Cyber Training Updates
July - September 2025
Highlights: What’s New?
-
New Course Announcement! The two-day virtual Cloud Incident Response series continues in July, August, and September with two new courses: Azure Incident Detection and Response on July 15-16 and Advanced Azure Incident Response Strategies and Techniques on August 5-6, August 26-27, and September 9-10.
-
New Course Announcement! Join us July 22-23 for our first course in a brand-new Anatomy of an Attack series - “Hunting the Hidden: A Volt Typhoon Adversary Emulation Workshop.” This two-day interactive virtual course with cyber range lab activities will dive deep into Living off the Land Techniques.
-
New Course Announcement! Anatomy of an Attack Series - “Ransomware Unmasked: A Blue team Simulation and Investigation Workshop” - this one-day virtual cyber range lab course will be offered on two days, September 16 and September 17.
-
New Course Announcement! “Living off the Land: An Intrusion Technique Overview” is a new entry-level webinar on July 22. Then, join us on August 15 for a cyber range training course “Interactive Training: Living off the Land Strategies for Cyber Defense.”
-
New Course Announcement! Our Incident Response Triage Series is combined into a five-day in-person (Arlington, VA) course. Join us July 28-Aug 01 or September 8-12 for a powerful entry-level Incident Response course “Enterprise Cyber Threat Analysis and Response.”
-
New Course Announcement! On August 16, join us for a one-hour webinar on the CISA tool “Logging Made Easy (LME).”
-
New Skilling Continuation Labs (SCLs) Announcement! CISA is now offering Skilling Continuation Labs (SCLs), which are part of CISA’s ongoing goal to better equip the cyber workforce with the skills needed to defend our country against cyber threats. This new series of hands-on training opportunities cover specific cyber topics and use cases that are tied to CISA guidance and publications.
-
New Zero Trust CISA Webpage! CISA has a new webpage Zero Trust | CISA which is designed to assist in the adoption and implementation of Zero Trust principles across federal agencies. It provides comprehensive resources, frameworks, and collaborative opportunities to ensure agencies can achieve a secure, data-centric cybersecurity posture.
The purpose of CISA’s Skilling Academy is to provide cybersecurity training for full-time federal employees, promoting collaboration and interactive learning to protect, defend, respond, and reduce risk to our nation’s critical infrastructure from cyber threats.
The Skilling Academy offers two types of trainings:
-
Micro-courses: These condensed, self-paced, 100% virtual trainings are designed to equip students with foundational and specialized cybersecurity skills. Each course emphasizes practical training to ensure that participants gain real-world experience in protecting and defending against cyber threats. The micro-courses range from 40 to 80 hours in duration.
-
Pathways: These offerings are live, virtual, intense, full-time, one to three-month accelerated training offerings. Pathway students are provided with valuable opportunities to practice cybersecurity skills in lab environments, which are led by an online instructor.
Eligibility: All full-time federal employees, in any job series and any grade or grade equivalent for non-General Schedule (GS) employees, are eligible to apply to CISA's Federal Cyber Defense Skilling Academy. Government contractors are not permitted to participate.
Participation in the Skilling Academy is prioritized for individuals from departments and agencies within the Federal Civilian Executive Branch. Applications from other federal government entities are welcome and will be considered based on course availability and program requirement.
Micro-Courses
|
|
Micro-Course Title & Session Number
|
Length
|
Course Start & End Date
|
Applications Close Date*
|
|
Basics of Threat Analysis - Session 3
|
2 weeks (80 hours)
|
7/28/2025 - 8/8/2025
|
7/11/2025 (5pm ET)
|
|
Introduction to Incident Detect/Respond/Handling - Session 3
|
2 weeks (80 hours)
|
8/18/2025 - 8/29/2025
|
8/1/2025 (5pm ET)
|
Pathway Courses
|
|
Pathway Title & Session Number
|
Length
|
Course Start & End Date
|
Applications Close Date*
|
|
AI/ML Pathway - Session 1 (Rescheduled)
|
4 weeks
|
7/14/2025 - 8/8/2025
|
6/27/2025 (5pm ET)
|
|
Vulnerability Analysis - Session 2
|
4 weeks
|
8/4/2025 - 8/29/2025
|
7/18/2025 (5pm ET)
|
|
Digital Forensics - Session 2
|
4 weeks
|
8/4/2025 - 8/29/2025
|
7/18/2025 (5pm ET)
|
|
AI/ML Pathway - Session 3
|
4 weeks
|
8/25/2025- 9/19/2025
|
8/8/2025 (5pm ET)
|
*The application window will close when each micro-course reaches 30 applicants, which may be sooner than the application close date.
More courses and additional dates for the listed courses are available. For more information and instructions on how to apply, send an email to SkillingAcademy@mail.cisa.dhs.gov
This series provides training assistance to cyber incident responders to help them prepare for, identify, assess, mitigate and report cyber events. This series includes 100-level one-hour webinars for a general audience and 200-level virtual training courses with cyber range lab activities where participants can learn and practice investigation, remediation, and incident response skills. The course audience are government employees and contractors at all levels - federal, state, local, tribal, and territorial, as well as educational and critical infrastructure partners. For more information, email cyberinsights@mail.cisa.dhs.gov
Events
|
|
Date
|
Course Code
|
Registration Opens
|
Course
|
Hours
|
|
7/2/2025
|
IR108
|
6/02/2025
|
Understanding Indicators of Compromise Webinar
|
1
|
|
7/15/2025-7/16/2025
|
IRC221
|
6/15/2025
|
Azure Incident Detection and Response - NEW
|
16
|
|
7/22/2025-7/23/2025
|
IR223
|
6/22/2025
|
Anatomy of an Attack Series - Hunting the Hidden: A Volt Typhoon Adversary Emulation Workshop - NEW
|
16
|
|
7/28/2025-8/1/2025
|
IR225
|
6/28/2025
|
Enterprise Cyber Threat Analysis and Response 5-Day Course (In-person) - NEW
|
40
|
|
8/5/2025-8/6/2025
|
IRC222
|
7/5/2025
|
Advanced Azure IR Strategies and Techniques - NEW
|
16
|
|
8/7/2025
|
IR211
|
7/7/2025
|
Using the CISA Incident Response Playbook at your Organization
|
4
|
|
8/12/2025
|
IR208
|
7/12/2025
|
Understanding Indicators of Compromise Cyber Range Training
|
4
|
|
8/26/2025-8/27/2025
|
IRC222
|
7/26/2025
|
Advanced Azure IR Strategies and Techniques - NEW
|
16
|
|
9/08/2025- 9/14/2025
|
IR225
|
8/8/2025
|
Enterprise Cyber Threat Analysis and Response 5-Day Course (In-person)
|
40
|
|
9/10/2025
|
IRC222
|
8/10/2025
|
Advanced Azure IR Strategies and Techniques – NEW (2-Day Course)
|
8
|
|
9/16/2025-9/17/2025
|
IRC224
|
8/16/2025
|
Anatomy of an Attack Series - Ransomware Unmasked: A Blue Team Simulation & Investigation Workshop (day 1 of 2)
|
16
|
|
9/19/2025
|
IR111
|
8/19/2025
|
Using the CISA Incident Response Playbook at Your Organization Webinar
|
1
|
To learn more or register visit: IR Training | CISA
Eligible Audience: Open to federal and supporting contractors, state, local, tribal, and territorial, and critical infrastructure partners.
This training series provides training assistance to cyber practitioners so they can enable secure systems by strengthening their cyber defenses against vulnerabilities, weaknesses, and threats. This series includes 100-level one-hour webinars for a general audience and 200-level virtual training courses with cyber range lab activities. The course audience are government employees and contractors at all levels - federal, state, local, tribal, and territorial - as well as educational and critical infrastructure partners. For more information, email cyberinsights@mail.cisa.dhs.gov
Events
|
|
Date
|
Course Code
|
Registration Opens
|
Course
|
Hours
|
|
7/10/2025
|
SS204
|
6/10/2025
|
Defending Internet Accessible Systems Cyber Range Training
|
4
|
|
7/17/2025
|
SS213
|
6/17/2025
|
Implementing SaaS Guidelines Cyber Range Training
|
4
|
|
7/22/2025
|
SS130
|
6/22/2025
|
Living off the Land (LoTL): An Intrusion Technique Overview - NEW
|
1
|
|
7/24/2025
|
SS206
|
6/24/2025
|
Preventing DNS Infrastructure Tampering Cyber Range Training
|
4
|
|
7/29/2025
|
SS210
|
6/29/2025
|
Introduction to Log Management with Cyber Range
|
4
|
|
8/15/2025
|
SS230
|
7/15/2025
|
Interactive Training: Living off the Land (LoTL) Strategies for Cyber Defense - NEW
|
4
|
|
8/19/2025
|
SS132
|
7/19/2025
|
Introduction to the CISA Logging Made Easy (LME) Solution Webinar - NEW
|
1
|
|
8/21/2025
|
SS205
|
7/21/2025
|
Preventing Web and Email Server Attacks Cyber Range Training
|
4
|
|
8/28/2025
|
SS110
|
7/28/2025
|
Introduction to Log Management Webinar
|
1
|
|
9/5/2025
|
SS230
|
8/5/2025
|
Living off the Land (LOTL) Strategies for Cyber Defense Cyber Range Training - NEW
|
4
|
|
9/10/2025
|
SS133
|
8/10/2025
|
An Overview of the ScubaGoggles Assessment Tool Webinar - NEW
|
1
|
|
9/11/2025
|
SS210
|
8/11/2025
|
Introduction to Log Management Cyber Range Training
|
4
|
|
9/16/2025
|
SS204
|
8/16/2025
|
Defending Internet Accessible Systems Cyber Range Training
|
4
|
|
9/23/2025
|
SS209
|
8/23/2025
|
Defending Against Ransomware Attacks Cyber Range Training
|
4
|
To learn more or register visit: IR Training | CISA
Eligible Audience: Open to federal and supporting contractors, state, local, tribal, and territorial, and critical infrastructure partners.
We provide instructor led, hands-on CDM Dashboard training for Federal Civilian Executive Branch (FCEB) employees and contractors in a virtual cyber range training environment. The virtual and in-person training events enhance the dynamic CDM approach to fortifying the cybersecurity of government networks and systems. These courses are designed for personnel at agencies participating in the CDM program who monitor, manage, or oversee controls on their information systems such as ISSOs, CDM POCs, ISSMs and those reporting metrics.
These CDM trainings enable participating FCEB agencies to improve their networks and defend against cyber adversaries. The CDM training provides detailed class discussion with real world simulated computer labs using a cyber virtual learning environment. The training will teach participants the basics of CDM and how to use the CDM Dashboard capabilities to help mitigate agency threats. We will also offer various CDM resources and external references.
Currently, the courses use version ES 6.4 of the CDM Dashboard within the cyber virtual training range (CVLE). The current content focuses on the most recent version of the dashboard, including FISMA Automation, HVA reporting, CyHy (Cyber Hygiene) and SCuBA (Secure Cloud Business Applications), and other dashboard capabilities. Current CDM courses are offered at the 100-level (Introductory) and 200-level (Intermediate).
Events
|
|
Date
|
Course Code
|
Registration Opens
|
Course
|
Hours
|
|
7/01/2025
|
CDM141
|
6/01/2025
|
Introduction to the CDM Agency Dashboard
|
4
|
|
7/08/2025
|
CDM203
|
6/08/2025
|
CDM Dashboard Role-Based Training - System Analyst
|
4
|
|
7/15/2025
|
CDM220
|
6/15/2025
|
CDM and Federal Directives
|
2
|
|
7/22/2025 - 7/23/2025
|
CDM111
|
6/22/2025
|
Analyzing Cyber Risk with the CDM Agency Dashboard (in person)
|
16
|
|
7/31/2025
|
CDM330
|
6/30/2025
|
Managing High Value Assets (HVA) Using the CDM Agency Dashboard
|
4
|
|
8/5/2025
|
CDM320
|
7/05/2025
|
Using the CDM Agency Dashboard to Respond to Federal Directives
|
4
|
|
8/14/2025
|
CDM141
|
7/14/2025
|
Introduction to the CDM Agency Dashboard
|
4
|
|
8/20/2025
|
CDM144
|
7/20/2025
|
Vulnerability and Risk Management with the CDM Agency Dashboard
|
4
|
|
8/26/2025
|
CDM142
|
7/26/2025
|
Asset Management with the CDM Agency Dashboard
|
4
|
|
9/3/2025 - 9/4/2025
|
CDM222
|
8/3/2025
|
Using the CDM Agency Dashboard to Advance Cyber Defense (In-Person)
|
12
|
|
9/9/2025
|
CDM320
|
8/8/2025
|
Using the CDM Agency Dashboard to Respond to Federal Directives
|
2.5
|
|
9/18/2025
|
CDM203
|
8/18/2025
|
CDM Dashboard Role-Based Training - System Security Analyst
|
4
|
|
9/25/2025
|
CDM340
|
8/25/2025
|
Managing Data Services Information Using the CDM Agency Dashboard
|
2.5
|
To learn more or register visit: CDM Training | CISA
Eligible Audience: Open to federal employees and supporting contractors
We offer free, virtual ICS trainings geared toward Critical Infrastructure owners and operators. The trainings are designed to reduce cybersecurity risks to critical infrastructure and encourage cooperation between CISA and the private sector. Trainings vary in length and run from 8:00 am-5:00 pm MT (10:00 am–7:00 pm ET). All trainings are conducted through Online Training or CISA Virtual Learning Portal (VLP), with the exception of the three- or four-day, in-person courses at Idaho National Labs (INL) in Idaho Falls, ID.
*The ICS300 online course is a prerequisite for attending the in-person ICS301 training hosted by CISA at the Idaho National Laboratory. This ICS300 course focuses on many of the hands-on skills needed to protect and secure Industrial Control Systems and Operational Technology networks. The ICS401 course is available either online (ICS401V) or in-person (ICS401L).
To learn more or sign up, visit: ICS Training Calendar
Eligible Audience: Primary audience is critical infrastructure partners, however, federal, state, local, tribal, and territorial employees with critical infrastructure responsibilities are also eligible
CISA is now offering Skilling Continuation Labs (SCLs), which are part of CISA’s ongoing goal to better equip the cyber workforce with the skills needed to defend our country against cyber threats. This new series of hands-on training opportunities cover specific cyber topics and use cases that are tied to CISA guidance and publications. (All Resources & Tools | CISA). These labs are standalone training sessions and are not part of a curriculum, allowing the learner to focus solely on the topic of interest, minimizing training time as the labs strengthen the role of the cyber workforce!
The SCLs cover:
-
Network Segmentation – associated with CISA’s Securing Network Infrastructure Devices guidance, this topic is crucial to defending cyber threats as these devices are ideal targets for malicious cyber actors
-
Enhanced Security with DNS – leveraging CISA’s Encrypted Domain Name System (DNS) Implementation Guidance and the Protective Domain Name System Resolver, this topic is part of the vital effort to advance and strengthen zero trust cybersecurity across agencies
-
Living Off the Land Attacks – using CISA’s techniques, in cooperation with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), this lab provides threat detection information and mitigations applicable to LOTL activities, regardless of threat actor covering malware attacks and how effective logging can detect them.
-
Automated Defenses – using CISA’s best practices for denial-of-service attacks, this lab covers the concept of automated defenses, demonstrating endpoint detection and response (EDR). It shows how to mitigate denial of service attacks using firewall throttling techniques and the use of honeypots.
-
XZ Utils – A Case Study on Supply Chain Trust – applying CISA’s XZ Utils Vulnerability prevention method, this lab applies supply chain trust, using SBOMs to manage vulnerabilities in open source software. A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. This lab guides the learner through an XZ Utils supply chain trust scenario.
-
Secure Programming – using the CISA Secure by Design approach, this lab examines any flaws in code that could lead to overflow attacks and details how to prevent them from occurring. The lab focuses on SQL and OS command injection vulnerable and exploitable code.
These Skilling Continuation Labs were created for cyber professionals with some IT/cyber experience who fall into the upper beginner to lower intermediate cyber skill range. These labs are available to play in the President’s Cup Practice Area. We are confident these labs will provide a continuation of skills for the cyber professional.
Looking for additional cybersecurity training, education, and career resources this summer? Be sure to visit the newly redesigned NICCS website, which has the same great content with even more information to share! NICCS now features updated navigation, new content and pages, updated features on interactive tools, and more. Here are a few highlights to check out:
- Redesigned NICE Workforce Framework for Cybersecurity (NICE Framework) and Cyber Career Pathways Tool that incorporate NICE Framework Components v2.0.0 updates
- Updated look and feel for the Education & Training Catalog, which includes thousands of in-person and online cybersecurity courses across the nation
- Refreshed PDF guides and new downloadable NICCS information materials · New Cybersecurity for Beginners page with guidance for individuals who are just getting started in cybersecurity
Visit NICCS today to explore these updates and more. Also, be sure to share this information with your colleagues and stakeholders. Can’t find what you’re looking for or have feedback on the refreshed website? Reach out to NICCS@mail.cisa.dhs.gov
Want to subscribe to the newsletter? Sign up a co-worker or friend? Enter your email here Cybersecurity and Infrastructure Security Agency to receive this Cyber Training Bulletin every month!
For additional information about ongoing cyber training, contact us at cybertraining@mail.cisa.dhs.gov
|
