Cybersecurity

The CIA triad, threat actors and their motivations, the attacker lifecycle, and the range of cybersecurity roles — from SOC analyst and penetration tester to CISO and security architect. Students map the cybersecurity career landscape and identify their target role.

TCP/IP at a security-relevant level: packet structure, the OSI model from a security perspective, common protocols and their vulnerabilities (DNS, HTTP, FTP, Telnet, SMTP), and network traffic analysis using Wireshark.

Hardening Windows and Linux systems: disabling unnecessary services, managing file permissions, configuring firewalls (Windows Defender Firewall, iptables/ufw), auditing login events, and managing user privileges using least-privilege principles.

Malware categories (viruses, worms, trojans, ransomware, spyware, rootkits), phishing and spear-phishing mechanics, social engineering tactics, vishing, and smishing. Students analyse real malware samples in a sandboxed environment using Any.Run.

Symmetric and asymmetric encryption, RSA and AES algorithms, digital signatures, certificate authorities, PKI, TLS/SSL handshake mechanics, and the cryptographic principles behind HTTPS, VPNs, and digital certificates used in financial and government systems.

Installation and navigation of Kali Linux. Using Nmap for network scanning, Netcat for connectivity testing, Wireshark for packet capture, and Metasploitable as a safe target environment. Students build and document a personal home lab environment.

Physical access controls, CCTV, badge systems, tailgating, dumpster diving, and simulated social engineering. Students evaluate the physical and human security posture of a simulated organisation and produce a recommendation report.

The Computer Misuse Act (UK), CFAA (USA), GDPR security obligations, NIS2 Directive, and the ethical responsibilities of security professionals. Students analyse prosecuted cybercrime cases and evaluate the legal boundaries of defensive and offensive security activities.

The penetration testing lifecycle: pre-engagement, reconnaissance, scanning, exploitation, post-exploitation, and reporting. Legal scoping documents, rules of engagement, and the ethical obligations and personal liability of a professional penetration tester.

Active and passive reconnaissance: WHOIS, DNS enumeration, Shodan, Maltego, theHarvester, and the OSINT framework. Students conduct a full OSINT investigation on a target organisation (with permission) and produce a detailed intelligence report.

Nessus, OpenVAS, and Qualys for vulnerability scanning. CVE and CVSS scoring, false positive analysis, vulnerability prioritisation, and remediation planning. Students conduct a full vulnerability assessment and produce a professional client-ready report.

SQL injection, cross-site scripting, broken authentication, insecure direct object references, security misconfiguration, and XXE injection — each demonstrated and exploited in DVWA and then mitigated in real application code using secure development principles.

Metasploit framework in depth: module selection, payload configuration, post-exploitation (privilege escalation, persistence, lateral movement), and evidence collection. Students conduct authorised penetration tests against deliberately vulnerable machines.

Wi-Fi attacks: WPA2 handshake capture and cracking, evil twin access points, and deauthentication attacks. Physical penetration testing methodology: lock picking, badge cloning, and tailgating — all conducted in a controlled training environment with documented consent.

Snort and Suricata for IDS/IPS configuration, rule writing, and alert tuning. Introduction to SIEM platforms (Splunk, Microsoft Sentinel): log ingestion, correlation rules, and dashboard creation for security operations teams.

The incident response lifecycle: preparation, identification, containment, eradication, recovery, and lessons learned. Students work through a simulated ransomware incident — detecting the intrusion, isolating systems, recovering data, and producing a formal incident report.

Splunk Enterprise Security in depth: advanced SPL queries, correlation rule development, threat hunting workflows, dashboard design for SOC teams, and the automation of repetitive SOC tasks using SOAR platforms to reduce analyst fatigue.

Forensic imaging using FTK Imager and dd, write blockers, chain of custody documentation, file system forensics (NTFS, ext4), deleted file recovery, and timeline analysis using Autopsy and the Sleuth Kit.

RAM acquisition and analysis using Volatility 3. Identifying malware artefacts in memory: injected code, rogue processes, network connections, and registry modifications. Static and dynamic malware analysis using Ghidra and Any.Run sandboxing.

Threat intelligence frameworks (MITRE ATT&CK, Diamond Model, Cyber Kill Chain). STIX/TAXII threat sharing, threat intelligence platform management, and proactive threat hunting — building hypotheses and hunting for adversary TTPs in enterprise log data.

Cloud-specific attack techniques: IAM privilege escalation, S3 bucket misconfigurations, metadata service abuse, and serverless function exploitation. Cloud security controls, CSPM tools, and the shared responsibility model applied to real cloud environments.

Structured adversarial exercises: red team attack planning, blue team defence and detection, and purple team debrief methodology. Students participate in a full red-blue exercise and produce both offensive and defensive reports.

Finding original vulnerabilities in software and web applications, the CVE submission process, coordinated vulnerability disclosure, and bug bounty programme participation. Students participate in a live bug bounty programme during the module.

ISO 27001, NIST CSF, and CIS Controls applied to security architecture design. Threat and risk modelling using STRIDE and DREAD. Students design a complete security architecture for a simulated enterprise including all technical and governance controls.

Building and managing an organisational security programme: policy development, security awareness training design, third-party risk management, supplier assurance questionnaires, and audit and compliance reporting at board level.

Translating cybersecurity risk into business language. Board-level security reporting, risk appetite frameworks, cybersecurity investment justification, and managing the relationship between the CISO function and the wider executive team.

Designing and implementing zero trust networks at enterprise scale: identity-centric security, microsegmentation, continuous verification, policy decision points, and the migration from perimeter-based to zero trust security models.

Exploit development basics, buffer overflows, return-oriented programming, and browser exploit methodology. Students analyse a published CVE, reproduce the exploit in a controlled environment, and write a technical analysis and patch evaluation.

Privacy by design, data minimisation, pseudonymisation, anonymisation techniques, differential privacy, and the technical implementation of GDPR and LGPD data subject rights. Students conduct a full Data Protection Impact Assessment.

Launching a cybersecurity consultancy or startup: service design, pricing, client acquisition, proposal writing, and managing engagements. Students develop a complete consulting service offering and deliver a pitch to a panel of assessors.

An independent security research investigation — a novel vulnerability analysis, a study of emerging attack techniques, or an evaluation of a new defensive technology — written and presented to conference paper standard with a live demonstration.

Structured preparation for professional certifications (OSCP, CEH, or CompTIA Security+) and university postgraduate programme applications. Students complete a full graduate school application including personal statement and research proposal.