Learning Paths

Skills

Vulnerability Assessment Analyst | PR-VAM-001 | Work Role 541

25 courses
32 hours

A vulnerability assessment analyst identifies, analyzes, and mitigates threats to internal systems and networks. Responsibilities include conducting assessments of threats and vulnerabilities; determining deviations from acceptable configurations or policies; assessing the level of risk; and developing and/or recommending appropriate mitigation countermeasures.

This path will get you started on your journey to becoming a vulnerability assessment analyst! Begin with the fundamental concepts of network protocols and common network analysis and attack techniques through hands-on labs, dive into the essential skills necessary to perform the day-to-day functions of vulnerability scanning and detection and then expand your skill set with, automation, deeper/advanced concepts and additional knowledge from adjacent roles!

Path estimated completion time is ~40 hours for total content.

This path aligns to the Knowledge, Skills, Abilities and Tasks (KSAs) within the Workforce Framework for Cybersecurity (CSWF) and the DoD Cyber Workforce Framework (DCWF) for the work role of:

Vulnerability Assessment Analyst Work Role 541 or PR-VAM-001

For complete coverage of skill paths and tooling for the Vulnerability Assessment Analyst role, please navigate to the Penetration and Vulnerability Tester Channel

Courses in this path

Fundamentals

Begin your learning journey with the fundamental concepts of network protocols and common network analysis and attack techniques through hands-on labs and courses!

*Note the lab length is showing the allotted time that the environment will be open and available before resetting. The estimated completion time of each lab is 45 minutes.

Enterprise Security: Executive Briefing

by Aaron Rosenmund
39m
(66)

Network Protocols for Security: TCP and UDP

by Brandon DeVault
20m
(17)

Red Team Tools for Emulated Adversary Techniques with MITRE ATT&CK

by Aaron Rosenmund
17m
(22)

Identify Common Cyber Network Attacks with Wireshark

by Chris Greer
2h 34m
(48)

Information and Cyber Security Literacy: Governance, Risk, and Compliance

by John Elliott
59m
(27)

Security Framework: NIST CSF

by Mike Woolard
54m
(33)

Skill Essentials

Now that you know the fundamentals, dive into the essential skills necessary to perform the day-to-day functions of a vulnerability assessment analyst including network enumeration and vulnerability scanning and detection.

Conducting Network Vulnerability Analysis

by Kevin Cardwell
2h 28m
(19)

Getting Started with Nmap 7

by Matt Glass
1h 26m
(60)

Testing Security Controls and Detecting Vulnerabilities with Nmap 7

by Matt Glass
1h 38m
(31)

Scanning for Vulnerabilities with Nmap 7 Scripting Engine (NSE)

by Matt Glass
57m

OpenVAS Concepts and Scanning

by David Clinton
50m

Discover Network Weaknesses with Nessus

by Kevin Cardwell
1h 45m

Vulnerability Analysis with Nessus

by Kevin Cardwell
1h 46m
(35)

Investigate Network Targets with Nexpose

by Kevin Cardwell
1h 42m

Performing Network Vulnerability Scanning with Nexpose

by Kevin Cardwell
2h 13m

Expanded Skillset

It's time to expand your skill set with tools, more advanced concepts and emerging trends and vulnerabilities!

This section gives you a brief introduction into many, additional skills that you will find helpful as a vulnerability assessment analyst. We have full training paths on all of these skills; see the Supplemental Skill Paths section to learn more.

Common Vulnerabilities and Exploits with Python

by Laurentiu Raducu
48m
(12)

Apache Commons Text Vulnerability: What You Should Know

by Bri Frost
10m
(17)

Log4j Vulnerability: What You Should Know

by Brandon DeVault
8m
(76)

Specialized Testing: XSS

by Christian Wenz
1h 14m

Specialized Testing: SQL Injection

by Christian Wenz
1h 13m

Specialized Testing: CSRF

by Christian Wenz
48m

Adjacent Skill Knowledge

Now that you've mastered all the skills for a vulnerability assessment analyst, learn about additional cyber roles and their responsibilities.

OWASP Top 10: The Big Picture

by Hampton Paulk
1h 24m
(154)

Getting Started with Snort 3

by Matt Glass
1h 6m
(11)

Network Security Monitoring with Suricata

by Open Information Security Foundation (OISF)
2h 27m
(12)

Getting Started with OWASP Zed Attack Proxy (ZAP) for Web Application Penetration Testing

by Mike Woolard
1h 55m
(35)

Try for free

Get this learning path plus top-rated picks in tech skills and other popular topics.

Your 10 day free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this path free for 30 days

Supplemental Skill Paths:

Information and Cyber Security Foundations

Vulnerability Analysis

Information Security Testing and Auditing with Nmap

Python for Cyber Offense

Pen Testing

[Web App Pen Testing(https://app.pluralsight.com/paths/skill/web-app-pen-testing)

Breaking News: Vulnerabilities, Exploits and Breaches

Experience

None

Learn with the best

Aaron Rosenmund

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more

Brandon DeVault

Brandon DeVault is a Security Researcher focused on threat hunting at CrowdStrike. He is also a member of the Florida Air National Guard with a variety of offensive and defensive experience. Prior to joining CrowdStrike, Brandon worked full-time as an author with Pluralsight and at Elastic, creating and delivering security content. He also worked with Special Operations Command, where he had two deployments to Afghanistan on deployable communications teams. His experience spans incident response... more

Chris Greer

Chris Greer is a network analyst for Packet Pioneer, delivering training and packet analysis consulting services to customers all over the world. He specializes in using Wireshark to combat network and application performance problems on networks of all sizes. Chris leverages his 20 years of practical experience in network monitoring, analysis, and troubleshooting to heighten the experience of any attendee to his interactive and energetic courses. When he is not digging deep into packets or te... more

John Elliott

John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S... more

Mike Woolard

Mike is an information security manager who has worked in the IT and Information Security fields for 22+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness training. An active member in various local security groups, Mike volunteers, speaks, or attends various information security cons.

Kevin Cardwell

Kevin Cardwell provides consulting services for companies throughout the world and is an adviser to numerous government entities across the globe. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, first and second edition.

Matt Glass

Matt Glass is a Service Delivery Manager in Naples, Italy, working as a government contractor. Matt has 15 years of IT experience in a variety of roles. Consistently finding joy in developing the skills of others and helping their careers, he joined Pluralsight in 2017 to pass on the lessons he learned. Matt is married and the father of four children.

David Clinton

David Clinton is an AWS Solutions Architect and a Linux server administrator. He's written books on cloud and Linux administration, IT security, and data analytics.

Laurentiu Raducu

It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ... more

Bri Frost

Bri is a renowned expert with 7 years of experience in the field of Cybersecurity and IT, bringing a unique perspective to the table. As the Director of Security Curriculum and Research at Pluralsight, Bri is instrumental in developing the cutting-edge cybersecurity curriculum and content strategy. With a wealth of knowledge as an author of Pluralsight training content, she infuses a "red-team" or attacker-focused mindset into her teachings to grasp security concepts and defense strategies effec... more

Christian Wenz

Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... more

Hampton Paulk

Hampton began learning and creating in the digital realm over 20 years ago and enjoys helping others improve and work toward their goals.

Open Information Security Foundation (OISF)

The Open Information Security Foundation is a a 501(c)3 nonprofit organization created to build community and to support open source security technologies like Suricata, the world-class IDS/IPS network monitoring engine.

Contact Sales