Software development
Artificial Intelligence
Cloud
View all courses
Learn
Connect
Blog
Resource hub
Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Core Tech
    •

Security Control Assessor | Work Role ID: 612 (NIST: OG-WRL-012)

38 Courses
5 Labs
55 Hours
Skill IQ

A **security control assessor** conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37).

This path will get you started on your journey to becoming a cyber defense incident responder! Begin with the fundamental concepts of network protocols and common network analysis and data governance hands-on labs, dive into the essential skills necessary to perform the day-to-day functions and then expand your skill set with, automation, deeper/advanced concepts and additional knowledge from adjacent roles!

This path aligns to the Knowledge, Skills, Abilities and Tasks (KSAs) within the **Workforce Framework for Cybersecurity (CSWF)** and the **DoD Cyber Workforce Framework (DCWF)** for the work role of:

**Security Control Assessor** Work Role 612 or OG-WRL-012

Get started
Content in this path
Fundamentals

Begin your learning journey with the fundamental concepts of networking and security!

Course
IT Professional Fundamentals: Networking
  • by Vlad Catrinescu
  • 2h 31m
  • Jun 20, 2024
Course
Security Engineering: Secure Networks
  • by Chris Jackson
  • 1h 43m
  • Aug 13, 2024
Course
Enterprise Security: Executive Briefing
  • by Aaron Rosenmund
  • 39m
  • Oct 12, 2024
Course
Security Controls: CIS Controls
  • by Bobby Rogers
  • 1h 32m
  • Dec 20, 2021
Course
Information and Cyber Security Literacy: Security Operations
  • by Christopher Rees
  • 56m
  • Jul 08, 2024
Course
Data Governance: Understanding Data Privacy and Security
  • by Mike Woolard
  • 33m
  • Nov 27, 2023
Course
Data Security Champion: Data Privacy Regulations
  • by Kevin James
  • 15m
  • May 17, 2024
Course
Security Framework: NIST RMF
  • by Bobby Rogers
  • 1h 8m
  • Jun 12, 2023
Course
Information Systems Operations and Business Resilience: Business Resilience
  • by Kevin Henry
  • 1h 4m
  • Aug 13, 2024
Course
Information Security Management: Compliance Audits
  • by Christopher Rees
  • 2h 3m
  • Jan 15, 2025
Course
Governance and Management of IT: Governance
  • by Kevin Henry
  • 1h 43m
  • Aug 08, 2024
Course
Information Systems Auditing Process: Planning
  • by Kevin Henry
  • 1h 59m
  • Aug 01, 2024
Skill Essentials

Now that you know the fundamentals, dive into the essential skills necessary to perform the day-to-day functions of a security control assessor.

Course
Protection of Information Assets: Information Asset Security and Control
  • by Kevin Henry
  • 3h 27m
  • Sep 11, 2024
Course
Information and Cyber Security GRC: Governance
  • by Dominique West
  • 1h
  • Nov 09, 2023
Course
Information and Cyber Security GRC: Risk Management
  • 1h 36m
  • Feb 27, 2024
Course
Information Systems Auditing Process: Audit Execution
  • by Kevin Henry
  • 1h 46m
  • Aug 01, 2024
Course
Conducting Network Vulnerability Analysis
  • by Kevin Cardwell
  • 2h 28m
  • Jul 31, 2025
Course
Testing Security Controls and Detecting Vulnerabilities with Nmap 7
  • by Matt Glass
  • 1h 38m
  • Jul 31, 2025
Course
Scanning for Vulnerabilities with Nmap 7 Scripting Engine (NSE)
  • by Matt Glass
  • 57m
  • Jun 23, 2022
Course
Maximizing Nmap 7 for Security Auditing
  • by Matt Glass
  • 1h 3m
  • Jun 23, 2022
Lab
Web Attacks: Automated Scanning with OWASP Zap
  • by Laurentiu Raducu
  • 55m
  • Aug 04, 2025
Course
Automate Web Application Scans with OWASP ZAP and Python
  • by Mike Woolard
  • 1h 8m
  • Aug 04, 2025
Expanded Skillset

It's time to expand your skill set with tools, and more advanced concepts! This section gives you a brief introduction into many, additional skills that you will find helpful as a security control assessor. We have full training paths on all of these skills; see the Supplemental Skill Paths section to learn more.

Course
Fundamentals of OT Security
  • by Matthew Lloyd Davies
  • 41m
  • Sep 14, 2023
Course
Getting Started with Zeek
  • by Joe Abraham
  • 1h 26m
  • Aug 04, 2025
Lab
Assets and Topology: Vulnerability Analysis
  • by Zach Roof
  • 2h
  • Aug 05, 2025
Course
Specialized Engineering: Enterprise Hybrid Cloud
  • by Michael Brown
  • 1h 9m
  • Dec 05, 2022
Course
Incident Response: Network Analysis
  • by Brandon DeVault
  • 1h 10m
  • Mar 09, 2022
Course
Specialized Testing: XSS
  • by Christian Wenz
  • 1h 14m
  • Jul 30, 2022
Course
Specialized Testing: SQL Injection
  • by Christian Wenz
  • 1h 13m
  • Oct 06, 2022
Course
Specialized Testing: CSRF
  • by Christian Wenz
  • 48m
  • Nov 30, 2022
Course
Specialized Testing: Deserialization
  • by Peter Mosmans
  • 1h 1m
  • Feb 27, 2023
Course
Specialized Testing: API Testing
  • by George Smith
  • 56m
  • Dec 14, 2022
Adjacent Skill Knowledge

Now that you've mastered all the skills for a security control assessor, learn about additional cyber roles and their responsibilities.

Course
Governance and Management of IT: Management
  • by Kevin Henry
  • 1h 12m
  • Aug 01, 2024
Course
Information and Cyber Security GRC: Compliance with External Factors
  • by Dr. Lyron H. Andrews
  • 1h 19m
  • Jul 28, 2023
Course
IT Security Champion: Cyber Threat Intel and Emerging Threats
  • by Christopher Rees
  • 16m
  • Feb 29, 2024
Lab
Monitoring and Detection: Elastic Stack
  • by Sean Wilkins
  • 1h 35m
  • Aug 04, 2025
Lab
Network Analysis: Packet Capture
  • by Miguel Saavedra
  • 50m
  • Aug 04, 2025
Course
Getting Started with Snort 3
  • by Matt Glass
  • 1h 6m
  • Jun 23, 2022
Course
OpenVAS Concepts and Scanning
  • by David Clinton
  • 50m
  • Jul 31, 2025
Course
The PCI Security Standards
  • by John Elliott
  • 1h 35m
  • Aug 19, 2024
Course
Zero Trust Identity and Access Management
  • by Phil Chapman
  • 1h 2m
  • Aug 01, 2024
Course
Sandworm: C2 over HTTP Emulation
  • by Matthew Lloyd Davies
  • 5m
  • Nov 12, 2024
Lab
Sandworm: C2 over HTTP Emulation Lab
  • by Matthew Lloyd Davies
  • 55m
  • Aug 05, 2025
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial
Free team trial
What You'll Learn
Prerequisites
  • None
Related topics
  • cswf
  • dcwf
  • Security Control Assessor
  • nice framework
  • GRC
  • cyber security
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more
Learn with the best
Vlad Catrinescu
Vlad Catrinescu
Vlad is a Microsoft 365 and Power Platform expert specializing in empowering organizations to securely and effectively integrate AI-powered tools, such as Microsoft 365 Copilot and AI Agents, into their digital workplaces. An IT professional at heart, Vlad excels at preparing, securing, and governing modern environments, enabling IT administrators and business users to automate processes, enhance productivity, and drive digital transformation with confidence. As a Microsoft Certified Trainer, a...
Chris Jackson
Chris Jackson
Chris Jackson is a cybersecurity professional with years of experience in identifying security incidents, securing applications and security training. Over the years, he has tested web applications for vulnerabilities, helped deploy SIEM platforms and more. He is passionate about teaching cybersecurity and committed to learning new technologies.
Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur...
Bobby Rogers
Bobby Rogers
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the U.S. Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a master’s degree in information assura...
Christopher Rees
Christopher Rees
Chris is a professional information technologist, author, trainer, manager and a lifelong learner. He is married with 3 beautiful children and interested in working out, spending time with family and friends and being creative whenever possible. He has been an author for over 25 years and has created over 60 IT Certification training courses. Chris really enjoys helping people advance in their careers through training and personal development.
Mike Woolard
Mike Woolard
Mike is an information security manager who has worked in the IT and Information Security fields for 22+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness training. An active member in various local security groups, Mike volunteers, speaks, or attends various information security cons.
Kevin James
Kevin James
As a seasoned technologist with over 30 years of wide-ranging expertise in information technology roles across diverse industries, Kevin is passionate about finding effective and economical solutions to business problems. His passion for teaching technical subjects allows him to have a particular style that imparts information yet teaches at the same time. He enjoys working with Linux, Unix and Windows Operating Systems and combined with a deep knowledge of software platforms as varied as Ap...
Kevin Henry
Kevin Henry
Kevin Henry is a well-known and respected educator and lecturer in the fields of information security and audit. Kevin uses his more than 30 years of practical experience as a network technician, computer programmer, and information systems auditor to deliver outstanding presentations that make each topic interesting, relevant, and useful. Often described by students as "The best instructor I have ever had," Kevin has the ability to provide quality instruction that engages the audience and provi...
Dominique West
Dominique West
With 10 years in the Technology industry, Dominique West currently manages Datadog's compliance management function within the Information Security Department. As a leader, she is responsible for maintaining and executing the regulatory compliance roadmap, ensuring that it supports the business, sales and revenue objectives while maintaining alliance with existing information security standards. Prior to her time at Datadog, Dominique worked for as a Senior Cloud Security Consultant for Ernst ...
Kevin Cardwell
Kevin Cardwell
Kevin Cardwell provides consulting services for companies throughout the world and is an adviser to numerous government entities across the globe. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, first and second edition.
Matt Glass
Matt Glass
Matt Glass is a Service Delivery Manager in Naples, Italy, working as a government contractor. Matt has 17 years of IT experience in a variety of roles. Consistently finding joy in developing the skills of others and helping their careers, he joined Pluralsight in 2017 to pass on the lessons he learned. Matt is married and the father of four children.
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ...
Matthew Lloyd Davies
Matthew Lloyd Davies
Matt is a cyber security author and researcher here at Pluralsight. A certified penetration tester and incident handler, he created Pluralsight's CompTIA Pentest+ Specialized Attacks courses as well our courses on wireless, ICS/OT and hardware hacking. Matt has also helped to build our security labs portfolio; labs that help you get hands-on to understand the threats and vulnerabilities your organization faces today. With a background in Chemical Engineering, Matt's focus is on the security ...
Joe Abraham
Joe Abraham
Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child...
Zach Roof
Zach Roof
Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy...
Michael Brown
Michael Brown
I have worked in IT for 25 years, for 22 of those years I have delivered IT Training. I have delivered Microsoft, CISCO and Amazon Web Services courses across Europe. For the last 4 years I have focused on Cloud technologies delivering cloud training to some of Europe’s biggest organisations. I have been a Microsoft Certified Trainer since 1997 and currently hold certifications from Microsoft, CompTIA and AWS. When not working on training material or delivering courses I spend time in the nort...
Brandon DeVault
Brandon DeVault
Brandon DeVault is a Security Researcher focused on threat hunting at CrowdStrike. He is also a member of the Florida Air National Guard with a variety of offensive and defensive experience. Prior to joining CrowdStrike, Brandon worked full-time as an author with Pluralsight and at Elastic, creating and delivering security content. He also worked with Special Operations Command, where he had two deployments to Afghanistan on deployable communications teams. His experience spans incident response...
Christian Wenz
Christian Wenz
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an...
Peter Mosmans
Peter Mosmans
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet...
George Smith
George Smith
George Smith has spent more than 25 years in the IT industry. During this time he has held a variety of positions, starting with web UI development and business analysis, progressing with system administration and infrastructure, then switching to core systems programming, technical consulting, and finally becoming an E-Commerce Architect and Subject Matter Expert. He is well versed in modern trends like Containerization, Infrastructure as Code, Serverless computing models, and more. George demo...
Dr. Lyron H. Andrews
Dr. Lyron H. Andrews
Dr. Andrews’ technology career spans three decades. His roles included network manager New York City Department of Education, BMG Direct senior director of IT, and BNY Mellon dean of technology. His doctoral research at Teachers College Columbia found that critical thinking skills thrive in environments that are supportive of five essential elements in the mind of a critical thinker. He teaches cyber security. He has integrated technology management with teaching at Columbia University and other...
Sean Wilkins
Sean Wilkins
Sean Wilkins, with over two decades of experience in the IT industry, serves as a distinguished networking consultant and contributor at Tech Building Blocks. His professional journey spans multiple prominent enterprises, underlining his extensive field expertise. Sean's credentials include esteemed certifications from Cisco (CCNP/CCDP), Microsoft (MCSE), and CompTIA (A+ and Network+). Academically, he has achieved a Master’s of Science in Information Technology, specializing in Network Architec...
Miguel Saavedra
Miguel Saavedra
Miguel Saavedra is an author, solutions architect, and Instructor specializing in AWS, big data, automation, and security. He has worked in several companies in the finance/fintech, education, and medical industries as well as some government projects. He has published and conducted research on both cloud and on-premise solutions for big data focusing on network analytics, and machine learning. He also designs highly available and automated CICD toolchains for high throughput microservices on AW...
David Clinton
David Clinton
David Clinton is a data analyst, an AWS Solutions Architect and a Linux server administrator. He's written books on cloud and Linux administration, IT security, and data analytics.
John Elliott
John Elliott
John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S...
Phil Chapman
Phil Chapman
Phil Chapman is a senior instructor. He is responsible for the delivery of a range of courses including official Microsoft, CompTIA, EC Council and BCS official certifications. He is also the subject matter expert and project lead for the bespoke Law Enforcement Cyber Security training packages which are delivered to UK Law Enforcement agencies and forces. He holds a variety of IT Technical and Security qualifications across many fields. Phil spent 23 years in the Royal Air Force as an Intellige...

Get started with Pluralsight

View individual plans View team plans