Cyber Training Updates
September - October 2025
Highlights: What’s New?
-
Exciting News! Two new Community spaces have been created for individuals interested in cyber training: the Federal Cyber Defense Skilling Academy and the Cybersecurity Awareness, Training, Education, and Research Community of Interest (CATER COI). For those federal employees who are interested in connecting with others in the cybersecurity training community, visit the CATER COI Community page, where you’ll find meeting notes from past meetings, as well as information on upcoming meetings.
This series provides training assistance to cyber incident responders to help them prepare for, identify, assess, mitigate and report cyber events. This series includes 100-level one-hour webinars for a general audience and 200-level virtual training courses with cyber range lab activities where participants can learn and practice investigation, remediation, and incident response skills. The course audience is government employees and contractors at all levels—federal, state, local, tribal, and territorial—as well as educational and critical infrastructure partners. For more information, email cyberinsights@cisa.dhs.gov.
To learn more or register visit: Incident Response Training | CISA
Eligible Audience: Open to federal employees and supporting contractors, state, local, tribal, and territorial, and critical infrastructure partners.
This training series provides training assistance to cyber practitioners so they can enable secure systems by strengthening their cyber defenses against vulnerabilities, weaknesses, and threats. This series includes 100-level one-hour webinars for a general audience and 200-level virtual training courses with cyber range lab activities. The course audience is government employees and contractors at all levels—federal, state, local, tribal, and territorial—as well as educational and critical infrastructure partners. For more information, email cyberinsights@cisa.dhs.gov.
To learn more or register visit: Incident Response Training | CISA
Eligible Audience: Open to federal employees and supporting contractors, state, local, tribal, and territorial, and critical infrastructure partners.
CISA instructor led, hands-on CDM Dashboard training for Federal Civilian Executive Branch (FCEB) employees and contractors in a cyber virtual learning environment (CVLE). The virtual and in-person training events enhance the dynamic CDM approach to fortifying the cybersecurity of government networks and systems. These courses are designed for personnel at agencies participating in the CDM program who monitor, manage, or oversee controls on their information systems such as ISSOs, CDM POCs, ISSMs and those reporting metrics.
These CDM trainings enable participating FCEB agencies to improve their networks and defend against cyber adversaries. The CDM training provides detailed class discussion with real world simulated computer labs using a cyber virtual learning environment. The training will teach participants the basics of CDM and how to use the CDM Dashboard capabilities to help mitigate agency threats. We will also offer various CDM resources and external references.
Currently, the courses use version ES 6.4 of the CDM Dashboard within the cyber virtual learning environment. The current content focuses on the most recent version of the dashboard, including FISMA Automation, HVA reporting, CyHy (Cyber Hygiene) and SCuBA (Secure Cloud Business Applications), and other dashboard capabilities. Current CDM courses are offered at the 100-level (Introductory) and 200-level (Intermediate).
To learn more or register visit: Continuous Diagnostics and Mitigation Training | CISA
Eligible Audience: Open to federal employees and supporting contractors.
CISA provides free, virtual ICS trainings for critical infrastructure owners and operators. These sessions aim to reduce cybersecurity risks to critical infrastructure and promote collaboration between CISA and the private sector. Training sessions vary in length and are held from 8:00 a.m. to 5:00 p.m. MT (10:00 a.m. to 7:00 p.m. ET). Most trainings are conducted online through the CISA Virtual Learning Portal (VLP), except for the three- or four-day in-person courses held at Idaho National Labs (INL) in Idaho Falls, ID.
*The ICS300 online course is a prerequisite for attending the in-person ICS301 training hosted by CISA at the Idaho National Laboratory. This ICS300 course focuses on many of the hands-on skills needed to protect and secure Industrial Control Systems and Operational Technology networks. The ICS401 course is available either online (ICS401V) or in-person (ICS401L).
To learn more or sign up, visit: ICS Training Calendar
Eligible Audience: Primary audience is critical infrastructure partners, however, federal, state, local, tribal, and territorial employees with critical infrastructure responsibilities are also eligible
CISA is now offering Skilling Continuation Labs (SCLs), which are part of CISA’s ongoing goal to better equip the cyber workforce with the skills needed to defend our country against cyber threats. This new series of hands-on training opportunities cover specific cyber topics and use cases that are tied to CISA guidance and publications (All Resources & Tools | CISA). These labs are standalone training sessions and are not part of a curriculum, allowing the learner to focus solely on the topic of interest, minimizing training time as the labs strengthen the role of the cyber workforce!
The SCLs cover:
-
Network Segmentation – associated with CISA’s Securing Network Infrastructure Devices guidance, this topic is crucial to defending cyber threats as these devices are ideal targets for malicious cyber actors
-
Enhanced Security with DNS – leveraging CISA’s Encrypted Domain Name System (DNS) Implementation Guidance and the Protective Domain Name System Resolver, this topic is part of the vital effort to advance and strengthen zero trust cybersecurity across agencies
-
Living Off the Land Attacks – using CISA’s techniques, in cooperation with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), this lab provides threat detection information and mitigations applicable to LOTL activities, regardless of threat actor covering malware attacks and how effective logging can detect them.
-
Automated Defenses – using CISA’s best practices for denial-of-service attacks, this lab covers the concept of automated defenses, demonstrating endpoint detection and response (EDR). It shows how to mitigate denial of service attacks using firewall throttling techniques and the use of honeypots.
-
XZ Utils – A Case Study on Supply Chain Trust – applying CISA’s XZ Utils Vulnerability prevention method, this lab applies supply chain trust, using SBOMs to manage vulnerabilities in open source software. A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. This lab guides the learner through an XZ Utils supply chain trust scenario.
-
Secure Programming – using the CISA Secure by Design approach, this lab examines any flaws in code that could lead to overflow attacks and details how to prevent them from occurring. The lab focuses on SQL and OS command injection vulnerable and exploitable code.
These Skilling Continuation Labs were created for cyber professionals with some IT/cyber experience who fall into the upper beginner to lower intermediate cyber skill range. These labs are available to play in the President’s Cup Practice Area. We are confident these labs will provide a continuation of skills for the cyber professional.
Eligible Audience: Open to federal employees and military only.
Are you interested in exploring additional training opportunities to help you grow and develop in the cybersecurity field? Recently refreshed with a new look and feel, the National Initiative for Cybersecurity Careers and Studies (NICCS) Education & Training Catalog contains thousands of virtual and in-person courses for cybersecurity professionals of all skill levels. These courses are mapped to the Workforce Framework for Cybersecurity (NICE Framework), which can help you select courses that build the knowledge and skills you need to be successful in a variety of different cybersecurity career paths.
Visit the Education & Training Catalog today and use the interactive map and filters to search for courses that will increase your expertise, prepare you to earn a cybersecurity certification, and help you transition to a new career or position. Questions or feedback regarding the cybersecurity courses listed in the Catalog? Please email NICCS@cisa.dhs.gov.
Want to subscribe to the newsletter? Sign up a co-worker or friend? Enter your email here Cybersecurity and Infrastructure Security Agency to receive this Cyber Training Bulletin every month!
For additional information about ongoing cyber training, contact us at cybertraining@cisa.dhs.gov.
|
