EQF Level: EQF Level 5 (Short-cycle higher education)
Training Type: Upskilling
ECSF Skills Covered:
- Design systems and architectures based on security and privacy by design and by defaults cybersecurity principles – Intermediate
- Analyse and implement cybersecurity policies, certifications, standards, methodologies and frameworks – Intermediate
- Identify and exploit vulnerabilities – Intermediate
- Assess the security and performance of solutions – Intermediate
- Identify, analyse and correlate cybersecurity events – Intermediate
- Implement cybersecurity recommendations and best practices – Intermediate
- Decompose and analyse systems to identify weaknesses and ineffective controls – Intermediate
- Manage and analyse log files – Intermediate
Learning Objectives:
- Analyse enterprise network architectures and identify structural security weaknesses.
- Design and implement Layer 2 and Layer 3 hardening measures to mitigate common network threats.
- Configure and validate firewall policies and access control mechanisms aligned with security requirements.
- Assess network traffic behaviour and detect anomalous or malicious activity patterns.
- Apply defence-in-depth principles across switching, routing and perimeter security layers.
- Execute structured network hardening procedures in controlled lab environments.
- Evaluate the effectiveness of implemented security controls through integrated scenario-based testing.
Learning Outcomes:
- Implement secure VLAN segmentation, port security and Layer 2 protection mechanisms.
- Configure secure routing protocols and access control lists to reduce attack surface exposure.
- Deploy and validate firewall rule sets aligned with defined security policies.
- Analyse captured traffic to identify reconnaissance, scanning and unauthorised access attempts.
- Detect and mitigate misconfigurations that introduce lateral movement or privilege escalation risks.
- Integrate monitoring and logging mechanisms to enhance network visibility and defensive posture.
- Demonstrate coordinated hardening and defence actions within an integrated Cyber Range scenario.
Course Structure (Learning Nodes): 1. Network Security Architecture Foundations
· Enterprise network architecture models (Core / Distribution / Access)
· Network segmentation and zoning principles
· Attack surface mapping at Layer 2 and Layer 3
· Common internal network threats (rogue devices, spoofing, flooding)
· Secure configuration frameworks (CIS Benchmarks, vendor hardening guides)
2. VLAN Architecture and Secure Trunk Design
· Deterministic VLAN segmentation models
· Functional zoning (Management, Users, Servers, Guest, Voice)
· Secure trunk configuration principles (802.1Q, allowed VLAN lists)
· Native VLAN risks and mitigation strategies
· VLAN hopping attack mechanics and prevention
1. [CR] Secure VLAN and Trunk Implementation
· VLAN creation and structured segmentation
· Secure trunk link configuration
· Removal of unused VLANs
· Inter-VLAN routing validation
· Configuration verification and persistence
3. Spanning Tree Architecture and Deterministic Topology Control
· STP operation fundamentals (Root Bridge, Port Roles, States)
· Risks of uncontrolled root bridge election
· Structured root bridge placement strategy
· Convergence behaviour and topology change handling
· RSTP vs STP considerations
2. [CR] STP Root Bridge Design and Convergence Analysis
· Primary and secondary root bridge configuration
· Root election validation
· Topology change simulation
· Convergence timing analysis
· STP behaviour documentation
4. STP Protection Mechanisms and Edge Port Security
· Rogue switch insertion risks
· BPDU Guard deployment strategy
· Root Guard application logic
· Loop Guard against unidirectional link failures
· PortFast considerations and edge hardening
3. [CR] STP Protection Enforcement
· BPDU Guard configuration
· Root Guard validation
· Loop Guard deployment
· Detection of inconsistent ports
· Topology manipulation simulation
5. Layer 2 Threat Mitigation Technologies
· DHCP spoofing attack mechanics
· ARP poisoning and MITM attacks
· IP Source Guard principles
· Storm control thresholds and broadcast containment
· Management VLAN isolation
4. [CR] DHCP Snooping and Binding Table Validation
· Global and per-VLAN DHCP Snooping activation
· Trusted vs untrusted port designation
· Binding table validation
5. [CR] IP Source Guard and Traffic Filtering
· IP-to-MAC validation enforcement
· Access port security testing
6. [CR] Dynamic ARP Inspection (DAI)
· ARP validation against DHCP Snooping database
· ARP spoofing detection
7. [CR] Storm Control Configuration
· Broadcast / Multicast / Unicast threshold enforcement
· Flood simulation and mitigation
6. Integrated Layer 2 Defensive Validation Scenario
· Combined control stack validation methodology
· Security control interaction analysis
· Observing defensive behaviour under simulated attack
· Validation of logging and monitoring indicators
8. [CR] Final Integrated Defense Scenario
· Rogue DHCP server attempt
· ARP spoofing simulation
· VLAN hopping attempt
· STP root takeover attempt
· Broadcast flood simulation
Full protection stack validation and documentation
1 Chief Information Security Officer (CISO): No
2. Cyber Incident Responder: No
3. Cyber Legal, Policy & Compliance Officer: No
4. Cyber Threat Intelligence Specialist: No
5. Cybersecurity Architect: No
6. Cybersecurity Auditor: No
Cybersecurity Educator: No
Cybersecurity Implementer: No
Cybersecurity Researcher: No
Cybersecurity Risk Manager: No
Digital Forensics Investigator: No
Penetration Tester: No
SMEs: No
Cybersecurity Professionals: No
LMS : No
Cyber Range : No
SG/TTX: No
Bootcamp : No
Hackathon : No
1 Analyse and comply with cybersecurity-related laws, regulations and legislations: No
2 Analyse and consolidate organisation’s quality and risk management practices: No
3 Analyse and implement cybersecurity policies, certifications, standards, methodologies and frameworks: No
4 Analyse business processes, assess and review software or hardware security, as well as technical and organisational controls: No
5 Anticipate cybersecurity threats, needs and upcoming challenges: No
6 Anticipate required changes to the organisation’s information security strategy and formulate new plans: No
7 Apply auditing tools and techniques: No
8 Assess and enhance an organisation’s cybersecurity posture: No
9 Assess the security and performance of solutions: No
10 Audit with integrity, being impartial and independent: No
11 Automate threat intelligence management procedures: No
12 Build a cybersecurity risk-aware environment: No
13 Build resilience against points of failure across the architecture: No
14 Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organisational processes, finance and business strategy: No
15 Collaborate with other team members and colleagues: No
16 Collect information while preserving its integrity: No
17 Collect, analyse and correlate cyber threat information originating from multiple sources: No
18 Collect, evaluate, maintain and protect auditing information: No
19 Communicate, coordinate and cooperate with internal and external stakeholders: No
20 Communicate, explain and adapt legal and regulatory requirements and business needs: No
21 Communicate, present and report to relevant stakeholders: No
22 Comprehensive understanding of the business strategy, models and products and ability to factor into legal, regulatory and standards’ requirements: No
23 Conduct ethical hacking: No
24 Conduct technical analysis and reporting: No
25 Conduct user and business security requirements analysis: No
26 Conduct, monitor and review privacy impact assessments using standards, frameworks, acknowledged methodologies and tools: No
27 Configure solutions according to the organisation’s security policy: No
28 Coordinate the integration of security solutions: No
29 Decompose and analyse systems to develop security and privacy requirements and identify effective solutions: No
30 Decompose and analyse systems to identify weaknesses and ineffective controls: No
31 Define and apply maturity models for cybersecurity management: No
32 Design systems and architectures based on security and privacy by design and by defaults cybersecurity principles: No
33 Design, apply, monitor and review Information Security Management System (ISMS) either directly or by leading its outsourcing: No
34 Design, develop and deliver learning programmes to cover cybersecurity needs: No
35 Develop and communicate, detailed and reasoned investigation reports: No
36 Develop code, scripts and programmes: No
37 Develop codes, scripts and programmes: No
38 Develop cybersecurity exercises including simulations using cyber range environments: No
39 Develop evaluation programs for the awareness, training and education activities: No
40 Develop, champion and lead the execution of a cybersecurity strategy: No
41 Draw cybersecurity architectural and functional specifications: No
42 Enable business assets owners, executives and other stakeholders to make risk-informed decisions to manage and mitigate risks: No
43 Establish a cybersecurity plan: No
44 Explain and communicate data protection and privacy topics to stakeholders and users: No
45 Explain and present digital evidence in a simple, straightforward and easy to understand way: No
46 Follow and practice auditing frameworks, standards and methodologies: No
47 Generate new ideas and transfer theory into practice: No
48 Guide and communicate with implementers and IT/OT personnel: No
49 Identify and exploit vulnerabilities: No
50 Identify and select appropriate pedagogical approaches for the intended audience: No
51 Identify and solve cybersecurity-related issues: No
52 Identify needs in cybersecurity awareness, training and education: No
53 Identify non-cyber events with implications on cyber-related activities: No
54 Identify threat actors TTPs and campaigns: No
55 Identify, analyse and correlate cybersecurity events: No
56 Implement cybersecurity recommendations and best practices: No
57 Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards: No
58 Influence an organisation’s cybersecurity culture: No
59 Integrate cybersecurity solutions to the organisation’s infrastructure: No
60 Lead the development of appropriate cybersecurity and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties: No
61 Manage and analyse log files: No
62 Manage cybersecurity resources: No
63 Model threats, actors and TTPs: No
64 Monitor new advancements in cybersecurity-related technologies: No
65 Motivate and encourage people: No
66 Organise and work in a systematic and deterministic way based on evidence: No
67 Perform social engineering: No
68 Practice all technical, functional and operational aspects of cybersecurity incident handling and response: No
69 Propose and manage risk-sharing options: No
70 Propose cybersecurity architectures based on stakeholder’s needs and budget: No
71 Provide training towards cybersecurity and data protection professional certifications: No
72 Review and enhance security documents, reports, SLAs and ensure the security objectives: No
73 Review codes assess their security: No
74 Select appropriate specifications, procedures and controls: No
75 Think creatively and outside the box: No
76 Understand legal framework modifications implications to the organisation’s cybersecurity and data protection strategy and policies: No
77 Understand, practice and adhere to ethical requirements and standards: No
78 Use and apply CTI platforms and tools: No
79 Use penetration testing tools effectively: No
80 Utilise existing cybersecurity-related training resources: No
81 Work ethically and independently; not influenced and biased by internal or external actors: No
82 Work on operating systems, servers, clouds and relevant infrastructures: No
83 Work under pressure: No
