Cyber Training Updates
February - March 2026
Highlights: What’s New?
- The application window for the Skilling Academy’s Systems Security Analysis Pathway Session 2 is now open! The application window will close when the course reaches 30 participants, so apply now!
- The President’s Cup Game of the Month February challenge is now live! The general public can sign up and compete. For more information, visit the President’s Cup Game of the Month web page.
-
New Course Announcement! On February 25th join us for a one-hour webinar for the “Overview of the ScubaGoggles Assessment Tool.” Whether you’re new to ScubaGoggles or looking to get more from your assessments, this session will give you a comprehensive overview, answer your questions, and demonstrate how this tool can help streamline your processes. Register here to secure your spot!
CISA’s Federal Cyber Defense Skilling Academy (Skilling Academy) provides widely recognized, 100% virtual, cybersecurity training for full-time federal employees, promoting collaboration and interactive learning in order to protect, defend, respond and reduce risk to our nation's critical infrastructure from cyber threats.
- In FY26, the Skilling Academy is offering full-time, virtual, and instructor-led training courses that provide students with baseline tasks, knowledge, and skills of various cyber work roles. Each pathway focuses on a specific cyber work role and at the end of the course, students will receive a voucher to take the accompanying certification exam.
Eligibility: All full-time United States federal employees, in any job series and any grade or grade equivalent for non-General Schedule (GS) employees, are eligible to apply to CISA's Federal Cyber Defense Skilling Academy. Selected participants within the Skilling Academy must retain their full-time employment status in the federal government for the duration of the course to maintain eligibility. Government contractors are not permitted to participate.
Participation in the Skilling Academy is prioritized for individuals from Departments and Agencies within the Federal Civilian Executive Branch. Applications from other federal government entities are welcome and will be considered based on course availability and program requirements.
Upcoming FY26 Skilling Academy Pathway Courses
|
|
Pathway Title & Session Number
|
Length
|
Course Start & End Date
|
Applications Close Date*
|
|
Systems Security Analysis Pathway – Session 2
|
4 weeks
|
3/20/2026 – 4/24/2026
|
3/6/2026 (5 pm ET)
|
|
Vulnerability Analysis – Session 2
|
4 weeks
|
4/27/2026 – 5/22/2026
|
4/3/2026 (5 pm ET)
|
|
Defensive Cybersecurity – Session 1
|
12 weeks
|
6/1/2026 – 8/25/2026
|
5/8/2026 (5 pm ET)
|
|
Incident Response – Session 2
|
4 weeks
|
7/13/2026 – 8/7/2026
|
6/19/2026 (5 pm ET)
|
*The application window will close when each course reaches 30 applicants, which may be sooner than the application close date.
For more information, additional course dates, and instructions on how to apply, visit the Federal Cyber Defense Skilling Academy site or send an email to skillingacademy@cisa.dhs.gov.
This series provides training assistance to cyber incident responders to help them prepare for, identify, assess, mitigate and report cyber events. This series includes 100-level one-hour webinars for a general audience and 200-level virtual training courses with cyber range lab activities where participants can learn and practice investigation, remediation, and incident response skills. The course audience are government employees and contractors at all levels - federal, state, local, tribal, and territorial, as well as educational and critical infrastructure partners. For more information, email cyberinsights@cisa.dhs.gov.
To learn more or register visit: Incident Response Training | CISA
Eligible Audience: Open to federal employees and supporting contractors, state, local, tribal, and territorial, and critical infrastructure partners.
This training series provides training assistance to cyber practitioners so they can enable secure systems by strengthening their cyber defenses against vulnerabilities, weaknesses, and threats. This series includes 100-level one-hour webinars for a general audience and 200-level virtual training courses with cyber range lab activities. The course audience are government employees and contractors at all levels - federal, state, local, tribal, and territorial - as well as educational and critical infrastructure partners. For more information, email cyberinsights@cisa.dhs.gov.
To learn more or register visit: Incident Response Training | CISA
Eligible Audience: Open to federal employees and supporting contractors, state, local, tribal, and territorial, and critical infrastructure partners.
These trainings provide instructor-led, hands-on CDM Dashboard training for Federal Civilian Executive Branch (FCEB) employees and contractors in a cyber virtual learning environment (CVLE). The virtual and in-person training events enhance the dynamic CDM approach to fortifying the cybersecurity of government networks and systems. These courses are designed for personnel at agencies participating in the CDM program who monitor, manage, or oversee controls on their information systems such as ISSOs, CDM POCs, ISSMs and those reporting metrics.
These CDM trainings enable participating FCEB agencies to improve their networks and defend against cyber adversaries. The CDM training provides detailed class discussion with real world simulated computer labs using a CVLE. The training will teach participants the basics of CDM and how to use the CDM Dashboard capabilities to help mitigate agency threats. We will also offer various CDM resources and external references.
Currently, the courses use version ES 6.6 of the CDM Dashboard within the CVLE. The current content focuses on the most recent version of the dashboard, including FISMA Automation, HVA reporting, CyHy (Cyber Hygiene) and SCuBA (Secure Cloud Business Applications), and other dashboard capabilities. Current CDM courses are offered at the 100-level (Introductory) and 200-level (Intermediate).
To learn more or register visit: Continuous Diagnostics and Mitigation Training | CISA
Eligible Audience: Open to federal employees and supporting contractors.
This no-cost ICS cybersecurity training is designed for critical infrastructure owners and operators. Its primary goal is to help reduce cybersecurity risks across critical infrastructure sectors while strengthening collaboration between CISA and the private sector.
Participants register through the CISA Virtual Learning Portal (VLP), where online courses become available immediately upon enrollment. Online course durations range from 2 to 20 hours. In-person training is delivered by the Idaho National Laboratory (INL) in Idaho Falls, Idaho, and typically runs Monday through Thursday of the scheduled program week.
Visit to view the training calendar, course offerings, and detailed descriptions, including objectives and formats:
*The ICS300 online course is a prerequisite for attending the in-person ICS301 training hosted by CISA at the Idaho National Laboratory. This ICS300 course focuses on many of the hands-on skills needed to protect and secure Industrial Control Systems and Operational Technology networks. The ICS401 course is available either online (ICS401V) or in-person (ICS401L).
To learn more or sign up, visit: ICS Training Calendar
Eligible Audience: Primary audience is critical infrastructure partners, however, federal, state, local, tribal, and territorial employees with critical infrastructure responsibilities are also eligible.
The President’s Cup Game of the Month February is live. Participants can sign up and compete to:
- Develop key skills by engaging in continuous learning and gaining hands-on experience by applying their skills in cyberspace operations and exploitation analysis.
- Boost their careers by working on NICE framework tasks critical to cybersecurity investigations.
- And testing their abilities with challenges based upon real-world cyber incident scenarios.
Eligible Audience: Open to the public.
CISA is now offering Skilling Continuation Labs (SCLs), which are part of CISA’s ongoing goal to better equip the cyber workforce with the skills needed to defend our country against cyber threats. This new series of hands-on training opportunities cover specific cyber topics and use cases that are tied to CISA guidance and publications (All Resources & Tools | CISA). These labs are standalone training sessions and are not part of a curriculum, allowing the learner to focus solely on the topic of interest, minimizing training time as the labs strengthen the role of the cyber workforce!
The SCLs cover:
-
Network Segmentation – associated with CISA’s Securing Network Infrastructure Devices guidance, this topic is crucial to defending cyber threats as these devices are ideal targets for malicious cyber actors
-
Enhanced Security with DNS – leveraging CISA’s Encrypted Domain Name System (DNS) Implementation Guidance and the Protective Domain Name System Resolver, this topic is part of the vital effort to advance and strengthen zero trust cybersecurity across agencies
-
Living Off the Land Attacks – using CISA’s techniques, in cooperation with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), this lab provides threat detection information and mitigations applicable to LOTL activities, regardless of threat actor covering malware attacks and how effective logging can detect them.
-
Automated Defenses – using CISA’s best practices for denial-of-service attacks, this lab covers the concept of automated defenses, demonstrating endpoint detection and response (EDR). It shows how to mitigate denial of service attacks using firewall throttling techniques and the use of honeypots.
-
XZ Utils – A Case Study on Supply Chain Trust – applying CISA’s XZ Utils Vulnerability prevention method, this lab applies supply chain trust, using SBOMs to manage vulnerabilities in open source software. A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. This lab guides the learner through an XZ Utils supply chain trust scenario.
-
Secure Programming – using the CISA Secure by Design approach, this lab examines any flaws in code that could lead to overflow attacks and details how to prevent them from occurring. The lab focuses on SQL and OS command injection vulnerable and exploitable code.
These Skilling Continuation Labs were created for cyber professionals with some IT/cyber experience who fall into the upper beginner to lower intermediate cyber skill range. These labs are available to play in the President’s Cup Practice Area. We are confident these labs will provide a continuation of skills for the cyber professional.
Eligible Audience: Open to federal employees and military only.
Are you interested in exploring additional training opportunities to help you grow and develop in the cybersecurity field? The National Initiative for Cybersecurity Careers and Studies (NICCS) Education & Training Catalog contains thousands of virtual and in-person courses for cybersecurity professionals of all skill levels. These courses are mapped to the NICE Workforce Framework for Cybersecurity (NICE Framework), which can help you select courses that build the knowledge and skills you need to be successful in a variety of different cybersecurity career paths.
Visit the Education & Training Catalog today and use the interactive map and filters to search for courses that will increase your expertise, prepare you to earn a cybersecurity certification, and help you transition to a new career or position.
Questions or feedback regarding the cybersecurity courses listed in the Catalog? Please email NICCS@cisa.dhs.gov.
Want to subscribe to the newsletter? Sign up a co-worker or friend? Enter your email here Cybersecurity and Infrastructure Security Agency to receive this Cyber Training Bulletin every month!
For additional information about ongoing cyber training, contact us at cybertraining@cisa.dhs.gov.
|
