Legitimized [GIAC Certified Enterprise Defender (GCED)] Expert – Led Video Course – MASTERYTRAIL

1.0. Fundamentals of Enterprise Defense
1.1. Overview of Enterprise Security
1.2. Key Concepts in Defense-in-Depth
1.3. Role of the Enterprise Defender
1.4. Security Frameworks (NIST, ISO)
1.5. Threat Modeling Basics
1.6. Asset Identification and Classification
1.7. Security Policies and Procedures
1.8. Risk Assessment Introduction
1.9. Security Terminology
1.10. Common Attack Surfaces

2.0. Network Architecture Security
2.1. Network Segmentation
2.2. DMZ Design and Implementation
2.3. Firewalls and Filtering
2.4. VLANs and Subnets
2.5. Network Access Control (NAC)
2.6. Secure Network Topologies
2.7. Remote Access Security
2.8. Wireless Network Security
2.9. IP Address Management
2.10. Network Baselines

3.0. Windows Security Fundamentals
3.1. Windows OS Architecture
3.2. Authentication Mechanisms
3.3. Group Policy Objects (GPOs)
3.4. Windows Permissions and Rights
3.5. Patch Management
3.6. Windows Logging
3.7. Service Hardening
3.8. File System Security
3.9. Secure Administrative Practices
3.10. User Account Control (UAC)

4.0. Linux/Unix Security
4.1. Linux/Unix OS Overview
4.2. User and Group Management
4.3. File Permissions and Ownership
4.4. Sudo and Privilege Escalation
4.5. SSH Hardening
4.6. Patch Management
4.7. Service Management
4.8. Log Analysis
4.9. System Hardening
4.10. Scripting for Security

5.0. Authentication and Access Control
5.1. Authentication Types (MFA, SSO)
5.2. Identity and Access Management (IAM)
5.3. Password Policies
5.4. Kerberos Authentication
5.5. LDAP and Directory Services
5.6. Privileged Account Management
5.7. Access Control Models (RBAC, ABAC)
5.8. Federation and OAuth
5.9. Session Management
5.10. Monitoring Access Events

6.0. Security Policies and Procedures
6.1. Policy Development
6.2. Acceptable Use Policies
6.3. Data Classification Policies
6.4. Incident Response Policies
6.5. Change Management
6.6. Security Awareness Training
6.7. Compliance Requirements
6.8. Policy Enforcement
6.9. Policy Review and Updates
6.10. Documentation Best Practices

7.0. Threat Intelligence
7.1. Threat Intelligence Fundamentals
7.2. Types of Threat Intelligence
7.3. Threat Intelligence Platforms
7.4. Indicators of Compromise (IOCs)
7.5. Tactical vs Strategic Threat Intel
7.6. Threat Sharing Communities
7.7. Open Source Intelligence (OSINT)
7.8. Threat Actor Profiling
7.9. Automating Threat Feeds
7.10. Integrating Threat Intel into Defense

8.0. Asset Management
8.1. Asset Discovery Techniques
8.2. Asset Inventory Management
8.3. Asset Classification
8.4. Asset Lifecycle Management
8.5. Vulnerability Mapping
8.6. Critical Asset Identification
8.7. Shadow IT Detection
8.8. Asset Tagging and Labeling
8.9. Asset Disposal Procedures
8.10. Asset Monitoring

9.0. Network Monitoring and Visibility
9.1. Network Monitoring Basics
9.2. Packet Capture Tools
9.3. Flow Data (NetFlow, sFlow)
9.4. IDS vs IPS
9.5. SIEM Integration
9.6. Log Collection and Analysis
9.7. Anomaly Detection
9.8. Network Forensics
9.9. Encrypted Traffic Analysis
9.10. Monitoring Best Practices

10.0. Security Information and Event Management (SIEM)
10.1. SIEM Concepts
10.2. SIEM Architecture
10.3. Log Sources and Types
10.4. Log Normalization
10.5. Correlation Rules
10.6. Alerting and Notifications
10.7. Use Case Development
10.8. Dashboard Design
10.9. SIEM Tuning
10.10. SIEM Compliance Reporting

11.0. Malware and Ransomware Defense
11.1. Malware Types
11.2. Malware Analysis Basics
11.3. Ransomware Attack Lifecycle
11.4. Endpoint Protection Solutions
11.5. Network-based Malware Detection
11.6. Malware Containment
11.7. Backup Strategies
11.8. User Awareness
11.9. Incident Handling
11.10. Malware Defense Automation

12.0. Vulnerability Management
12.1. Vulnerability Scanning
12.2. Vulnerability Assessment
12.3. Vulnerability Prioritization
12.4. Patch Management
12.5. Remediation Tracking
12.6. Configuration Management
12.7. Penetration Testing
12.8. Reporting Vulnerabilities
12.9. Continuous Improvement
12.10. Vulnerability Management Tools

13.0. Web Application Security
13.1. OWASP Top 10
13.2. Input Validation
13.3. Authentication and Session Management
13.4. Cross-site Scripting (XSS)
13.5. SQL Injection
13.6. Secure Coding Practices
13.7. Web Application Firewalls
13.8. Application Scanning Tools
13.9. Secure DevOps (DevSecOps)
13.10. Application Logging

14.0. Email Security
14.1. Email Threat Landscape
14.2. Phishing and Social Engineering
14.3. Email Filtering Technologies
14.4. Secure Email Gateways
14.5. SPF, DKIM, DMARC
14.6. Email Encryption
14.7. User Training
14.8. Incident Response for Email
14.9. Business Email Compromise
14.10. Email Forensics

15.0. Endpoint Security
15.1. Endpoint Security Overview
15.2. Antivirus and EDR Solutions
15.3. Application Whitelisting
15.4. Device Control (USB, Bluetooth)
15.5. Endpoint Hardening
15.6. Patch Management
15.7. Mobile Device Security
15.8. Remote Endpoint Security
15.9. Endpoint Forensics
15.10. Endpoint Policy Management

16.0. Data Protection and Encryption
16.1. Data Classification
16.2. Data Loss Prevention (DLP)
16.3. Encryption Types (at rest, in transit)
16.4. Key Management
16.5. Secure File Transfer
16.6. Database Encryption
16.7. Removable Media Encryption
16.8. Cloud Data Protection
16.9. Data Retention Policies
16.10. Data Destruction

17.0. Incident Detection and Response
17.1. Incident Response Lifecycle
17.2. Detection Techniques
17.3. Triage and Containment
17.4. Eradication and Recovery
17.5. Forensics Basics
17.6. Chain of Custody
17.7. Incident Documentation
17.8. Post-Incident Analysis
17.9. Tabletop Exercises
17.10. Lessons Learned

18.0. Digital Forensics
18.1. Forensics Process Overview
18.2. Evidence Collection
18.3. Disk Imaging and Analysis
18.4. Memory Forensics
18.5. Network Forensics
18.6. Log Analysis
18.7. Malware Analysis in Forensics
18.8. Timeline Analysis
18.9. Forensic Reporting
18.10. Legal Considerations

19.0. Security Operations Center (SOC) Fundamentals
19.1. SOC Roles and Responsibilities
19.2. SOC Processes
19.3. Monitoring and Detection
19.4. Escalation Procedures
19.5. Ticketing Systems
19.6. SOC Metrics and KPIs
19.7. Threat Hunting
19.8. SOC Automation
19.9. Collaboration Tools
19.10. SOC Maturity Models

20.0. Threat Hunting
20.1. Threat Hunting Concepts
20.2. Hypothesis-driven Hunting
20.3. Hunt Team Structure
20.4. Data Sources for Hunting
20.5. Behavioral Analytics
20.6. Threat Hunting Tools
20.7. Hunt Reporting
20.8. Continuous Improvement
20.9. Integrating Intel into Hunting
20.10. Threat Hunt Case Studies

21.0. Security Automation and Orchestration
21.1. Introduction to SOAR
21.2. Playbook Development
21.3. Automated Response Actions
21.4. Integration with SIEM
21.5. Scripting Languages (Python, PowerShell)
21.6. API Integrations
21.7. Alert Enrichment
21.8. Workflow Automation
21.9. Metrics and Reporting
21.10. SOAR Best Practices

22.0. Cloud Security Fundamentals
22.1. Cloud Service Models (IaaS, PaaS, SaaS)
22.2. Shared Responsibility Model
22.3. Cloud Threats
22.4. Cloud Security Tools
22.5. Cloud Access Security Brokers (CASB)
22.6. Identity in the Cloud
22.7. Cloud Encryption
22.8. Cloud Compliance
22.9. Cloud Logging and Monitoring
22.10. Cloud Incident Response

23.0. Secure Network Design
23.1. Principles of Secure Design
23.2. Least Privilege
23.3. Security Zoning
23.4. Network Segmentation
23.5. Redundancy and Resilience
23.6. Secure Protocols
23.7. Secure Remote Access
23.8. Secure Network Devices
23.9. Physical Security
23.10. Change Management in Network Design

24.0. Security Assessments and Audits
24.1. Types of Security Assessments
24.2. Internal vs External Audits
24.3. Compliance Audits
24.4. Gap Analysis
24.5. Scoping an Assessment
24.6. Evidence Collection
24.7. Reporting Findings
24.8. Remediation Planning
24.9. Audit Follow-ups
24.10. Continuous Assessment

25.0. Penetration Testing Basics
25.1. Penetration Testing Lifecycle
25.2. Scoping a Pen Test
25.3. Reconnaissance
25.4. Vulnerability Scanning
25.5. Exploitation Techniques
25.6. Post-exploitation Activities
25.7. Reporting and Communication
25.8. Remediation Support
25.9. Legal and Ethical Issues
25.10. Red Team vs Blue Team

26.0. Security Metrics and Reporting
26.1. Importance of Metrics
26.2. Defining KPIs
26.3. Data Collection Techniques
26.4. Dashboards and Visualization
26.5. Reporting Frequency
26.6. Tailoring Reports for Audiences
26.7. Incident Metrics
26.8. Remediation Metrics
26.9. Continuous Improvement
26.10. Communicating Metrics

27.0. Business Continuity and Disaster Recovery
27.1. Business Impact Analysis
27.2. Continuity Planning
27.3. Disaster Recovery Planning
27.4. Backup Strategies
27.5. Alternate Site Planning
27.6. Testing and Exercises
27.7. Crisis Communication
27.8. Roles and Responsibilities
27.9. Recovery Metrics
27.10. Continuous Improvement

28.0. Compliance and Legal Considerations
28.1. Regulatory Frameworks (GDPR, HIPAA)
28.2. Industry Standards
28.3. Data Privacy Laws
28.4. Legal Hold and E-Discovery
28.5. Contractual Security Requirements
28.6. Intellectual Property Protection
28.7. Breach Notification Laws
28.8. Record Keeping
28.9. International Considerations
28.10. Working with Legal Teams

29.0. Zero Trust Security Model
29.1. Zero Trust Principles
29.2. Identity and Access in Zero Trust
29.3. Network Segmentation in Zero Trust
29.4. Device Trust
29.5. Application Trust
29.6. Continuous Validation
29.7. Zero Trust Architecture
29.8. Implementing Zero Trust
29.9. Zero Trust Tools
29.10. Challenges in Adoption

30.0. Secure Remote Work
30.1. Remote Work Threat Landscape
30.2. Secure Remote Access
30.3. VPN Security
30.4. Endpoint Security for Remote Users
30.5. Secure Collaboration Tools
30.6. Data Loss Prevention
30.7. Authentication for Remote Users
30.8. Monitoring Remote Workforce
30.9. User Training
30.10. Policy Updates

31.0. Mobile Device Security
31.1. Mobile Threat Landscape
31.2. Mobile OS Security Features
31.3. Mobile Device Management (MDM)
31.4. App Security
31.5. Data Protection on Mobile
31.6. Network Protection
31.7. Mobile Malware
31.8. User Awareness
31.9. BYOD Security
31.10. Mobile Incident Response

32.0. Secure Software Development
32.1. Secure SDLC
32.2. Threat Modeling for Devs
32.3. Secure Coding Practices
32.4. Code Review
32.5. Static and Dynamic Analysis
32.6. Dependency Management
32.7. Application Security Testing
32.8. Secure Deployment
32.9. DevSecOps Integrations
32.10. Developer Training

33.0. Physical Security
33.1. Physical Access Controls
33.2. Security of Data Centers
33.3. Environmental Controls
33.4. Video Surveillance
33.5. Visitor Management
33.6. Security Guards
33.7. Alarm Systems
33.8. Physical Security Policies
33.9. Business Continuity
33.10. Integrating Physical and Cybersecurity

34.0. Social Engineering Defense
34.1. Social Engineering Techniques
34.2. Phishing Attacks
34.3. Pretexting and Impersonation
34.4. Baiting and Tailgating
34.5. User Training
34.6. Simulated Attacks
34.7. Reporting Mechanisms
34.8. Security Culture
34.9. Incident Handling
34.10. Reducing Human Risk

35.0. Security Awareness Training
35.1. Awareness Program Goals
35.2. User Training Topics
35.3. Training Delivery Methods
35.4. Gamification
35.5. Testing and Evaluation
35.6. Measuring Effectiveness
35.7. Ongoing Education
35.8. Management Buy-in
35.9. Tailoring Training
35.10. Reporting and Feedback

36.0. Intrusion Detection and Prevention
36.1. IDS/IPS Concepts
36.2. Signature-based Detection
36.3. Anomaly-based Detection
36.4. IDS/IPS Deployment
36.5. Alert Tuning
36.6. False Positives/Negatives
36.7. Network IDS vs Host IDS
36.8. Integration with SIEM
36.9. Logging and Forensics
36.10. IDS/IPS Management

37.0. Wireless Network Security
37.1. Wireless Threats
37.2. Secure Wi-Fi Configuration
37.3. WPA3 and Encryption
37.4. Rogue Access Point Detection
37.5. Wireless IDS/IPS
37.6. Wireless Network Segmentation
37.7. Guest Network Security
37.8. Wireless Authentication
37.9. Wireless Policy
37.10. Wireless Incident Response

38.0. Advanced Persistent Threats (APT)
38.1. APT Lifecycle
38.2. APT Techniques
38.3. APT Detection
38.4. Attribution Challenges
38.5. APT Case Studies
38.6. Defending Against APTs
38.7. Threat Intelligence for APTs
38.8. Incident Response
38.9. Post-APT Recovery
38.10. APT Simulation Exercises

39.0. Application Whitelisting and Control
39.1. Whitelisting Concepts
39.2. Blacklisting vs Whitelisting
39.3. Implementation Strategies
39.4. Policy Development
39.5. Exception Handling
39.6. Monitoring Application Usage
39.7. User Training
39.8. Integration with EDR
39.9. Whitelisting in the Cloud
39.10. Challenges and Pitfalls

40.0. Security in Virtualized Environments
40.1. Virtualization Basics
40.2. Hypervisor Security
40.3. VM Isolation
40.4. Virtual Networking Security
40.5. Cloud Virtualization
40.6. Virtual Storage Security
40.7. Patch Management
40.8. Monitoring and Logging
40.9. Incident Response
40.10. Regulatory Considerations

41.0. Patch and Change Management
41.1. Patch Management Process
41.2. Patch Testing and Rollout
41.3. Patch Automation
41.4. Vulnerability Prioritization
41.5. Change Management Process
41.6. Change Approval Workflows
41.7. Emergency Changes
41.8. Change Documentation
41.9. Impact Analysis
41.10. Verification and Validation

42.0. Secure Configuration Management
42.1. Configuration Baselines
42.2. Secure Defaults
42.3. Configuration Drift
42.4. Automated Configuration Management
42.5. Hardening Guidelines
42.6. Continuous Monitoring
42.7. Configuration Auditing
42.8. Remediation
42.9. Configuration Documentation
42.10. Compliance Mapping

43.0. DNS Security
43.1. DNS Protocol Overview
43.2. DNS Attacks
43.3. DNSSEC
43.4. DNS Filtering
43.5. Monitoring DNS Traffic
43.6. DNS Logging
43.7. DNS Sinkholing
43.8. DNS over HTTPS (DoH)
43.9. DNS Policy
43.10. Incident Response for DNS

44.0. Secure Backup and Recovery
44.1. Backup Types
44.2. Backup Frequency
44.3. Offsite Storage
44.4. Encryption of Backups
44.5. Backup Integrity
44.6. Restore Testing
44.7. Backup Policy
44.8. Cloud Backups
44.9. Ransomware Resilience
44.10. Legal and Compliance

45.0. Securing Third-Party and Supply Chain
45.1. Third-Party Risk Assessment
45.2. Vendor Security Requirements
45.3. Contractual Controls
45.4. Supply Chain Threats
45.5. Monitoring Third Parties
45.6. Security Questionnaires
45.7. Auditing Vendors
45.8. Incident Response with Vendors
45.9. Data Sharing Controls
45.10. Continuous Monitoring

46.0. Cryptography Fundamentals
46.1. Cryptography Basics
46.2. Symmetric vs Asymmetric Encryption
46.3. Hashing Algorithms
46.4. Digital Signatures
46.5. Public Key Infrastructure (PKI)
46.6. Certificate Management
46.7. Crypto Attacks
46.8. Secure Key Storage
46.9. Cryptography in Cloud
46.10. Cryptography Policy

47.0. Security Program Management
47.1. Security Program Components
47.2. Building a Security Roadmap
47.3. Resource Allocation
47.4. Security Governance
47.5. Stakeholder Engagement
47.6. Program Metrics
47.7. Continuous Improvement
47.8. Budgeting
47.9. Board Reporting
47.10. Program Maturity

48.0. Emerging Technologies and Security
48.1. IoT Security
48.2. Blockchain Security
48.3. AI and Machine Learning Security
48.4. 5G Security
48.5. Quantum Computing Risks
48.6. Autonomous Systems
48.7. Smart Cities
48.8. Edge Computing
48.9. Regulatory Trends
48.10. Adapting Security Programs

49.0. Red Team vs Blue Team Operations
49.1. Red Team Concepts
49.2. Blue Team Concepts
49.3. Purple Teaming
49.4. Adversary Emulation
49.5. Attack Simulation
49.6. Defensive Tactics
49.7. Lessons Learned
49.8. Collaboration Techniques
49.9. Reporting and Debrief
49.10. Continuous Red/Blue Testing

50.0. Exam Preparation and Study Tips
50.1. Understanding the GCED Exam
50.2. Study Resources
50.3. Practice Tests
50.4. Time Management
50.5. Exam Registration
50.6. Test-taking Strategies
50.7. Review Weak Areas
50.8. Group Study
50.9. Maintaining Certification
50.10. Continuing Education Paths