In this module, you’ll learn why endpoints are a critical focus in cybersecurity and how attackers often exploit them to reach organizational data. You’ll explore endpoint types, common attack vectors, the CIA triad, and baseline hardening principles, and analyze real-world attack scenarios to see these concepts in action. You’ll also work with CIS-CAT Lite in hands-on labs to assess configurations and understand how architectural components like agents and policy engines interact. Finally, you’ll apply foundational security practices to strengthen baseline defenses and build a resilient endpoint environment.

In this module, you’ll learn how Endpoint Detection and Response (EDR) strengthens modern security beyond traditional antivirus solutions. You’ll explore how EDR collects and analyzes telemetry, apply frameworks like MITRE ATT&CK to shape detection strategies, and practice using tools such as Sysmon, Process Monitor, osquery, and Velociraptor for visibility and threat hunting. Through hands-on configuration and guided workflows, you’ll build skills in interpreting endpoint telemetry, investigating suspicious activity, and applying structured analysis techniques to real-world defense scenarios.

In this module, you’ll learn why Zero Trust is essential in today’s borderless networks and how it transforms access control beyond traditional perimeter defenses. You’ll explore core principles such as continuous verification, least privilege, and microsegmentation across identity, device, and application layers. Through real-world reference architectures and policy enforcement models, you’ll gain practical insight into Zero Trust design. Finally, you’ll apply these concepts in a hands-on lab using OpenZiti and endpoint hardening to rethink access workflows and experiment with identity-based segmentation.

In this module, you’ll learn how to identify and mitigate insider threats—one of the most challenging risks in cybersecurity. You’ll explore insider motives, behavioral indicators, and monitoring techniques based on log analysis and baseline deviations, while also considering the legal and ethical implications of monitoring trusted users. Through case studies, detection strategies, and hands-on simulations with Sysmon and Sigma, you’ll practice analyzing behavior patterns, interpreting activity trails, and evaluating potential misuse of privileges to build a responsible and effective insider threat program.

In this wrap-up module, you’ll consolidate everything learned across the course by demonstrating your ability to secure, monitor, and investigate a real-world endpoint scenario. Through a graded assessment, hands-on project, and final reflections, you’ll apply endpoint hardening techniques, configure telemetry, simulate insider or malware-like activity, and conduct a structured investigation using free tools. By the end, you’ll showcase the practical skills of a SOC analyst—detecting, responding, and reporting on endpoint threats—while reinforcing your readiness for professional roles and certifications in cybersecurity defense.