www.northropgrumman.com© 2015 Northrop Grumman Systems Corporation.All rights reserved. Approved for Public Release: 14-1372IS10350314US rev: 3.18.2015

For more information,please contact:

Northrop Grumman Information Systems

CyberAcademy@ngc.com

Northrop Grumman has more than 30 years experience in cybersecurity and information assurance, and brings unparalleled expertise in managing and protecting networks and delivering complex information assurance and security solutions to high-risk customers including government and critical infrastructure industries. It is developing the next-generation of advanced cyber solutions, which touch on policy, governance requirements, software application, network development, training and operational support, and is responsive to emerging cyber security needs. Northrop Grumman invests in leading-edge research and development, and accesses cutting-edge technology through affiliation with academia and small to medium enterprises. The company is a major sponsor of school, university and professional cyber competitions worldwide. For more information about Northrop Grumman in cybersecurity, visit www.northropgrumman.com/cyber.

CyberAcademy

Developing the Cyber Workforce

Cyber Academy PartnershipsNorthrop Grumman continually develops relationships and partners with thought leaders in cybersecurity, academic insti-tutions, industry and the client community to enhance Cyber Academy offerings and learning opportunities. Partnerships focus on cyber/information assurance certifications and training in specialized areas of cybersecurity including next generation technologies and tools.

Cyber CertificationProgramThe Cyber Academy assists employees in their pursuit of certifications, including those accepted by the industry. Employees may follow defined pathways to certification, take advantage of training opportu-nities, and participate in exam preparation cohorts for specific certifications available through university and vendor partner-ships. Northrop Grumman’s Education Assistance Program provides funding for employees to participate in related prepa-ration courses and exams.

The Cyber Academy provides training courses, learning opportunities, and career

and certification pathways to increase the level of knowledge in cybersecurity and cyber warfare. The Cyber Academy helps ensure Northrop Grumman has the most qualified talent available to take on the full spectrum of cyber challenges for our customers.

CurriculumOverview offerings provide leaders, decision makers and technologists a high-level view of the technical curriculum, while additional Cyber Academy courses provide aware-ness and specialized training for both technical and non-technical audiences:

• Overview Courses (2 or 4 hours) – These overview courses review cybersecurity and its impact on your organization, to include a summary of methodologies, tools, and techniques used by today’s computer attackers.

• Cybersecurity Fundamentals (4 days) – In-depth discussion, demon-stration, and hands-on training in a virtual lab environment, with students gaining an understanding of attack methodologies and preparing the defense of their machine to expose and reduce vulnerabilities.

• Cybersecurity for Business Developers/Program Managers (4 hours) - Cybersecurity fundamentals and guidance on integrating into business development and

programs. The course uses pictorial perspectives that facilitates communications throughout the program lifecycle.

• Network Security Essentials (1 day) – Provides an overview of net-working, the Open System Interconnection (OSI) Reference Model, and the necessary security measures used to protect a network against attacks.

• Software Security Engineering (1 day) – Teaches how and where to build security into the Software De-velopment Lifecycle including techniques for threat modelling, architecture & design, and methodologies for secure coding/testing.

• Secure Architecture Analysis & Application (2 days) – Provides an understanding of cyber architecture, the role of cyber architecture and the role of cyber architects, and intro-duces various cyber artifacts, capabilities, and frameworks enabling students to develop repeatable cyber architecture solutions.

• Reverse Engineering (2 weeks) This course provides an explo-ration of Reverse Engineering as it pertains to malicious code, viruses, and other categories of malware. Through in-depth discussions, as well as hands-on practical application through the use of tools such as IDA and Obfuscator, participants will gain a foundational under-

Cyber Academy: Developing the Cyber Workforce

Team, the Cyber Incident Response Team, and the Forensic Investigative Security Team, in preparation for an entry-level position as a CSOC analyst.

• Introduction to Active Defense (1 day) – This course provides an intro-ductory look at offensive cybersecurity, and serves as a foundation for continued learning into more specific areas of proactive security assessments. This course explores not only the cate-gories of offensive security activities, but also the ethical and legal considerations often confronted during real-world security assessments. Ranging from topics such as Ethical Hacking, Penetration Testing, Vulnerability Assessments, authorized attack planning, and report writing, students who participate in this course will be better prepared to explore the more technical

topics covered in our follow-on offensive security courses (e.g. Ethical Hacking Fundamentals, Fundamentals of Penetration Testing).

• Ethical Hacking Fundamentals (5 days) – This course provides a compre-hensive view into the various stages of ethical hacking from reconnaissance to system attack and post-attack clean-up. Through in-depth discussion and demonstration the course covers the advanced computer and network concepts used by ethical hackers during penetration testing. Students will be introduced to the concepts and terminology found in common ethical hacking exams such as the EC Council CEH exam.

• Penetration Testing (3 days) - This course provides students with the opportunity to gain a comprehensive view of penetra-tion testing through hands-on application of methodologies and the use of advanced com-puter and networking concepts used during testing, including: security assessment planning and preparation, network reconnaissance, attack plan-ning and execution, maintaining stealth, and report generation.

Cyber AcademyTraining FrameworkThe foundation for Cyber Academy training and development includes business needs, cyber skills and competencies, industry and academic partnerships, and technology/research. Each level of the training framework aims to meet specific training and development needs for Northrop Grumman, customers, and potential client audiences.

standing of the concepts be-hind Reverse Engineering, as well as how it is performed in a real-world cybersecurity envi-ronment. This knowledge will help prepare participants for roles in a Digital Forensic Inves-tigation lab or a Cybersecurity Operations Center, and will also help software engineers and programmers develop more secure code by providing real-world examples of code disassembly, code hardening, and code obfuscation.

• Introduction to Cyber Defense (1 day) – This course provides an intro-ductory look at defensive cybersecurity, and serves as a foundation for continued learn-ing into the more specific areas of setting up and maintaining an Enterprise Defense-In-Depth program. This course explores not only the categories of defensive security activities, but also the Defense-In-Depth framework (The Northrop Grumman FAN™), security controls, and risk management.

• CSOC Overview (2 hours) – This course provides an intro-ductory look at a Northrop Grumman Cybersecurity Operations Center (CSOC). The course explores the primary day-to-day operational activities conducted by a CSOC, including the various CSOC elements, the incident response process, and the digital forensic investigation process. Students will become familiar with the func-tions and roles of teams such as the Security Monitoring

Awareness/Basic Training

Fundamentals of •Cybersecurity

Cyber Executive •Overview

/////nniiinnnnnngggggg

Certifications

Specialization

Pen Testing •Incident Handling/ •

Intrusion Detection Digital Forensics •

SCADA •

Software Security •Engineering

Secure Architecture Analysis •and Application

Industry AcceptedCERTs

Skills

Cyber Training and Education

Specialtytraining

to addressAdvanced

Threat challenges

Skill development focusedon delivery of secure

capabilities/solutions

Certifications based on business/skillsaligned with DoD 8570 requirements

Awareness education and training for all levels

Advanced Specialty Training

Secure Architecture Design & Engineering

Certification

Basic Awareness Education / Training