information security manager who has worked in the IT and Information Security fields for 22+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness training. An active member in various local security groups, Mike volunteers, speaks, or attends various information security cons.
Kevin James
Kevin James
As a seasoned technologist with over 30 years of wide-ranging expertise in information technology roles across diverse industries, Kevin is passionate about finding effective and economical solutions to business problems. His passion for teaching technical subjects allows him to have a particular style that imparts information yet teaches at the same time. He enjoys working with Linux, Unix and Windows Operating Systems and combined with a deep knowledge of software platforms as varied as Ap...
Kevin Henry
Kevin Henry
Kevin Henry is a well-known and respected educator and lecturer in the fields of information security and audit. Kevin uses his more than 30 years of practical experience as a network technician, computer programmer, and information systems auditor to deliver outstanding presentations that make each topic interesting, relevant, and useful. Often described by students as "The best instructor I have ever had," Kevin has the ability to provide quality instruction that engages the audience and provi...
Po Yau
Po Yau
Po was born and educated in Wales, UK before going to Royal Holloway, University of London. It was during his year-in-industry placement, when responding to an incident to recover from a cyber attack, that started a journey of over 20 years in information security. Currently broadening to multiple types of technology and operational risk in the Financial sector, looking for ways to improve risk management, governance and communication to promote innovation and work with the ever changing ways ...
Kevin Cardwell
Kevin Cardwell
Kevin Cardwell provides consulting services for companies throughout the world and is an adviser to numerous government entities across the globe. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, first and second edition.
Matt Glass
Matt Glass
Matt Glass is a Service Delivery Manager in Naples, Italy, working as a government contractor. Matt has 15 years of IT experience in a variety of roles. Consistently finding joy in developing the skills of others and helping their careers, he joined Pluralsight in 2017 to pass on the lessons he learned. Matt is married and the father of four children.
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ...
Matthew Lloyd Davies
Matthew Lloyd Davies
Matt is a cyber security author and researcher here at Pluralsight. A certified penetration tester and incident handler, he created Pluralsight's CompTIA Pentest+ Specialized Attacks courses as well our courses on wireless, ICS/OT and hardware hacking. Matt has also helped to build our security labs portfolio; labs that help you get hands-on to understand the threats and vulnerabilities your organization faces today. With a background in Chemical Engineering, Matt's focus is on the security ...
Joe Abraham
Joe Abraham
Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child...
Zach Roof
Zach Roof
Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy...
Michael Brown
Michael Brown
I have worked in IT for 25 years, for 22 of those years I have delivered IT Training. I have delivered Microsoft, CISCO and Amazon Web Services courses across Europe. For the last 4 years I have focused on Cloud technologies delivering cloud training to some of Europe’s biggest organisations. I have been a Microsoft Certified Trainer since 1997 and currently hold certifications from Microsoft, CompTIA and AWS. When not working on training material or delivering courses I spend time in the nort...
Brandon DeVault
Brandon DeVault
Brandon DeVault is a Security Researcher focused on threat hunting at CrowdStrike. He is also a member of the Florida Air National Guard with a variety of offensive and defensive experience. Prior to joining CrowdStrike, Brandon worked full-time as an author with Pluralsight and at Elastic, creating and delivering security content. He also worked with Special Operations Command, where he had two deployments to Afghanistan on deployable communications teams. His experience spans incident response...
Christian Wenz
Christian Wenz
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an...
Peter Mosmans
Peter Mosmans
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet...
George Smith
George Smith
George Smith has spent more than 25 years in the IT industry. During this time he has held a variety of positions, starting with web UI development and business analysis, progressing with system administration and infrastructure, then switching to core systems programming, technical consulting, and finally becoming an E-Commerce Architect and Subject Matter Expert. He is well versed in modern trends like Containerization, Infrastructure as Code, Serverless computing models, and more. George demo...
Dr Lyron H Andrews
Dr Lyron H Andrews
Dr. Andrews’ technology career spans three decades. His roles included network manager New York City Department of Education, BMG Direct senior director of IT, and BNY Mellon dean of technology. His doctoral research at Teachers College Columbia found that critical thinking skills thrive in environments that are supportive of five essential elements in the mind of a critical thinker. He teaches cyber security. He has integrated technology management with teaching at Columbia University and other...
Sean Wilkins
Sean Wilkins
Sean Wilkins, with over two decades of experience in the IT industry, serves as a distinguished networking consultant and contributor at Tech Building Blocks. His professional journey spans multiple prominent enterprises, underlining his extensive field expertise. Sean's credentials include esteemed certifications from Cisco (CCNP/CCDP), Microsoft (MCSE), and CompTIA (A+ and Network+). Academically, he has achieved a Master’s of Science in Information Technology, specializing in Network Architec...
Miguel Saavedra
Miguel Saavedra
Miguel Saavedra is an author, solutions architect, and Instructor specializing in AWS, big data, automation, and security. He has worked in several companies in the finance/fintech, education, and medical industries as well as some government projects. He has published and conducted research on both cloud and on-premise solutions for big data focusing on network analytics, and machine learning. He also designs highly available and automated CICD toolchains for high throughput microservices on AW...
David Clinton
David Clinton
David Clinton is a data analyst, an AWS Solutions Architect and a Linux server administrator. He's written books on cloud and Linux administration, IT security, and data analytics.
John Elliott
John Elliott
John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S...
Phil Chapman
Phil Chapman
Phil Chapman is a senior instructor. He is responsible for the delivery of a range of courses including official Microsoft, CompTIA, EC Council and BCS official certifications. He is also the subject matter expert and project lead for the bespoke Law Enforcement Cyber Security training packages which are delivered to UK Law Enforcement agencies and forces. He holds a variety of IT Technical and Security qualifications across many fields. Phil spent 23 years in the Royal Air Force as an Intellige...

Join our learners and upskill
in leading technologies