All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Core Tech
    •

Vulnerability Assessment Analyst | Work Role ID: 541 (NIST: PD-WRL-007)

37 Courses
18 Labs
67 Hours
Skill IQ

A **vulnerability assessment analyst** performs assessments of systems and networks and identifies where those systems/networks deviate from acceptable configurations or policies. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

This path will get you started on your journey to becoming a vulnerability assessment analyst! Begin with the fundamental concepts of network protocols and common network analysis and attack techniques through hands-on labs, dive into the essential skills necessary to perform the day-to-day functions of vulnerability scanning and detection and then expand your skill set with, automation, deeper/advanced concepts and additional knowledge from adjacent roles!

This path aligns to the Knowledge, Skills, Abilities and Tasks (KSAs) within the **Workforce Framework for Cybersecurity (CSWF)** and the **DoD Cyber Workforce Framework (DCWF)** for the work role of:

**Vulnerability Assessment Analyst** Work Role 541 or PD-WRL-007

Get started

Content in this path

Fundamentals

Begin your learning journey with the fundamental concepts of network protocols and common network analysis and attack techniques through hands-on labs and courses!

Course

Information Systems Operations and Business Resilience: Business Resilience

  • by Kevin Henry
  • 1h 4m
  • Aug 13, 2024
Course

Information and Cyber Security Literacy: Governance, Risk, and Compliance

  • by John Elliott
  • 59m
  • Dec 14, 2022
Course

Security Framework: NIST RMF

  • by Bobby Rogers
  • 1h 8m
  • Jun 12, 2023
Course

Security Framework: NIST CSF

  • by Mike Woolard
  • 55m
  • May 14, 2024
Course

Enterprise Security: Executive Briefing

  • by Aaron Rosenmund
  • 39m
  • Oct 12, 2024
Course

Information and Cyber Security Literacy: Security Operations

  • by Christopher Rees
  • 56m
  • Jul 08, 2024
Course

Network Protocols for Security: TCP and UDP

  • by Brandon DeVault
  • 20m
  • Feb 09, 2023
Lab

Network Protocols for Security: TCP and UDP

  • by Brandon DeVault
  • 2h 5m
  • Aug 04, 2025
Lab

Network Analysis: Network and Host Discovery

  • by Craig Stansbury
  • 45m
  • Aug 04, 2025
Lab

Network Analysis: Packet Capture

  • by Miguel Saavedra
  • 50m
  • Aug 04, 2025
Course

Identify Common Cyber Network Attacks with Wireshark

  • 2h 34m
  • Oct 12, 2021
Course

Windows Endpoint Security: Logs

  • by Michael Teske
  • 28m
  • Nov 29, 2023
Lab

Windows Endpoint Security: Logs

  • by Michael Teske
  • 2h 35m
  • Aug 04, 2025
Lab

Linux Endpoint Security: Logs

  • by Aaron Rosenmund
  • 2h 20m
  • Aug 04, 2025
Course

OWASP Top 10: The Big Picture

  • by Hampton Paulk
  • 1h 24m
  • Oct 27, 2023
Course

Ethical Hacking: Cloud Computing

  • by Michael Teske
  • 48m
  • Nov 21, 2022
Course

IT Professional Fundamentals: Virtualization and Cloud Computing

  • by Vlad Catrinescu
  • 1h 27m
  • Mar 16, 2022

Skill Essentials

Now that you know the fundamentals, dive into the essential skills necessary to perform the day-to-day functions of a vulnerability assessment analyst including network enumeration and vulnerability scanning and detection.

Course

Conducting Network Vulnerability Analysis

  • by Kevin Cardwell
  • 2h 28m
  • Jul 31, 2025
Course

Getting Started with Nmap 7

  • by Matt Glass
  • 1h 26m
  • Aug 04, 2025
Course

Testing Security Controls and Detecting Vulnerabilities with Nmap 7

  • by Matt Glass
  • 1h 38m
  • Jul 31, 2025
Course

Maximizing Nmap 7 for Security Auditing

  • by Matt Glass
  • 1h 3m
  • Jun 23, 2022
Course

Scanning for Vulnerabilities with Nmap 7 Scripting Engine (NSE)

  • by Matt Glass
  • 57m
  • Jun 23, 2022
Course

Discover Network Weaknesses with Nessus

  • by Kevin Cardwell
  • 1h 45m
  • Jul 31, 2025
Course

Vulnerability Analysis with Nessus

  • by Kevin Cardwell
  • 1h 46m
  • Jul 31, 2025
Course

Performing Network Vulnerability Scanning with Nexpose

  • by Kevin Cardwell
  • 2h 13m
  • May 07, 2018
Course

Investigate Network Targets with Nexpose

  • by Kevin Cardwell
  • 1h 42m
  • Jul 31, 2025
Course

OpenVAS Concepts and Scanning

  • by David Clinton
  • 50m
  • Jul 31, 2025
Lab

Vulnerability Scanning: OpenVAS

  • by Peter Mosmans
  • 55m
  • Aug 04, 2025
Lab

Web Attacks: Automated Scanning with OWASP Zap

  • by Laurentiu Raducu
  • 55m
  • Aug 04, 2025
Lab

Assets and Topology: Vulnerability Analysis

  • by Zach Roof
  • 2h
  • Aug 05, 2025
Lab

System Protection: System Hardening

  • by Craig Stansbury
  • 50m
  • Aug 04, 2025
Course

OWASP Top 10 with Burp Suite

  • by Mike Woolard
  • 1h 10m
  • Sep 09, 2024
Course

Scanning and Reconnaissance with Metasploit

  • by Dale Meredith
  • 35m
  • Oct 22, 2024
Course

Application Analysis with SonarQube

  • by George Smith
  • 34m
  • Sep 27, 2022

Expanded Skillset

It's time to expand your skill set with tools, more advanced concepts and emerging trends and vulnerabilities! This section gives you a brief introduction into many, additional skills that you will find helpful as a vulnerability assessment analyst. We have full training paths on all of these skills; see the Supplemental Skill Paths section to learn more.

Course

Common Vulnerabilities and Exploits with Python

  • by Laurentiu Raducu
  • 48m
  • Dec 09, 2022
Lab

Network Attacks: IOT Devices

  • by Kevin Cardwell
  • 40m
  • Jul 30, 2025
Lab

Network Attacks: Privilege Escalation

  • by Rishalin Pillay
  • 55m
  • Aug 05, 2025
Lab

Network Attacks: Reverse Shells

  • by Rishalin Pillay
  • 1h
  • Aug 04, 2025
Course

Specialized Testing: XSS

  • by Christian Wenz
  • 1h 14m
  • Jul 30, 2022
Course

Specialized Testing: SQL Injection

  • by Christian Wenz
  • 1h 13m
  • Oct 06, 2022
Course

Specialized Testing: CSRF

  • by Christian Wenz
  • 48m
  • Nov 30, 2022
Lab

Web Attacks: Command Injection

  • by Riley Kidd
  • 1h 5m
  • Aug 04, 2025
Course

Specialized Testing: Command Injection

  • by Michael Edie
  • 1h 2m
  • Jul 06, 2023

Adjacent Skill Knowledge

Now that you've mastered all the skills for a vulnerability assessment analyst, learn about additional cyber roles and their responsibilities.

Course

Information and Cyber Security GRC: Risk Management

  • 1h 36m
  • Feb 27, 2024
Course

Information and Cyber Security GRC: Governance

  • by Dominique West
  • 1h
  • Nov 09, 2023
Course

Information and Cyber Security GRC: Compliance Assessment and Reporting

  • by Jacob Ansari
  • 1h 55m
  • May 15, 2023
Course

Information and Cyber Security GRC: Commission and Manage Penetration Tests

  • by Mike Woolard
  • 1h 11m
  • Sep 25, 2023
Lab

Assess Password Policy Compliance

  • by Aaron Rosenmundby John Elliott
  • 2h 10m
  • Aug 04, 2025
Course

Getting Started with OWASP Zed Attack Proxy (ZAP) for Web Application Penetration Testing

  • by Mike Woolard
  • 1h 55m
  • Aug 04, 2025
Lab

Network Attacks: Command and Control

  • by Rishalin Pillay
  • 1h 15m
  • Aug 05, 2025
Lab

Network Attacks: Metasploit Payloads

  • by Bri Frost
  • 1h 25m
  • Jul 30, 2025
Course

Sandworm: C2 over HTTP Emulation

  • by Matthew Lloyd Davies
  • 5m
  • Nov 12, 2024
Lab

Sandworm: C2 over HTTP Emulation Lab

  • by Matthew Lloyd Davies
  • 55m
  • Aug 05, 2025
Course

Sandworm: Keylogging Emulation

  • by Matthew Lloyd Davies
  • 5m
  • Nov 18, 2024
Lab

Sandworm: Keylogging Emulation Lab

  • by Matthew Lloyd Davies
  • 30m
  • Jul 30, 2025
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
What You'll Learn
Prerequisites
  • None
Related topics
  • cswf
  • dcwf
  • nice framework
  • Vulnerability Analysis
  • Vulnerability Scanning
  • Penetration Testing
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Kevin Henry
Kevin Henry
Kevin Henry is a well-known and respected educator and lecturer in the fields of information security and audit. Kevin uses his more than 30 years of practical experience as a network technician, computer programmer, and information systems auditor to deliver outstanding presentations that make each topic interesting, relevant, and useful. Often described by students as "The best instructor I have ever had," Kevin has the ability to provide quality instruction that engages the audience and provi...
John Elliott
John Elliott
John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S...
Bobby Rogers
Bobby Rogers
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the U.S. Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a master’s degree in information assura...
Mike Woolard
Mike Woolard
Mike is an information security manager who has worked in the IT and Information Security fields for 22+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness training. An active member in various local security groups, Mike volunteers, speaks, or attends various information security cons.
Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur...
Christopher Rees
Christopher Rees
Chris is a professional information technologist, author, trainer, manager and a lifelong learner. He is married with 3 beautiful children and interested in working out, spending time with family and friends and being creative whenever possible. He has been an author for over 25 years and has created over 60 IT Certification training courses. Chris really enjoys helping people advance in their careers through training and personal development.
Brandon DeVault
Brandon DeVault
Brandon DeVault is a Security Researcher focused on threat hunting at CrowdStrike. He is also a member of the Florida Air National Guard with a variety of offensive and defensive experience. Prior to joining CrowdStrike, Brandon worked full-time as an author with Pluralsight and at Elastic, creating and delivering security content. He also worked with Special Operations Command, where he had two deployments to Afghanistan on deployable communications teams. His experience spans incident response...
Craig Stansbury
Craig Stansbury
Craig has over 10 years of IT experience, including working on Palo Alto Firewalls, Cisco Routes and Switches, Microsoft Servers, and VMWare ESXi. Craig started in IT in the United States Marine Corps and began teaching his Marines all the design and implementation concepts that they needed to know. He loves when his students have the "lightbulb moment" and are able to understand the concepts he is teaching them. Aside from teaching, Craig also owns a business that consults with enterprises to h...
Miguel Saavedra
Miguel Saavedra
Miguel Saavedra is an author, solutions architect, and Instructor specializing in AWS, big data, automation, and security. He has worked in several companies in the finance/fintech, education, and medical industries as well as some government projects. He has published and conducted research on both cloud and on-premise solutions for big data focusing on network analytics, and machine learning. He also designs highly available and automated CICD toolchains for high throughput microservices on AW...
Michael Teske
Michael Teske
Michael Teske is a principal security author with Pluralsight helping people build their skills toolkit. Michael has 25+ years of experience in the IT Ops/Cloud/Cybersecurity industry including 17 of those years as an IT instructor at a technical college, focusing on Microsoft server infrastructure, security and automation. Michael attained his MBA with an emphasis in Computer Information System Security several years ago. Michael still keeps up with the industry as an independent consultant in ...
Hampton Paulk
Hampton Paulk
Hampton brings 25+ years of hands-on technology experience to every course he creates. His teaching philosophy is simple: meet learners where they are and make complex topics accessible. Whether breaking down emerging technologies, explaining foundational concepts, or exploring advanced implementations, he draws from decades of real-world experience building, breaking, and fixing systems. His approach combines practical insights with clear explanations, helping professionals at all levels gain t...
Vlad Catrinescu
Vlad Catrinescu
Vlad is a Microsoft 365 and Power Platform expert specializing in empowering organizations to securely and effectively integrate AI-powered tools, such as Microsoft 365 Copilot and AI Agents, into their digital workplaces. An IT professional at heart, Vlad excels at preparing, securing, and governing modern environments, enabling IT administrators and business users to automate processes, enhance productivity, and drive digital transformation with confidence. As a Microsoft Certified Trainer, a...
Kevin Cardwell
Kevin Cardwell
Kevin Cardwell provides consulting services for companies throughout the world and is an adviser to numerous government entities across the globe. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, first and second edition.
Matt Glass
Matt Glass
Matt Glass is a Service Delivery Manager in Naples, Italy, working as a government contractor. Matt has 17 years of IT experience in a variety of roles. Consistently finding joy in developing the skills of others and helping their careers, he joined Pluralsight in 2017 to pass on the lessons he learned. Matt is married and the father of four children.
David Clinton
David Clinton
David Clinton is a data analyst, an AWS Solutions Architect and a Linux server administrator. He's written books on cloud and Linux administration, IT security, and data analytics.
Peter Mosmans
Peter Mosmans
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet...
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ...
Zach Roof
Zach Roof
Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy...
Dale Meredith
Dale Meredith
Dale Meredith has been a Certified Ethical Hacker/Instructor EC-Council for the past 15 years, and Microsoft Certified Trainer for over 20 years. Dale also has an additional 7 years of senior IT management experience and worked as a CTO for a popular ISP provider. Dale's expertise is in explaining difficult concepts and ensuring his students have an actionable knowledge of the course material. Straddling the line of fun and function, Dale's instruction is memorable and entertaining. Dale's knowl...
George Smith
George Smith
George Smith has spent more than 25 years in the IT industry. During this time he has held a variety of positions, starting with web UI development and business analysis, progressing with system administration and infrastructure, then switching to core systems programming, technical consulting, and finally becoming an E-Commerce Architect and Subject Matter Expert. He is well versed in modern trends like Containerization, Infrastructure as Code, Serverless computing models, and more. George demo...
Rishalin Pillay
Rishalin Pillay
Rishalin is a prolific author and cybersecurity expert. He has authored several video courses on Pluralsight, as well as three books: "Learn Penetration Testing", "Offensive Shellcode from Scratch." and "Ethical Hacking Workshop". He is also a technical contributor to many other books on topics such as dark web analysis, Kali Linux, offensive security, and SECOPS. He has received the Microsoft Content Publisher Gold and Platinum awards for his contributions to the cybersecurity industry. Rishal...
Christian Wenz
Christian Wenz
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an...
Riley Kidd
Riley Kidd
Riley has technical security consultancy experience – leading and building teams to deliver projects and outcomes for clients. He has created and facilitated technical trainings across secure coding, python for hackers, offensive operations, and Capture The Flag competitions. Riley has created technical educational content across YouTube, TCM Academy, and his personal Capture The Flag platform – 247CTF. Riley holds a number of certifications including OSCP, OSCE, OSED, OSWE, OSEP, CRTO, CRTL, C...
Michael Edie
Michael Edie
Michael is a Senior Security Consultant with 10+ years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends. He is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements solutions and evaluates s...
Dominique West
Dominique West
With 10 years in the Technology industry, Dominique West currently manages Datadog's compliance management function within the Information Security Department. As a leader, she is responsible for maintaining and executing the regulatory compliance roadmap, ensuring that it supports the business, sales and revenue objectives while maintaining alliance with existing information security standards. Prior to her time at Datadog, Dominique worked for as a Senior Cloud Security Consultant for Ernst ...
Jacob Ansari
Jacob Ansari
Jacob Ansari worked on Pluralsight courses that cover the topic of PCI DSS Standards.
Bri Frost
Bri Frost
With many years of experience in cybersecurity, Bri brings a red-team mindset to security training. As the Director of Security and IT Ops Curriculum at Pluralsight, she crafts high-impact courses that teach professionals how to defend against real-world cyber threats by understanding attacker techniques. She has led cyber exercises focused on adversary emulation for the Department of Defense, providing critical insights into offensive security tactics. Additionally, her background includes netw...
Matthew Lloyd Davies
Matthew Lloyd Davies
Matt is a cyber security author and researcher here at Pluralsight. A certified penetration tester and incident handler, he created Pluralsight's CompTIA Pentest+ Specialized Attacks courses as well our courses on wireless, ICS/OT and hardware hacking. Matt has also helped to build our security labs portfolio; labs that help you get hands-on to understand the threats and vulnerabilities your organization faces today. With a background in Chemical Engineering, Matt's focus is on the security ...

Join our learners and upskill
in leading technologies