- Kamilia Amdouni
- Women in Cyber ITU
- Janina Kempf
Introductory
Does this course have any restrictions?
Event Organizer(s)
Supported by
Description
The objective of Her CyberTracks is to promote the equal, full, and meaningful representation of women in cybersecurity. To this end, this training course equips women with the necessary skills and mindsets to succeed in cybersecurity through targeted cyber capacity building.
Her CyberTracks offers a one-stop curriculum based on four pillars:
- TRAIN: Develop capacity to contribute to a secure and resilient cyberspace. We provide expert training courses, delivered online and on-site, to equip women with the technical and soft skills needed to shape cybersecurity
- MENTOR: Promote awareness and knowledge sharing of best practices in cybersecurity career development. We provide a platform for senior cyber professionals to mentor women at junior level and foster their professional and personal growth
- INSPIRE: Positive role models in cybersecurity inspire and empower further women to actively participate and lead in the field. We organize inspirational keynote webinars, regional networking meetings and study visits to shift perceptions and (rightly) position women as valuable additions to the cybersecurity workforce
- NETWORK: We organise networking events to establish resilient connections amongst cybersecurity experts within and across the regions
The curriculum includes the Her CyberTracks regional trainings, composed of on-site activities featuring soft skills masterclasses, simulations and hands-on exercises, mentorship circles, study visits to cybersecurity organisations, and engaging networking opportunities.
Participants may choose among four available CyberTracks: Policy & Diplomacy CyberTrack, Incident Response CyberTrack, Criminal Justice CyberTrack and Cyber & AI CyberTrack.
Who is eligible to participate:
The Her CyberTracks programme is being offered specifically to women residing in target countries of Africa, Americas, Arab States, Asia Pacific, CIS and Europe.
Target countries from Africa: Angola, Benin, Botswana, Burkina Faso, Burundi, Cabo Verde, Cameroon, Central African Republic, Chad, Congo, Congo (Dem. Rep), Côte d’Ivoire, Egypt, Equatorial Guinea, Eritrea, Ethiopia, Gambia, Ghana, Guinea-Bissau, Kenya, Lesotho, Liberia, Madagascar, Malawi, Mali, Mauritius, Morocco, Mozambique, Namibia, Niger, Nigeria, Rwanda, São Tomé and Príncipe, Senegal, Seychelles, Sierra Leone, South Africa, South Sudan, Tanzania, Togo, Uganda, Zambia, Zimbabwe.
Target countries from the Americas: Antigua and Barbuda, Bahamas, Barbados, Belize, Bolivia, Chile, Colombia, Costa Rica, Dominican Republic, Ecuador, El Salvador, Grenada, Guatemala, Guyana, Honduras, Jamaica, Mexico, Panama, Paraguay, Peru, Saint Lucia, Saint Vincent and the Grenadines, Suriname, Trinidad and Tobago, Uruguay
Target countries from Arab States: Algeria, Djibouti, Comoros, Libya, Mauritania, Somalia, Tunisia.
Target countries from Asia and the Pacific: Bangladesh, Bhutan Cambodia, Fiji, Indonesia, Kiribati, Lao P.D.R., Maldives, Marshall Islands, Micronesia, Nepal, Papua New Guinea, Philippines, Samoa, Solomon Islands, Thailand, Timor-Leste, Tonga, Tuvalu, Vanuatu, Viet Nam
Target countries from CIS and Europe: Albania, Armenia, Bosnia and Herzegovina, Moldova, Montenegro, North Macedonia, Serbia, Ukraine
Target audience for the Incident Response CyberTrack: Women working in IT with basic understanding of cybersecurity and wishing to enter cybersecurity, women at entry level working in CERT/SOC teams.
- Participants must have a minimum of 2-3 years of experience in IT/network systems administration or at least 1 year experience working in a public sector or (private) critical infrastructure sectors’ computer emergency response team or security operations center;
- Participants must have a good working knowledge of English (main language of delivery and of the training materials). Some parts of the Incident Response CyberTrack curriculum will be available in French and Spanish (some self-paced e-learning courses);
- Willingness and ability to allocate circa 15 hours per month for six months;
- Access to stable Internet connection;
- There are no age restrictions.
Upon completion of this course, participants will be able to:
- Discuss and explain cybersecurity concepts, incident response frameworks, including how to differentiate between IT disruptions and incidents, take practical steps to assist affected parties, and understand the roles and responsibilities within CERTs
- Demonstrate ability to use entry-level tools and techniques commonly used in the incident management lifecycle;
- Explain the influence of AI from an Incident Response perspective
- Define key terms, concepts, and topics in cyber threat intelligence, including the identification of threat actors, their motivations, and common threats to IT systems.
- Outline digital forensics principles, methodologies, and tools
- Apply soft skills, such as communication and teamwork in a professional setting.
The training approach incorporates a blend of self-paced and interactive learning methodologies to effectively achieve the training objectives:
- Self-paced courses: Participants will watch self-paced video presentations covering theoretical frameworks. This allows individuals to digest the content at their own pace, fostering a foundational understanding of key concepts;
- Live instructor-led Zoom sessions: Complementing the self-paced learning, live instructor-led Zoom sessions offer interactive opportunities for participants. These sessions will delve deeper into the material, facilitating discussions, regional case studies, and reflective exercises. Exact day and time of the sessions will be communicated in due time, however, please note that they will be in GMT+1 time zone. Recordings will be made available. These will follow mandatory forum contributions;
- Face-to-face simulations and group exercises: To reinforce theoretical knowledge and practical skills, face-to-face simulations and group exercises will be conducted. This hands-on approach enables participants to apply their learning in real-world scenarios, promoting collaborative learning and skills’ development;
- Mentorship: Mentorship by subject matter experts will be available to provide guidance, support, and personalized feedback throughout the training journey.
The assessment methods for measuring the achievement of learning objectives encompass a combination of knowledge assessments and practical evaluations:
- Quizzes: Following each self-paced module, participants will undertake a quiz to gauge their comprehension of the theoretical frameworks and content covered. These quizzes will contribute to assessing the understanding of key concepts and principles;
- Mandatory forum contribution following each online instructor-led sessions;
- Active participation to mentorship sessions;
- Face-to-Face Simulations and Group Exercises: The practical application of learned concepts during face-to-face simulations and exercises will be evaluated using a structured evaluation framework. Participants' performance in these hands-on activities will be assessed based on predefined criteria, such as problem-solving ability, decision-making skills, and teamwork. The weights assigned to these evaluations will reflect their significance in demonstrating competency and skill mastery.
The grading matrix will allocate weights as follows:
Face-to-face
- Online self-paced and instructor-led courses 40%
- Active participation to mentorship sessions 20%
- Face-to-face simulations and group exercises 40%
Online
- Online self-paced and instructor-led courses 60%
- Active participation to mentorship sessions 40%
A total score higher than 70% is required to obtain the ITU Certificate.
Module 1: Cybersecurity Fundamentals
- Define core cybersecurity terms, concepts, and frameworks
- Identify key threat actors, their motivations, and common cyber threats
- Introduction to incident response cybersecurity frameworks and standards
Module 2: Digital First Responder
- Explain the difference between an IT disruption and an IT incident
- List practical steps to follow to help those affected in the event of an IT disruption.
- Recognize IT incidents, which practical steps to follow to help those affected, as well as who to refer to.
Module 3: Cyber Drill Preparation
- Prepare for the cyber drill scenarios.
- Use CR platform and digital tools to be used during the exercises
Module 4: Incident Response
- Identify the roles and responsibilities of personnel in CERTs (Computer Emergency Response Teams)
- Introduction to event monitoring tools and the techniques that Incident Responders use in the identification and prevention phases of cyber security incidents.
Module 5: Cyber Threat Intelligence (CTI)
- What is Cyber Threat Intelligence (strategic vs technical intelligence and the intelligence funnel)?
- How CTI can be leveraged in the CERT/SOC environment?
- Explain the intelligence lifecycle Cyber Threat Intelligence is essential for identifying and mitigating potential security risks in the digital landscape.
- This course will show you how to use cyber threat intelligence effectively, involving gathering insights from multiple sources, processing and analyzing data, and disseminating results to relevant stakeholders
Module 6: Digital Forensics
- Explain digital forensics principles and methodologies
- Compare Incident Management vs Digital Forensics
- Analyse the potential conflict of business continuity vs evidence preservation
- Examine the complexity of digital forensics
- Explain how digital evidence is produced (identification, collection and analysis of artifacts)
Module 7: AI-Enhanced Incident Management and Its Risks
- Outline the role of AI in Threat Intelligence and Incident Response
- Debunk Myths from AI buzz
- Compare the real Risks and Benefits of AI for Threat Intelligence and Incident Response
Module 8: Masterclass & Onsite Simulation
- Masterclass on public speaking
- CyberDrill with Cyber Ranges
- CTI (e.g. MITRE ATT&CK exercise using the platform)
- Cross-track hands-on exercise (new TTX about cross-sectoral cooperation (e.g. data protection, biometrics, AI, etc.)
- Study visit to local partner
- Mentorship circles
Registration information
Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.
