FreeCourse
edXSelf-pacedNewly added
Welcome to the RecertHero soft launch!
Submit bugs, feature requests, and feedbackCompTIA · Self-paced
Self-paced opportunities that count toward CySA+ renewal — on-demand courses, video lessons, and self-study tracks you can finish on your own schedule. RecertHero estimates the CEU value of every opportunity, so you can plan toward the 60 CEUs CySA+ requires every 3 years — without re-keying each entry into CompTIA's portal.
38 results mapped to CySA+, soonest first.
Multi-course professional certificate program on edX. Self-paced with verified certificate option. Visit the program page for full curriculum, institution, and pricing details.
AI For Incident Responders — self-paced course on Cybrary. Visit the course page for full details and prerequisites.
This program equips cybersecurity professionals, IT teams, and system administrators with the foundational knowledge and practical skills needed to identify, analyze, and remediate vulnerabilities across modern enterprise environments. You’ll start by understanding the vulnerability assessment lifecycle, exploring how weaknesses emerge in networks, systems, and web applications, and learning the principles behind risk, exposure, and exploitability. Next, you’ll dive into hands-on vulnerability assessment techniques, using tools such as Nmap, Nikto, and open-source scanners to perform host discovery, service enumeration, and web application checks. You’ll learn how to validate findings, classify severity using structured scoring methods, and document vulnerabilities effectively for organizational reporting. You’ll then advance into vulnerability management, where you’ll design patching workflows, apply configuration hardening practices, automate remediation tasks, and perform post-fix validation. You will also learn how to build governance processes, track metrics, and create dashboards that support long-term risk reduction and audit readiness. By the end of this program, you will be able to: - Explain the core concepts of vulnerability assessment and the full assessment lifecycle. - Distinguish between vulnerabilities, threats, risks, and exploits in enterprise environments. - Conduct network and web vulnerability scans using open-source tools such as Nmap and Nikto. - Validate scan results, classify vulnerabilities, and prioritize remediation using risk-based scoring. - Implement patch management, configuration hardening, and automated remediation techniques. - Design and document a vulnerability management program aligned with governance requirements. - Create consolidated reports and dashboards to track vulnerabilities and support compliance. This course is designed for cybersecurity engineers, SOC analysts, network administrators, DevOps practitioners
Multi-course professional certificate program on edX. Self-paced with verified certificate option. Visit the program page for full curriculum, institution, and pricing details.
Multi-course professional certificate program on edX. Self-paced with verified certificate option. Visit the program page for full curriculum, institution, and pricing details.
Advanced Malware Analysis Redux — self-paced course on Cybrary. Visit the course page for full details and prerequisites.
Advanced Cyber Threat Intelligence 2020 07 09 — self-paced course on Cybrary. Visit the course page for full details and prerequisites.
Build a complete event collection and response architecture in Microsoft Sentinel. Set up and secure a Microsoft Sentinel workspace, deploy Content Hub solutions, connect Azure resource data, collect Linux and Windows security events with data collection rules, implement automated response workflows with Logic Apps playbooks, and manage data retention for compliance.
Updated in May 2025. This course now features Coursera Coach! A smarter way to learn with interactive, real-time conversations that help you test your knowledge, challenge assumptions, and deepen your understanding as you progress through the course. In this course, you’ll gain the foundational knowledge needed to respond effectively to cybersecurity incidents. You will be introduced to the key elements of identifying and analyzing cyber threats, attacks, and vulnerabilities. Throughout the course, you'll develop the skills to assess the security posture of a network and prepare a response to potential incidents. By the end, you'll have a comprehensive understanding of the cybersecurity landscape, empowering you to safeguard and protect organizational systems. The course begins with an in-depth exploration of the different types of cyber threats and actors, as well as the common attack vectors they use. You will learn how attacks are structured, their motives, and the impact they may have on businesses and individuals. In addition to understanding the threats, you'll delve into tools and techniques for vulnerability scanning, penetration testing, and network and system reconnaissance, all critical for identifying weaknesses before an attack happens. As you progress, the course will focus on gaining access through various attack techniques, including web app scanning, social engineering, and wireless attacks. You will also dive deeper into post-exploitation tactics such as data exfiltration, pivoting, lateral movement, and maintaining persistence. Equipped with these skills, you'll be able to recognize when an attack is underway and respond appropriately. This course is ideal for aspiring cybersecurity professionals or those looking to enhance their skills in incident response. It’s designed for individuals with a basic understanding of IT concepts, and while no advanced technical knowledge is required, familiarity with networking and security basics will hel
This course is meticulously designed for cybersecurity professionals eager to enhance their skills in identifying, analyzing, and mitigating vulnerabilities. Through hands-on lessons, you'll gain the expertise to implement effective vulnerability scanning methods, prioritize risks, and recommend strategic controls to protect against potential threats. Equip yourself with the knowledge to not only understand vulnerabilities but also to proactively defend against them, ensuring your organization's security posture remains robust and resilient.
Detecting Malicious Activity in Large Enterprises Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed. In this webcast, SANS author Matt Bromiley and Chronicle Security's Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:In your current state, how much data are you ingesting/analyzing?How is your team writing detections? What types of metadata points are they looking for?How do you detect threats?Can you effectively scale detections across your data sets?How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant? Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.WebinarDigital Forensics and Incident Response Presented: 10 Sep 2020 Technical Presentation View details
How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix Understanding adversary tactics and techniques based on real-world observations are critical to building more effective threat detection and hunting capabilities. The context provided by data sources is what enables us to make actionable decisions. Still, it is limited to what raw data inputs we consume, as well as consuming enough of the right data to be able to mitigate, remediate and prevent future adversary activity. However, detecting malicious events is not the final solution to thwarting adversaries. Actions need to be taken, whether they are operational (e.g., stopping a malicious process) or strategic (e.g., securing an environment to prevent the execution of malicious processes). In this webinar, SANS and AWS Marketplace will discuss the exercise of applying the MITRE ATT&CK Matrix to the AWS Cloud. They will also explore how to enhance threat detection and hunting in an AWS environment to maintain a strong security posture. Attendees will learn how to:Apply the MITRE ATT&CK Matrix to classify and understand cloud-based techniquesCreate an effective detection strategy and uncover what data sources are requiredBreak down and recognize detections by security product capabilities and data sourcesLeverage threat intel for improved detectionUse AWS services and third-party solutions to support their threat detection and hunting strategy Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.WebinarDigital Forensics and Incident Response Presented: 1 Sep 2020 Technical Presentation View details
Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs): Survey Results Any successful security operations center (SOC) will combine skilled people, effective processes and efficient technology. Previous SANS surveys have shown that the skills of the people are the prime prerequisite to enable organizations to define critical SOC processes; create use cases, hypotheses and plans; architect effective security solutions; and efficiently deploy, operate and maintain security systems. From that skills base, sophisticated technology and tools can be used as a force multiplier. CISOs and SOC managers who can reduce or close their critical skills gaps have the highest probability of minimizing business impact from cyberattacks when budgets and staffing are constrained. Webcast attendees will learn:Where hiring managers turn when sourcing potential new hiresWhich skill areas are most sought afterWhat technologies employers wish new hires had hands-on experience usingWhich security technologies are perceived as enabling organizations to delay or mitigate the need for additional staff Register today to be among the first to receive the associated whitepaper written by SANS Director of Emerging Security Trends, John Pescatore. Click here'to register for a companion webcast to be held at 1 PM ET on Thursday, July 30, 2020 ' a panel discussion with survey author John Pescatore and selected sponsors that digs more deeply in to the results.WebinarCyber Defense Presented: 29 Jul 2020 Technical Presentation View details
SANS Top New Attacks and Threat Report As we move into 2020, news reports have been filled with reports of deepfakes, attacks against election systems, quantum computing advances and more. SANS instructors Heather Mahalik, Ed Skoudis and Johannes Ullrich present their analysis of the new attack techniques currently in use that will affect you and share their projections for future exploits in a highly rated keynote presentation moderated by Alan Paller at the annual RSA Conference in San Francisco.In this webcast, SANS Director of Emerging Security Trends John Pescatore will highlight key themes from that report and other sources to provide:Coverage of the top new attacks and threats as defined in that presentationDeeper insight into overall cybersecurity trends on both the offensive and defensive sidesAdvice from SANS on the steps enterprises must take to evolve critical skills, processes and controls to mitigate current and future risksBe among the first to receive the associated whitepaper written by John Pescatore, SANS Director of Emerging Security Trends.WebinarCyber Defense Presented: 28 Apr 2020 Technical Presentation View details
2020 SANS Cyber Threat Intelligence (CTI) Survey Results Over the past several years, SANS has seen a gradual maturation of cyber threat intelligence (CTI) and its applications in information security. The 2019 CTI survey saw an increase in usage of and interest in CTI, along with a diversification in how the intelligence is being used by organizations. While the use of CTI continued to grow, it became evident that there is no one-size-fits-all approach. Organizations leverage different types of CTI to meet different needs.The 2020 Cyber Threat Intelligence (CTI) Survey builds on previous surveys to provide guidance on how organizations of all types can get the most out of CTI. Attendees at this webcast will gain insight into:How consumers and generators of CTI leverage, create and measure intelligenceWhat progress has been made on automation of intelligence collection and processingWhat improvements organizations have realized as a result of using CTIWhich best practices are in use across respondents' organizationsRegister today to be among the first to receive the associated whitepaper written by SANS instructor and CTI expert Robert M. Lee.Click here to register for a panel discussion of the survey results on Thursday, February 13, 2020, at 1PM Eastern. On this webcast, Robert M. Lee and sponsor speakers will explore how these results can improve CTI programs.WebinarDigital Forensics and Incident Response Presented: 11 Feb 2020 Technical Presentation View details
Building and Maturing Your Threat Hunt Program While threat hunting sounds exciting--and promising--building an effective program can be daunting. The very definition of threat hunting is fluid, creating confusion about how to use it. Practitioners often have varying opinions about what would be involved in a threat hunt program and how to use it. And, there are many questions about how to develop a program that can evolve into an effective, mature one.In this new SANS webcast, SANS instructor Davis Szili, with insights from a Cisco representative, will help attendees define threat hunting and create an effective process for using it.'the webcast will address getting started, including building a team, what a typical hunt might look like and building a knowledge base for later use. 'Attendees also will learn how to create a test lab and use effective metrics.Register now and be among the first to receive the associated white paper written by David Szili.WebinarDigital Forensics and Incident Response Presented: 25 Jun 2019 Technical Presentation View details
Empowering Incident Response via Automation Despite advances in incident response, the security community tells SANS there are plenty of things to fix. Automation is sometimes presented as the solution, but what does that mean? In a new SANS webcast and paper, we will talk about automation to empower your employees and make them more successful.While we are making noticeable advancements in some areas, such as dwell times, there's still significant room for improvement in automation. Join us to examine some of the critical issues facing incident responders today. These issues, which may vary in your organization, typically include:The inability to move from remediation/eradication to recoveryMonotonous and/or laborious processes that eat up time that could be spent dealing with incidentsLack of data enrichment to help make investigative decisionsLack of investigative tracking mechanisms to help teams "learn from the past"Register to attend this webcast and be among the first to receive the associated whitepaper written by SANS community instructor and analyst, Matt Bromiley.WebinarDigital Forensics and Incident Response Presented: 22 Mar 2019 Technical Presentation View details
Open Season on Cyberthreats: Part I- Threat Hunting 101 Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.In Part 1 of the webcast, attendees will gain insight into:What threat hunting entailsWhat pitfalls stand in the way of attaining actionable resultsWhat organizations are discovering through threat huntingPart 2 of the webcast, held on Friday, April 15, 2016 at 1:00 p.m. Eastern, will focus on threat hunting methodologies and tools. Be among the first to receive the associated whitepaper written by threat hunting expert and SANS Analyst Eric Cole.View the associated whitepaper here.Enrich your Threat Hunting skills by attending the Threat Hunting and Incident Response Summit | New Orleans, LA | Tuesday, Apr 12-19, 2016.WebinarDigital Forensics and Incident Response Presented: 14 Apr 2016 Technical Presentation View details
A 15-minute primer on running Atomic Red Team tests safely against your own detections. Covers test selection, scoping, and how to feed results back into detection engineering.
How to author, test, and tune Sigma detections that survive contact with reality. Covers ATT&CK alignment, false-positive triage, and a CI pipeline for detections-as-code.
Hands-on learning path on TryHackMe covering Azure Security. Self-paced sequence of practical rooms with live attacker/defender labs. Some rooms are free; full path access included in a TryHackMe subscription.
Hands-on learning path on TryHackMe covering Attacking and Defending AWS. Self-paced sequence of practical rooms with live attacker/defender labs. Some rooms are free; full path access included in a TryHackMe subscription.
Hands-on learning path on TryHackMe covering Security Engineer Training. Self-paced sequence of practical rooms with live attacker/defender labs. Some rooms are free; full path access included in a TryHackMe subscription.
Hands-on learning path on TryHackMe covering SOC Level 1. Self-paced sequence of practical rooms with live attacker/defender labs. Some rooms are free; full path access included in a TryHackMe subscription.
ImportantRecertHero is an independent aggregator. Credit estimates are guidance only — always verify with your certifying body.