Training CompTIA

Training goals

code: CT-SECURITYX | version: CAS-005

CompTIA SecurityX (formerly CASP+ CompTIA Advanced Security Practitioner) is an advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterprise’s cybersecurity readiness.

CompTIA SecurityX will certify the successful candidate has the knowledge and skills required to:

  • Architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise.
  • Use automation, monitoring, detection, and incident response to proactively support ongoing security operations in an enterprise environment.
  • Apply security practices to cloud, on-premises, and hybrid environments.
  • Consider cryptographic technologies and techniques, as well as the impact of emerging trends (e.g., artificial intelligence) on information security.
  • Use the appropriate governance, compliance, risk management, and threat-modeling strategies throughout the enterprise.

SecurityX (formerly CASP+) is compliant with ISO 17024 standards and approved by the U.S. DoD to meet Directive 8140.03M requirements.

Each participant in an authorized training CompTIA SecurityX Prep Course held in Compendium CE will receive a free CAS-005 CompTIA SecurityX Certification Exam vouchers.

Jobs You Can Land With CompTIA Security+

  • Security Architect
  • Cybersecurity Engineer
  • SOC Manager
  • Cyber Risk Analyst
  • Chief Information Security Officer (CISO)

Conspect Show list

  • Governance, Risk, and Compliance
    • Given a set of organizational security requirements, implement the appropriate governance components
      • Security program documentation
      • Security program management
      • Governance frameworks
      • Change/configuration management
      • Governance risk and compliance (GRC) tools
      • Data governance in staging environments
    • Given a set of organizational security requirements, perform risk management activities
      • Impact analysis
      • Risk assessment and management
      • Third-party risk management
      • Availability risk considerations
      • Confidentiality risk considerations
      • Integrity risk considerations
      • Privacy risk considerations
      • Crisis management
      • Breach response
    • Explain how compliance affects information security strategies
      • Awareness of industry-specific compliance
      • Industry standards
      • Security and reporting frameworks
      • Audits vs. assessments vs. certifications
      • Privacy regulations
      • Awareness of cross-jurisdictional compliance requirements
    • Given a scenario, perform threat-modeling activities
      • Actor characteristics
      • Attack patterns
      • Frameworks
      • Attack surface determination
      • Methods
      • Modeling applicability of threats to the organization/environment
    • Summarize the information security challenges associated with artificial intelligence (AI) adoption
      • Legal and privacy implications
      • Threats to the model
      • AI-enabled attacks
      • Risks of AI usage
      • AI-enabled assistants/digital workers
  • Security Architecture
    • Given a scenario, analyze requirements to design resilient systems
      • Component placement and configuration
      • Availability and integrity design Considerations
    • Given a scenario, implement security in the early stages of the systems life cycle and throughout subsequent stages
      • Security requirements definition
      • Software assurance
      • Continuous integration/continuous deployment (CI/CD)
      • Supply chain risk management
      • Hardware assurance
      • End-of-life (EOL) considerations
    • Given a scenario, integrate appropriate controls in the design of a secure architecture
      • Attack surface management and reduction
      • Detection and threat-hunting enablers
      • Information and data security design
      • DLP
      • Hybrid infrastructures
      • Third-party integrations
      • Control effectiveness
    • Given a scenario, apply security concepts to the design of access, authentication, and authorization systems
      • Provisioning/deprovisioning
      • Federation
      • Single sign-on (SSO)
      • Conditional access
      • Identity provider
      • Service provider
      • Attestations
      • Policy decision and enforcement points
      • Access control models
      • Logging and auditing
      • Public key infrastructure (PKI) architecture
      • Access control systems
    • Given a scenario, securely implement cloud capabilities in an enterprise environment
      • Cloud access security broker (CASB)
      • Shadow IT detection
      • Shared responsibility model
      • CI/CD pipeline
      • Terraform
      • Ansible
      • Package monitoring
      • Container security
      • Container orchestration
      • Serverless
      • API security
      • Cloud vs. customer-managed
      • Cloud data security considerations
      • Cloud control strategies
      • Customer-to-cloud connectivity
      • Cloud service integration
      • Cloud service adoption
    • Given a scenario, integrate Zero Trust concepts into system architecture design
      • Continuous authorization
      • Context-based reauthentication
      • Network architecture
      • API integration and validation
      • Asset identification, management, and attestation
      • Security boundaries
      • Deperimeterization
      • Defining subject-object relationships
  • Security Engineering
    • Given a scenario, troubleshoot common issues with identity and access management (IAM) components in an enterprise environment
      • Subject access control
      • Biometrics
      • Secrets management
      • Conditional access
      • Attestation
      • Cloud IAM access and trust policies
      • Logging and monitoring
      • Privilege identity management
      • Authentication and authorization
    • Given a scenario, analyze requirements to enhance the security of endpoints and servers
      • Application control
      • Endpoint detection response (EDR)
      • Event logging and monitoring
      • Endpoint privilege management
      • Attack surface monitoring and reduction
      • Host-based intrusion protection system/host-based detection system (HIPS/HIDS)
      • Anti-malware
      • SELinux
      • Host-based firewall
      • Browser isolation
      • Configuration management
      • Mobile device management (MDM) technologies
      • Threat-actor tactics, techniques, and procedures (TTPs)
    • Given a scenario, troubleshoot complex network infrastructure security issues
      • Network misconfigurations
      • IPS/IDS issues
      • Observability
      • Domain Name System (DNS) security
      • Email security
      • Transport Layer Security (TLS) errors
      • Cipher mismatch
      • PKI issues
      • Issues with cryptographic implementations
      • DoS/distributed denial of service (DDoS)
      • Resource exhaustion
      • Network access control list (ACL) issues
    • Given a scenario, implement hardware security technologies and techniques
      • Roots of trust
      • Security coprocessors
      • Virtual hardware
      • Host-based encryption
      • Self-encrypting drive (SED)
      • Secure Boot
      • Measured boot
      • Self-healing hardware
      • Tamper detection and countermeasures
      • Threat-actor TTPs
    • Given a set of requirements, secure specialized and legacy systems against threats
      • Operational technology (OT)
      • Internet of Things (IoT)
      • System-on-chip (SoC)
      • Embedded systems
      • Wireless technologies/radio frequency (RF)
      • Security and privacy considerations
      • Industry-specific challenges
      • Characteristics of specialized/legacy systems
    • Given a scenario, use automation to secure the enterprise
      • Scripting
      • Cron/scheduled tasks
      • Event-based triggers
      • Infrastructure as code (IaC)
      • Configuration files
      • Cloud APIs/software development kits (SDKs)
      • Generative AI
      • Containerization
      • Automated patching
      • Auto-containment
      • Security orchestration, automation, and response (SOAR)
      • Vulnerability scanning and reporting
      • Security Content Automation Protocol (SCAP)
      • Workflow automation
    • Explain the importance of advanced cryptographic concepts
      • Post-quantum cryptography (PQC)
      • Key stretching
      • Key splitting
      • Homomorphic encryption
      • Forward secrecy
      • Hardware acceleration
      • Envelope encryption
      • Performance vs. security
      • Secure multiparty computation
      • Authenticated encryption with associated data (AEAD)
      • Mutual authentication
    • Given a scenario, apply the appropriate cryptographic use case and/or technique
      • Use cases
      • Techniques
  • Security Operations
    • Given a scenario, analyze data to enable monitoring and response activities
      • Security information event management (SIEM)
      • Aggregate data analysis
      • Behavior baselines and analytics
      • Incorporating diverse data sources
      • Alerting
      • Reporting and metrics
    • Given a scenario, analyze vulnerabilities and attacks, and recommend solutions to reduce the attack surface
      • Vulnerabilities and attacks
      • Mitigations
    • Given a scenario, apply threat-hunting and threat intelligence concepts
      • Internal intelligence sources
      • External intelligence sources
      • Counterintelligence and operational security
      • Threat intelligence platforms (TIPs)
      • Indicator of compromise (IoC) sharing
      • Rule-based languages
      • Indicators of attack
    • Given a scenario, analyze data and artifacts in support of incident response activities
      • Malware analysis
      • Reverse engineering
      • Volatile/non-volatile storage analysis
      • Network analysis
      • Host analysis
      • Metadata analysis
      • Hardware analysis
      • Data recovery and extraction
      • Threat response
      • Preparedness exercises
      • Timeline reconstruction
      • Root cause analysis
      • Cloud workload protection platform (CWPP)
      • Insider threat
Download conspect training as PDF

Additional information

Prerequisites

Minimum 10 years general hands on IT experience, 5 years being hands-on security, with Network+, Security+, CySA+, Cloud+ and PenTest+ or equivalent knowledge.
Difficulty level
Duration 5 days
Certificate

The participants will obtain certificates signed by CompTIA (course completion). This course will help prepare you for the CompTIA SecurityX certification exam, which is available through the Pearson VUE test centers.

Each participant in an authorized training CompTIA SecurityX Prep Course held in Compendium CE will receive a free CAS-005 CompTIA SecurityX Certification Exam vouchers.
Trainer

Authorized CompTIA Trainer.
CompTIA show more courses
Training thematically related

Security

Security | Aruba

Network Security | Broadcom

Java Programming | Capstone Courseware

Java EE | Capstone Courseware

Open-Source Frameworks | Capstone Courseware

XML and Web Services | Capstone Courseware

Core Training | Check Point

Infinity Specializations | Check Point

ICS/OT security | Compendium CE

Security+ | CompTIA

CySA+ | CompTIA

PenTest+ | CompTIA

Certified Ethical Hacker | EC-Council

Advanced WAF (AWAF) | F5

Access Policy Manager (APM) | F5

Advanced Firewall Manager (AFM) | F5

Fortinet Certified Professional (FCP) | Fortinet

Fortinet Certified Solution Specialist (FCSS) | Fortinet

Cyber security | ISC2

Microsoft 365 | Microsoft

Security | Microsoft

Pen Testing & Ethical Hacking | Mile2

Information Systems Management | Mile2

Incident Handling | Mile2

Web Application Security | Mile2

Cloud Security | Mile2

Forensics | Mile2

Disaster Recovery | Mile2

Healthcare | Mile2

Risk Management | Mile2

Auditing | Mile2

Cyber Range | Mile2

Security Awareness | Mile2

Cyber Threat Analyst | Mile2

Network Security | Palo Alto Networks

SASE | Palo Alto Networks

Security Operations | Palo Alto Networks

ISO/IEC 27001 Information Security Management Systems | PECB®

LinkProof | Radware

DefensePro | Radware

AppDirector | Radware

Alteon | Radware

Fundamentals | SCADEMY

C# | SCADEMY

C/C++ | SCADEMY

Java | SCADEMY

PHP | SCADEMY

Python | SCADEMY

WEB | SCADEMY

Cloud | SCADEMY

Cryptography | SCADEMY

Finance | SCADEMY

Healthcare | SCADEMY

Telecome | SCADEMY

Software design | SCADEMY

Software testing | SCADEMY

Dark Web | SECO-Institute

Cyber Defence | SECO-Institute

Crisis Management | SECO-Institute

Data Protection | SECO-Institute

Kubernetes | SUSE

Linux | The Linux Foundation

E-learning | The Linux Foundation

Exam | The Linux Foundation

Contact form

Please fill form below to obtain more info about this training.






* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.

PRICE 1700 EUR

FORM OF TRAINING ?

 

TRAINING MATERIALS ?

 

EXAM ?

 

SELECT TRAINING DATE

  • hybrid training: HYBRID
    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
  • hybrid training: HYBRID
    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
  • hybrid training: HYBRID
    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
  • hybrid training: HYBRID
    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
  • hybrid training: HYBRID
    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
Book a training appointment
close

Traditional training

Sessions organised at Compendium CE are usually held in our locations in Kraków and Warsaw, but also in venues designated by the client. The group participating in training meets at a specific place and specific time with a coach and actively participates in laboratory sessions.

Dlearning training

You may participate from at any place in the world. It is sufficient to have a computer (or, actually a tablet, or smartphone) connected to the Internet. Compendium CE provides each Distance Learning training participant with adequate software enabling connection to the Data Center. For more information, please visit dlearning.eu site

close

Paper materials

Traditional materials: The price includes standard materials issued in the form of paper books, printed or other, depending on the arrangements with the manufacturer.

Electronic materials

Electronic materials: These are electronic training materials that are available to you based on your specific application: Skillpipe, eVantage, etc., or as PDF documents.

Ctab materials

Ctab materials: the price includes ctab tablet and electronic training materials or traditional training materials and supplies provided electronically according to manufacturer's specifications (in PDF or EPUB form). The materials provided are adapted for display on ctab tablets. For more information, check out the ctab website.

Upcoming CompTIA training

Training schedule CompTIA