Live & On-Demand
Module CSFI-02 · DCOE

Defensive Cyberspace Operations Engineer

Develop your cyberspace operations skills for the deployment of network operations (NETOPS), defensive cyberspace operations (DCO), and offensive cyberspace operations (OCO).

Learn to defend friendly networks against current and emerging threats through multiple hands-on labs, deploying live attacks and analysis in a controlled environment to prevent, detect, and counter them.

Register Now Explore the Curriculum
$2,595 / student
· DCWF Cyberspace Operator · CapTech Endorsed
Soldiers conducting defensive cyberspace operations at a cyber range
Defensive Cyber Operations NetOps · DCO · OCO
Course Overview

Defend Networks Against Current and Emerging Threats

Students will develop the skills for executing DCO concepts into organizational missions. Adversarial tactics, techniques, and procedures (TTPs) and associated tools are presented following the cyber kill chain so students learn to defend friendly networks against current and emerging threats. Using multiple labs, this course provides hands-on exposure to deploy live attacks and analysis in a controlled environment, then learn how to prevent, detect, and counter such activities.

The DCOE training is a unique opportunity to certify in a critical field of cyberspace operations, enhancing mission readiness and employability. The certification follows the DCWF work role and standards for a Cyberspace Operator. Developed exclusively for the Cyber Security Forum Initiative (CSFI) by professionals with experience in military cyberspace operations, the course helps students acquire the knowledge to preserve the ability to protect data, networks, net-centric capabilities, and mission critical systems.

Cyber Kill Chain· Live Attack Labs· DCWF Cyberspace Operator
Course at a Glance
Tuition
$2,595 / student
Format
Live, online, or asynchronous
Labs
15 hands-on + 3 bonus + Capstone
Credential
DCOE Certificate of Completion
DCWF Work Role
Cyberspace Operator
Workforce Element
Cyberspace Effects
Work Role ID
322
Endorsed By
Capitol Technology University
Register for DCOE

Special group discounts may apply

What You Will Learn

Eight Core Competencies

From the Cyber Mission Force and the cyber kill chain to Kali Linux, exploitation, and network defense, every competency is reinforced with hands-on labs.

01

Cyberspace Operations and Cyber Mission Force

Frame cyberspace as a warfighting domain and the Cyber Mission Force construct (CPT, NMT, CMT) across NetOps, DCO, and OCO.

02

Cyber Kill Chain

Trace every stage of an attack and apply threat intelligence sharing through real-world breach case studies.

03

Kali Linux

Build cyber tradecraft on Kali Linux: installation, command line tasks, and confident navigation.

04

Reconnaissance (Passive and Active)

Run OSINT and network scanning with Kali, from open-source information sources to SQL mapping.

05

PBED for Cyberspace Operations

Plan, Brief, Execute, and Debrief operations using the ME3C-(PC)2 planning model.

06

Attack Across Networks and Systems

Exploit web, wireless, and network vulnerabilities with Metasploit, XSS, SQLi, and password cracking.

07

Persistent, Integrated Operations

Maintain access with C2, rootkits, and tunneling, then cover tracks across logs and artifacts.

08

Network Protection

Detect and counter intrusions with traffic analysis, vulnerability scanning, and IDS / IPS.

Is This the Right Course?

Built for Practitioners Ready to Operate

CSFI is highly invested in protecting American national security in cyberspace and is proud to provide cyberspace operations training to American entities, as well as foreign allies and partners in support of interoperability. The DCOE builds directly on operational fundamentals, so a baseline of cyber and networking knowledge will help you get the most from the labs.

Prerequisites: While not required, students would benefit from a working knowledge of TCP/IP, at least one year of IT security experience, and completion of the CSFI Introduction to Cyber Warfare and Operations Design (ICWOD) course.

Detailed Course Outline

A Complete Defensive Operations Curriculum

Nine modules carry students from cyberspace operations fundamentals through reconnaissance, exploitation, persistence, and network defense. Select a module to expand its topics.

01 Introduction
  • Introduction
  • Certification Requirements
  • Commander's Intent
  • Evolution of Cyber Espionage and Collection Efforts
02 Cyberspace Operations and Cyber Mission Force
  • Cyberspace as a Warfighting Domain
  • The Operating Environment
  • Cyberspace Militarization
  • DoD Cyber Strategy
  • Cyberspace Operations
  • NetOps, DODIN Ops
  • DCO
  • DCO-IDM
  • DCO-RA
  • OCO
  • CMF Construct: CPT, NMT, CMT
  • CPT Methodology (Survey, Secure, Protect)
03 Cyber Kill Chain
  • Steps of the Cyber Kill Chain
  • Stages of an Attack
  • Case Study: Data Breach and Lessons Learned
  • Threat Intelligence Sharing
04 Kali Linux
  • Cyber Tradecraft
  • Installation
  • Command Line Tasks
  • Navigating Kali
05 Reconnaissance (Passive and Active)
  • CIA's MICE Motivational Framework
  • Open-Source Intelligence (OSINT): Common Tools
  • Information Sources
  • Case Study: Social Media Experiment
  • Reconnaissance with Kali Linux
  • Network Scanning
  • SQL Mapping
06 PBED for Cyberspace Operations
  • PBED Framework
  • Plan: ME3C-(PC)2 Model
  • Brief
  • Execute
  • Debrief
  • PBED Exercise
07 Attack Across Networks and Systems
  • Web Application Vulnerabilities
  • Cross-Site Scripting (XSS)
  • SQL Injection (SQLi)
  • Webshell
  • Wireless Threats
  • Network Exploitation
  • Conducting Attacks with Metasploit
  • Password Cracking
08 Persistent, Integrated Operations
  • Command and Control (C2): Maintaining Access
  • Rootkits
  • Tunneling
  • Remote Access
  • Elevated Privileges
  • Covert Channels
  • Covering Tracks: Hiding Evidence
  • Altering Logs and History Files
  • Hidden Files
  • Timestamps
09 Network Protection
  • Network Traffic Analysis
  • Vulnerability Scanning
  • Intrusion Detection System (IDS) and Intrusion Protection System (IPS)
Hands-On Labs

Fifteen Labs, Three Bonus Labs, One Capstone

Every concept is put into practice in a controlled environment, from Kali Linux and Metasploit to packet capture, rootkits, and intrusion detection.

Lab 01
Navigating Kali Linux
Lab 02
Network Mapping
Lab 03
Python Scripting: Scanning and Brute Force
Lab 04
PBED Exercise
Lab 05
Cracking Wireless
Lab 06
Metasploit 1
Lab 07
Metasploit 2
Lab 08
Metasploit 3
Lab 09
EternalBlue (Shadow Brokers)
Lab 10
SQL Injection
Lab 11
Password Cracking
Lab 12
Data Exfiltration
Lab 13
Kernel Rootkit
Lab 14
Packet Capture and Analysis
Lab 15
IDS Deployment, Alert Analysis, and Reporting
Bonus
Vulnerability Scanning
Bonus
OSINT and Malware Analysis: Syrian Electronic Army (SEA)
Bonus
Whispergate Malware Analysis: Destructive Malware Targeting Ukrainian Organizations
Capstone

Capture-the-Flag (CTF) for live training, or a DCO Strategy Capstone Exercise for live online and asynchronous delivery.

Who Needs to Attend

Designed for Defenders, Operators & Hunters

From commanders and planners to analysts, engineers, penetration testers, and threat hunters, DCOE equips the people who operate and defend the network.

Anyone interested in cyber warfare / cyberspace operations
Anyone looking to expand a cyber security career
Military Commanders
Information Operations Officers
Information Security / Assurance Professionals
Cyber Security Consultants
Cyber Planners
Military Members (J2, J3, J5, J6, J9)
Security Analysts
Network Security Engineers
Penetration Testers
Auditors
Government Officials
Security Engineers
Threat Hunters
Accreditation & Certificate

Endorsed by Capitol Technology University

Capitol Technology University (CTU), a designated National Security Agency (NSA) Center of Excellence, endorsed this course. Capitol Technology University is a National Center of Academic Excellence.

Certify with confidence. A beautiful CSFI DCOE certificate, with security features, is issued to students who certify. The credential follows the DCWF work role and standards for a Cyberspace Operator.

National Security Agency, Capitol Technology University, and Department of Homeland Security

Capitol Technology University is a National Center of Academic Excellence

DCWF Mapped

100% Mapped to the DoD Cyber Workforce Framework

Every DCOE competency aligns, end to end, with the DoD Cyber Workforce Framework (DCWF): the Department's authoritative lexicon for the people who build, secure, operate, defend, and protect cyberspace.

100% DCWF Mapped

What is the DCWF?

The Department of Defense (DoD) Cyber Workforce Framework (DCWF) establishes the DoD's authoritative lexicon based on the work an individual is performing, not their position titles, occupational series, or designator. This revolutionary framework describes the work of DoD personnel who build, secure, operate, defend, and protect the DoD and U.S. cyberspace resources.

What is the impact?

The DCWF provides a foundation for a holistic approach to cyber workforce talent management, while offering greater fidelity than traditional occupational structures (e.g., occupational series) for targeted recruitment, retention, and developmental workforce solutions.

DoD Cyber Workforce Framework (DCWF) · Military & Civilian Workforce Identification & Coding Guide

DoD Cyber Workforce Framework seal

There are great people, but at today's speed of change, skills must be constantly refreshed and future fit.

The Honorable Kirsten Davies
The Honorable Kirsten Davies
Department of War Chief Information Officer (CIO)
Department of War Chief Information Officer seal DoD CIO Workforce Innovation seal
Register

Enroll in DCOE

Complete the form below and a member of the CSFI training team will follow up with enrollment details. Tuition is $2,595 per student; special group discounts may apply.

All fields required