Key Roles include
System administrators design and implement computer systems that run a given operating system in a secure manner. They are also responsible for the continued secure operation. When security measures fail, they assist in containment and other parts of incident response. They need to know how to securely configure and run the operating system (OS). They also need to understand how the OS protects the applications running on it. They should know the options for intrusion prevention, detection, and at least the basics of intrusion response. Knowing how attackers find and exploit vulnerabilities is an asset.
Network administrators design and implement computer networks that provide communication between computers on the same or different networks. They are also responsible for firewalls and other network infrastructure required for properly enforcing security policies. They should know the options for network-based intrusion prevention and detection. When security measures fail, they assist in containment and other parts of incident response. They need to know how to configure network infrastructure devices for security and how to isolate parts of a network. Knowing how attackers find and exploit vulnerabilities is an asset.
Penetration testers (also known as ethical hackers or a red team) test existing systems, looking for vulnerabilities. The goal is to find problems before the attackers do. They need to know how software fails and how attackers think.
Auditors (for PCI or other security requirements or regulations) compare systems and networks to standards, rules, and/or regulations that apply to security. They need to understand the requirements for the audited systems and be able to understand where the systems meet or exceed the requirements and where they are deficient. This knowledge needs to be more than a superficial checkbox-security level.
Managers of cloud systems are similar to system and network administrators, but they are responsible for virtual system servers instead of physical systems. They need to know the virtual system operational security issues in addition to the physical system issues.
Incident handlers and responders deal with reports of possible security breaches and determine if the breach is real. For actual security problems, they are then involved in analyzing intrusions, containment, cleanup, and possibly identifying the root cause of the problem.
Forensics experts deal with tracking security breaches back to the root cause. They might also be responsible for reverse engineering malware. To do their jobs, they need to know all of system and network administration topics, as well as be well-versed in computer architecture and secure software engineering and testing. They also need to know how attackers think and find vulnerabilities.
Threat Models and attackers
This class introduces security for all people in the SDLC. It starts with a short discussion of the meaning of security in software systems and security in the SDLC and then covers threat models, what they contain, the business effects of an exploit, and a high-level discussion of risk analysis. It also covers how attackers find and exploit vulnerabilities and classes of vulnerabilities. The class also provides examples of what attackers can do when they exploit various vulnerabilities All examples are real vulnerabilities that have occurred or are based on real vulnerabilities. Students in this class will develop a threat model and explore vulnerability classes including performing a few simple exploits to see how easy they are.
Secure system administration on Gnu/Linux
This class is intended for students who want to learn how to configure Gnu/Linux systems to be secure, test the security of systems, and/or and manage the system more securely.
Secure system administration on Microsoft Windows
These OS-specific classes go over the details that sysadmins need to know to manage systems securely. Topics covered include user privileges, file access control, controlling active services, understanding the memory protection between processes, network communication and bandwidth limits, and intrusion detection systems.
Secure network administration
This class goes over the how security applies to all of the layers in the ISO model of networking. It also covers filtering traffic, isolating network segments, and the basics of network-based attacks and how to mitigate the threats.
Introduction to security testing
This class introduces students to techniques for security testing of software systems. They learn about techniques such as static and dynamic analysis, fuzz testing, and black-and white-box testing. They learn some of the major vulnerability classes and the basics of how to test for them. Students test real and simulated systems to reinforce the concepts.
Penetration testing (ethical hacking)
This class takes up where the introduction stops. This class covers all of the major vulnerability classes and testing techniques and tools for finding them. Students learn how attackers approach a target and what they can easily learn about it. Students test real and simulated systems to find and exploit vulnerabilities. They work with tools such as intercepting proxies, and Metasploit.
Cryptography and security
This class covers the fundamental cryptographic concepts and protocols, including digital signatures and public key infrastructure (PKI). It emphasizes that simply using cryptography does not make a system secure, and that students should never develop their own cryptographic algorithms and protocols. Beyond covering the basics, this class also discusses various problems and how existing cryptographic solutions can be applied to improve security and mitigate threats. Students work with cryptographic systems and use them to solve problems.