Cyber Security Training in Cascais

This instructor-led, live training in Cascais (online or onsite) is aimed at advanced-level cybersecurity professionals, AI engineers, and IoT developers who wish to implement robust security measures and resilience strategies for Edge AI systems.

By the end of this training, participants will be able to:

• Understand security risks and vulnerabilities in Edge AI deployments.
• Implement encryption and authentication techniques for data protection.
• Design resilient Edge AI architectures that can withstand cyber threats.
• Apply secure AI model deployment strategies in edge environments.

This instructor-led, live training in Cascais (online or onsite) is aimed at intermediate-level cybersecurity professionals and data scientists who wish to utilize LLMs for enhancing cybersecurity measures and threat intelligence.

By the end of this training, participants will be able to:

• Understand the role of LLMs in cybersecurity.
• Implement LLMs for threat detection and analysis.
• Utilize LLMs for security automation and response.
• Integrate LLMs with existing security infrastructure.

This instructor-led, live training in Cascais (online or onsite) is aimed at intermediate-level to advanced-level cybersecurity professionals and technical leads who wish to understand how to implement AI models to enhance security processes, automate threat detection and response, and perform predictive analysis.

By the end of this training, participants will be able to:

• Understand the role of AI in modern cyber security.
• Develop machine learning models for anomaly and threat detection.
• Implement AI for automating incident response and security operations.
• Evaluate the ethical and operational considerations of AI in cybersecurity.

This instructor-led, live training in Cascais (online or onsite) is aimed at intermediate-level analysts who wish to effectively analyze, secure, and protect their organization's data and networks from cyber threats.

By the end of this training, participants will be able to:

• Gain a comprehensive understanding of the current cybersecurity landscape.
• Learn and apply industry-standard cybersecurity frameworks (e.g., NIST, ISO/IEC 27001) and best practices to enhance the security posture of their organization.
• Implement effective network security measures, including configuring firewalls, VPNs, IDS/IPS systems, and applying encryption techniques to protect data at rest and in transit.
• Identify, analyze, and respond to cybersecurity incidents using threat intelligence, SIEM tools, and incident response plans.

This instructor-led, live training in Cascais (online or onsite) is aimed at intermediate-level network administrators who wish to manage and secure their networks using FortiGate firewalls.

By the end of this training, participants will be able to:

• Understand Fortigate features and functionalities, particularly those introduced or enhanced in version 7.4.
• Configure and manage FortiGate devices and implement advanced security features.
• Deploy and manage advanced security measures like IPS, antivirus, web filtering, and threat management.
• Monitor network activities, analyze logs, and generate reports for auditing and compliance.

This instructor-led, live training in Cascais (online or onsite) is aimed at experienced developers who wish to gain a comprehensive understanding of Python programming and its applications in cybersecurity.

By the end of this training, participants will be able to:

• Use Python programming for defensive cybersecurity.
• Understand and use Python for ethical offensive techniques and digital forensics tasks.
• Recognize legal and ethical considerations surrounding offensive cybersecurity and vulnerability disclosure.

This instructor-led, live training in Cascais (online or onsite) is aimed at intermediate-level to advanced-level IT professionals and business leaders who wish to develop a structured approach to handling data breaches.

By the end of this training, participants will be able to:

• Understand the causes and consequences of data breaches.
• Develop and implement data breach prevention strategies.
• Establish an incident response plan to contain and mitigate breaches.
• Conduct forensic investigations and assess the impact of breaches.
• Comply with legal and regulatory requirements for breach notification.
• Recover from data breaches and strengthen security postures.

This instructor-led, live training in Cascais (online or onsite) is aimed at security professionals who wish to learn the fundamentals of managing Palo Alto Networks' next-generation firewalls.

By the end of this training, participants will be able to:

• Configure and manage Palo Alto Networks' firewall essential features.
• Manage security and NAT policies.
• Manage threat prevention strategies.
• Monitor network threats and traffic.

User session recording technology is used to capture, monitor, and audit user activity on IT systems, providing insights for security, compliance, and forensic investigations.

This instructor-led, live training (online or onsite) is aimed at beginner-level to intermediate-level IT and security professionals who wish to implement user session recording solutions to enhance monitoring, compliance, and accountability.

By the end of this training, participants will be able to:

• Understand the principles of user session recording.
• Deploy and configure session recording solutions.
• Analyze and audit recorded sessions for compliance.
• Integrate session recording with security monitoring systems.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Description:

Basel III is a global regulatory standard on bank capital adequacy, stress testing and market liquidity risk. Having initially been agreed upon by the Basel Committee on Banking Supervision in 2010–11, changes to The Accord have extended implementation to 31st March 2019. Basel III strengthens bank capital requirements by increasing bank liquidity and decreasing bank leverage.
Basel III differs from Basel I & II in that it requires different levels of reserves for different forms of deposits and other types of borrowings, so it does not supersede them so much as it does work alongside Basel I and Basel II.
This complex and constantly changing landscape can be hard to keep up with, our course and training will help you manage likely changes and their impact on your institution. We are accredited with and a training partner to the Basel Certification Institute and as such the quality and suitability of our training and material is guaranteed to be up to date and effective

Objectives:

• Preparation for the Certified Basel Professional Examination.
• Define hands-on strategies and techniques for the definition, measurement, analysis, improvement, and control of operational risk within a banking organization.

Target Audience:

• Board members with risk responsibilities
• CROs and Heads of Risk Management
• Members of the Risk Management team
• Compliance, legal and IT support staff
• Equity and Credit Analysts
• Portfolio Managers
• Rating Agency Analysts

Overview:

• Introduction to Basel norms and amendments to the Basel Accord (III)
• Regulations for market, credit, counterparty and liquidity risk
• Stress testing for various risk measures including how to formulate and deliver stress tests
• The likely effects of Basel III on the international banking industry, including demonstrations of its practical application
• Need For The New Basel Norms
• The Basel III Norms
• Objectives of The Basel III Norms
• Basel III – Timeline

This course is designed to help the attendee to build organizational resilience against a range of threats so that organizations can respond effectively to incidents, maintain the availability of business operations and safeguard its interests. 

Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.

As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.

Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.

Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

This instructor-led, live training in Cascais (online or onsite) focuses on network security from a software security perspective. Participants will learn about common network attacks and defenses across OSI layers, with a strong emphasis on application-layer threats such as session hijacking and denial-of-service (DoS) attacks.

By the end of this training, participants will be able to:

• Understand key concepts in IT security and secure coding.
• Identify and mitigate network threats at different OSI layers.
• Apply cryptographic methods in real-world scenarios.
• Implement and configure security protocols securely.
• Recognize and address cryptographic vulnerabilities and exploits.
• Access resources for ongoing secure coding practices.

The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.

Participants attending this course will 

• Understand basic concepts of security, IT security and secure coding
• Understand Web vulnerabilities both on server and client side
• Realize the severe consequences of unsecure buffer handling
• Be informated about some recent vulnerabilities in development environments and frameworks
• Learn about typical coding mistakes and how to avoid them
• Understand security testing approaches and methodologies

Audience

Managers

After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.

Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities.

This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Understand security testing approaches and methodologies
• Get practical knowledge in using security testing techniques and tools
• Get sources and further readings on secure coding practices

Audience

Developers, Testers

Web Application Security is the discipline of protecting online applications from modern security threats and vulnerabilities, including those that are platform-agnostic and affect core application architecture and input handling.

This instructor-led, live training (online or onsite) is aimed at intermediate-level developers who wish to understand and apply secure coding techniques to mitigate web vulnerabilities and implement robust web application security.

By the end of this training, participants will be able to:

• Understand basic concepts of security, IT security and secure coding.
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them.
• Learn client-side vulnerabilities and secure coding practices.
• Have a practical understanding of cryptography.
• Understand security concepts of Web services.
• Get practical knowledge in using security testing tools.
• Get sources and further readings on secure coding practices.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Cyber Security is the practice of applying technologies, controls, and processes to protect computer systems, servers, networks, devices, programs, and data from malicious cyber attacks.

This instructor-led, live training (online or onsite) is aimed at anyone who wish to learn how to protect internet-connected systems from different kinds of cyber threats.

By the end of this training, participants will be able to:

• Understand the concept of Cyber Security.
• Learn and understand the different Cyber Security threats.
• Learn processes and best practices to protect internet-connected systems from cyber attacks.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This instructor-led, live training in Cascais (online or onsite) is aimed at IT professionals who wish to learn and apply the fundamentals of Cybersecurity practices, processes, and tools in their organization.

By the end of this training, participants will be able to:

• Understand the Cybersecurity concepts, definitions, architecture, and principles.
• Learn how to secure and protect digital assets (networks, systems, applications, and data).
• Implement security models, frameworks, operational techniques, and incident handling.
• Evaluate and mitigate the impact of cyber attacks, risks, threats, and vulnerabilities.
• Gain insights on cybersecurity challenges with emerging technologies.

This instructor-led, live training in Cascais (online or onsite) is aimed at software engineers and IT professionals who wish to gain a deeper knowledge on CyBOK and strengthen theoretical and applied skills in cyber security.

By the end of this training, participants will be able to:

• Understand the fundamental concepts, definitions, and principles of cyber security.
• Acquire in-depth expertise in cyber security by implementing the CyBOK knowledge areas.
• Gain extensive and foundational knowledge to operationalize the CyBOK framework.
• Facilitate community and organization enablement to increase focus on data security and privacy.
• Expand opportunities to earn specialization and credentials for cyber security professions.

The course is intended for those requiring intelligence or evidence from the Dark Web. This will usually be those working in government or law enforcement though may also be in the private sector.

This course provides leaders and managers with an overview of issues and activities associated with cybersecurity.

Leaders will receive information in various topics that will build their knowledge and hone executive decision-making in regard to the cybersecurity threat.    
 

By the end of this training, participants will be able to:

• Understand the Internet, social network Privacy
• Know PII and why it is important
• Know how to secure the Online Activates
• Know how to maintain the Privacy of business users
• Know more of the Cyber laws that protect the Privacy

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Why should you attend?

ISO/IEC 27001 Foundation training allows you to learn the basic elements to implement and manage an Information Security Management System as specified in ISO/IEC 27001. During this training course, you will be able to understand the different modules of ISMS, including ISMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement.

After completing this course, you can sit for the exam and apply for the “PECB Certified ISO/IEC 27001 Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach.

Who should attend?

• Individuals involved in Information Security Management 
• Individuals seeking to gain knowledge about the main processes of Information Security Management Systems (ISMS)
• Individuals interested to pursue a career in Information Security Management

Educational approach

• Lecture sessions are illustrated with practical questions and examples
• Practical exercises include examples and discussions
• Practice tests are similar to the Certification Exam

ISO/IEC 27005 Lead Risk Manager training enables you to acquire the necessary expertise to support an organization in the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program. The training will also contain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA. This training course supports the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard.

After mastering all the necessary concepts of Information Security Risk Management based on ISO/IEC 27005, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27005 Lead Risk Manager” credential. By holding a PECB Lead Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing Information Security Risks.

Who should attend?

• Information Security risk managers
• Information Security team members
• Individuals responsible for Information Security, compliance, and risk within an organization
• Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or individuals who are involved in a risk management program
• IT consultants
• IT professionals
• Information Security officers
• Privacy officers

Examination - Duration: 3 hours

The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:

• Domain 1 Fundamental principles and concepts of Information Security Risk Management
• Domain 2 Implementation of an Information Security Risk Management program
• Domain 3 Information security risk assessment
• Domain 4 Information security risk treatment
• Domain 5 Information security risk communication, monitoring and improvement
• Domain 6 Information security risk assessment methodologies

General Information

• Certification fees are included on the exam price
• Training material containing over 350 pages of information and practical examples will be distributed
• A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued
• In case of exam failure, you can retake the exam within 12 months for free

During the course, participants will learn:

• What is denial of service attacks, Flooding, Sniffing, MIM?
• How to break from the network to the server?
• How to watch packets on the network (also running on switches)?
• Do you watch any combination of the world?
• How to monitor the network?
• How to configure a firewall?
• How to use encrypted connections?
• How to create tunnels?
• How to log packets?
• How to scan ports?
• How to reduce the number of unnecessary services on the server?

The Certified Ethical Hacker certification is a sought-after cybersecurity certification around the world.

This program incorporates instruction and practice to get students ready to take the CEH certification exam as well as the CEH Practical Exam. Candidates who successfully pass both exams earn the CEH Master credential as well as their CEH certification.

Students are given the choice to add either the CPENT or the CHFI course to their package.

Training for either the Certified Penetration Testing Professional (CPENT) course or the Computer Hacking Forensic Investigator (CHFI) course will be given to each student via EC-Council’s online, self-paced, streaming video program.

CPENT (Pen-test):
Teaches students how to apply the concepts and tools taught in the CEH program to a pen-test methodology in a live cyber range.

CHFI (Computer Forensics):
Teaches students a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.

Course Description

CEH provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will teach you how hackers think and act maliciously so you will be better positioned to set up your security infrastructure and defend against future attacks. An understanding of system weaknesses and vulnerabilities helps organizations strengthen their system security controls to minimize the risk of an incident.

CEH was built to incorporate a hands-on environment and systematic process across each ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to achieve the CEH credential. You will be exposed to an entirely different posture toward the responsibilities and measures required to be secure.

Who Should Attend

• Law enforcement personnel
• System administrators
• Security officers
• Defense and military personnel
• Legal professionals
• Bankers
• Security professionals

About the Certified Ethical Hacker Master

To earn the CEH Master certification, you must pass the CEH Practical exam. The CEH Practical Exam was designed to give students a chance to prove they can execute the principals taught in the CEH course. The practical exam requires you to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, and more.

The CEH Practical does not contain simulations. Rather, you will be challenging a live range which was designed to mimic a corporate network through the use of live virtual machines, networks, and applications.

Successfully completing the challenges found in the CEH Practical Exam is the next step after attaining the Certified Ethical Hacker (CEH) certification. Successfully passing both the CEH exam and the CEH Practical will earn you the additional certification of CEH Master.

About the Certified Ethical Hacker Practical

To prove that you are skilled in ethical hacking, we test your abilities with real-world challenges in a real-world environment, using labs and tools requiring you to complete specific ethical hacking challenges within a time limit, just as you would face in the real world.

The EC-Council CEH (Practical) exam is comprised of a complex network that replicates a large organization’s real-life network and consists of various network systems (including DMZ, Firewalls, etc.). You must apply your ethical hacking skills to discover and exploit real-time vulnerabilities while also auditing the systems.

About CPENT

EC-Council’s Certified Penetration Tester (CPENT) program is all about the pen test and will teach you to perform in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you to pen test IoT systems, OT systems, as well as how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and customization of scripts and exploits to get into the innermost segments of the network.

About CHFI

The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation.

This instructor-led, live training in Cascais (online or onsite) is aimed at system administrators who wish to use Okta for identity and access management.

By the end of this training, participants will be able to:

• Configure, integrate, and manage Okta.
• Integrate Okta into an existing application.
• Implement security with multi-factor authentication.

This instructor-led, live training in  (online or onsite) is aimed at developers, engineers, and architects seeking to secure their web apps and services.

By the end of this training, participants will be able to integrate, test, protect, and analyze their web apps and services using the OWASP testing framework and tools

This instructor-led, live Payment Card Industry Professional training in Cascais (online or onsite) provides an individual qualification for industry practitioners who wish to demonstrate their professional expertise and understanding of the PCI Data Security Standard (PCI DSS).

By the end of this training, participants will be able to:

• Understand the payment process and the PCI standards designed to protect it.
• Understand the roles and responsibilities for entities involved in the payment industry.
• Have deep insight into, and understanding of, the 12 PCI DSS requirements.
• Demonstrate knowledge of PCI DSS and how it applies to organizations that are involved in the transaction process.

This instructor-led, live training in Cascais (online or onsite) is aimed at SysAdmins, systems engineers, security architects, and security analysts who wish to write, execute, and deploy PowerShell scripts and commands to automate Windows security management in their organization.

By the end of this training, participants will be able to:

• Write and execute PowerShell commands to streamline Windows security tasks.
• Use PowerShell for remote command execution to run scripts on thousands of systems across an organization.
• Configure and harden Windows Server and Windows Firewall to protect systems from malware and attacks.
• Manage certificates and authentication to control user access and activity.

This instructor-led, live training in Cascais (online or onsite) is aimed at information analysts who wish to learn the techniques and processes behind social engineering so as to protect sensitive company information.

By the end of this training, participants will be able to:

• Set up the necessary development environment to start creating custom malware.
• Backdoor legitimate web applications undetected.
• Deliver evil files as normal file types.
• Use social engineering techniques to lead targets into a fake website.