Services

Services for your Business

The human component is key to countering the continually evolving nature of cyber threats, both from internal and external sources. Realistic, innovative training and exercising builds a winning level of confidence and expertise.

Cyber Operations Training

Hands-on instruction is an effective way to teach cyber operational skills. Students can interact directly with tools and experience the outcome of their actions. The simulator advantage means that students are separated from the operational network, so they are free to experiment and explore techniques that would be risky on a live network.

CENTS® can assist with cybersecurity training tailored to individual situations. Our engineering support staff will confer with you concerning your technical training requirements and number of students, so we can ensure the training environment is appropriately configured. Training can be conducted at one or more locations based on your needs.

Operational Mission Support and Target Development

Mission success may hinge on rehearsing and practicing for all  kinds of operations, whether they are daily, wartime, or contingency operations. Rehearsals give operators a chance to bolster the human component of cybersecurity. This means working on their communication skills and interactions with other members of their team and across organizations.

CENTS® cyber specialists bring an array of current practices and operations lessons learned. Our technical advisors can help you engage cyber operators with an emulated adversary, giving them an opportunity to practice tactics and techniques on an attack or perceived threat analysis.  Our instruction support staff designs instruction plans, materials, student workbooks, and other training tools as required. We tailor material to the audience, exercise environment,  and specific learning objectives.

Cyber Competition Planning and Execution

CENTS® accomplished planners know that cyber competition requires a special set of considerations apart from standard exercises. Capture the Cyber Flag can be played with teams on the cyber playing field. Another option is a force-on-force cyber competition. In either case, the rules of engagement, various exercise logistics, and requirements of the cyber playing field need to be determined.

Cyber competitions can be formulated to support advanced concepts applications, team skills refinement, or force-on-force operations and rehearsals. CENTS® planners employ proven simulators to focus on these specific skills and learning outcomes in a robust, realistic cyber environment.

C- Suite ½ day Cybersecurity Session: Prepare to Defend

Offering

Hands-on-lab exercises to validate cybersecurity defense readiness

Validation-as-a Service (not a product sale)

Monday – set-up and orientation

Ideal participant count per session is 5 to 20 people

Anticipate 30 sessions per year

Content

Exercise Introduction

Range familiarization and topology and equipment overview

Hacking methodologies exercises

  • Reconnaissance
  • Scanning and enumeration
  • Access
  • Privilege escalation
  • Persistent
  • Evasion
  • Social engineering

Validation

  • Practical capstone
  • Written test

Hot wash

  • Informal read-out of observations

Remediation plan as applicable to follow

Standard

NIST

  • Framework for Improving Critical Infrastructure Cybersecurity (Identify, Protect, Detect, Respond, Recover)
  • Security Considerations in the Information System Development Life Cycle (SP800-64)
  • Managing Information Security Risk (SP800-39)
  • Continuous Monitoring (SP800-137)
  • Techniques and Procedures for Verifying the Effectiveness of Security Controls (SP800-53A)
  • NICE website cybersecurity work force mappings

DHS

  • Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Architecture
  • Consensus Audit Guidelines – 20 Critical Security Controls

ISO

  • Requirements and guidance for bodies providing audit and certification of an information security management system (ISMS). (27006:2011)
  • Requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization (27001:2013)

3 ½ day Cybersecurity Session: Optimize to Defend

Offering

Hands-on-lab exercises to validate cybersecurity defense readiness

Validation-as-a Service (not a product sale)

Monday – set-up and orientation

Tuesday – exercise

Wednesday – exercise

Thursday ½ – hot wash

Ideal participant count per session is 5 to 20 people

Anticipate 30 sessions per year

Content

Exercise Introduction

Range familiarization and topology and equipment overview

Hacking methodologies exercises

  • Reconnaissance
  • Scanning and enumeration
  • Access
  • Privilege escalation
  • Persistent
  • Evasion
  • Social engineering

Validation

  • Practical capstone
  • Written test

Hot wash

  • Informal read-out of observations

Remediation plan as applicable to follow

Standard

NIST

  • Framework for Improving Critical Infrastructure Cybersecurity (Identify, Protect, Detect, Respond, Recover)
  • Security Considerations in the Information System Development Life Cycle (SP800-64)
  • Managing Information Security Risk (SP800-39)
  • Continuous Monitoring (SP800-137)
  • Techniques and Procedures for Verifying the Effectiveness of Security Controls (SP800-53A)
  • NICE website cybersecurity work force mappings

DHS

  • Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Architecture
  • Consensus Audit Guidelines – 20 Critical Security Controls

ISO

  • Requirements and guidance for bodies providing audit and certification of an information security management system (ISMS). (27006:2011)
  • Requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization (27001:2013)

5 day Cybersecurity Session

Offering

Hands-on-lab exercises to validate cybersecurity defense readiness

Validation-as-a Service (not a product sale)

Monday – set-up and orientation

Tuesday – exercise

Wednesday – exercise

Thursday ½ – exercise

Thursday ½ – hot wash

Friday – client read-out, teardown

Ideal participant count per session is 5 to 20 people

Anticipate 30 sessions per year

Content

Exercise Introduction

Range familiarization and topology and equipment overview

Hacking methodologies exercises

  • Reconnaissance
  • Scanning and enumeration
  • Access
  • Privilege escalation
  • Persistent
  • Evasion
  • Social engineering

Validation

  • Practical capstone
  • Written test

Hot wash

  • Informal read-out of observations

Remediation plan as applicable to follow

Standard

NIST

  • Framework for Improving Critical Infrastructure Cybersecurity (Identify, Protect, Detect, Respond, Recover)
  • Security Considerations in the Information System Development Life Cycle (SP800-64)
  • Managing Information Security Risk (SP800-39)
  • Continuous Monitoring (SP800-137)
  • Techniques and Procedures for Verifying the Effectiveness of Security Controls (SP800-53A)
  • NICE website cybersecurity work force mappings

DHS

  • Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Architecture
  • Consensus Audit Guidelines – 20 Critical Security Controls

ISO

  • Requirements and guidance for bodies providing audit and certification of an information security management system (ISMS). (27006:2011)
  • Requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization (27001:2013)

Think you are safe? We can help.