• Authentication protocols (LDAP, Kerberos, SAML, OAuth2)
• Identity and Access Management (IAM)
• Least privilege, role-based access control (RBAC)
• Federation and Single Sign-On (SSO)

• Deeper look at ports, protocols, and services
• Intro to Wireshark for packet analysis
• Firewalls: rule sets, NAT, and deep packet inspection
• IDS/IPS vs. SIEM tools – what they do and how they differ

• CVE, CVSS, and vulnerability scoring
• Exploit techniques (buffer overflows, privilege escalation)
• Patch management process in enterprise environments
• Virtual patching & compensating controls

• Threat Actor Types:
  • Script kiddies, criminal organizations, hacktivists, insiders
  • Nation-state actors (APT groups) – motivations and tactics
• Case studies of evolving threats:
  • From basic phishing → sophisticated spear phishing
  • From simple ransomware → double extortion models
• Emerging threat vectors:
  • Deepfakes for social engineering
  • Supply chain attacks (e.g., SolarWinds)
  • AI-powered malware and automation

• 7 stages of an attack:
  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command & Control (C2)
  7. Actions on Objectives
• How defenders can “break the chain” at each stage

• What is ATT&CK and why it’s useful
• Tactics vs. Techniques vs. Procedures (TTPs)
• Brief demo (or screenshots) of MITRE ATT&CK Navigator
• How blue teams use it for threat detection
• Mapping common attacks to ATT&CK

• Recognizing signs of compromise
• Steps in incident response (identify, contain, eradicate, recover)
• Role of users in reporting
• Legal and compliance considerations

• Acceptable Use Policies (AUP), InfoSec Program and sub policies
• Device management (BYOD vs. corporate devices)
• Physical security (access control, secure areas)
• Security awareness culture

• Encryption (at rest/in transit)
• Backups and data recovery
• Secure file sharing and disposal
• Privacy regulations (GDPR, HIPAA, etc.)

Basic networking: IP, DNS, ports, protocols

Firewalls and intrusion detection/prevention (IDS/IPS)

Network segmentation and zero trust principles

VPNs and secure remote access