Cybersecurity practitioners course


Organizations across all industries are faced with unmanageable levels of cyber threats brought on by a changing threat landscape.

The optimum strategy to respond to these threats is to make security an integral part of culture and overall structure—to help organizations better prepare for digital transformation in the age of the fourth industrial revolution.

Build expertise in developing security systems that understand, reason, and learn; proactively reacting to cyber threats.

IBM SkillsBuild for Academia

Young man, wearing shirt and tie, concentrating on completing a task at the office

This course comprises a unique mix of cybersecurity technical and real-world industry skills, designed to provide awareness on the impact of cybersecurity threats in key industries across geographies.


Cybersecurity Practitioners

Can elevate organizations’ overall security posture, by adopting practices, methods, and tools that increase enterprise cyber resilience. Practitioners provide awareness of the latest cyber threats and can help set the foundation for implementing an incident response team and a security operations center.

This course covers the following objectives:

  • Analyze top targeted industries and trends
  • Explore how cyber criminals are using operating system tools to get control
  • Uncover why cyber criminals are changing their techniques
  • Determine what steps you can take to protect your organization against these threats
  • Understand the tools used by penetration testers and ethical hackers (network CLI tools, Telnet, SSH, Nmap, Wireshark, and many others)
  • Leverage high-end security enterprise solutions in high demand such as IBM QRadar SIEM, Vulnerability Manager, UBA, IBM QRadar Advisor with Watson, I2 Analyst Notebook, and IBM Cloud X-Force Exchange
  • Gain real-world practice on critical threat modeling methodologies and frameworks such as MITRE, Diamond, IBM IRIS, and IBM Threat Hunting
  • Participate in Security Operation Center (SOC) role-playing scenarios: experiencing research insights through design thinking practices
  • Experience the basis for SOC—enacting the roles of triage analysts, incident response analysts, and threat intelligence analysts

Analyze tens of millions of spam and phishing attacks daily, and billions of web pages and images to detect fraudulent activity and brand abuse.

How undetected phishing creates a risk for a data breach

Prime Valley Healthcare, Inc., is a not-for-profit, medium-sized, healthcare system resulting from the 2013 integration of two healthcare systems.

Today, Prime Valley includes 36 hospitals, 550 patient care sites, 4500 beds, more than 5,300 active physicians, and 30,000 employees. In the past two years, annual revenue increased by $700 million and operating income more than doubled to $500 million.

In recent years, healthcare reform in the United States has focused on controlling rapidly rising health costs and increasing financial access to healthcare.

Healthcare delivery has not been touched to the same degree by the revolution that has been digitally transforming nearly every other aspect of society, although there has been a recent increase in telehealth practices during the Covid-19 pandemic.

One impediment to the greater use of communications and information technology is the absence of national standards for the capture, storage, communication, processing, and presentation of health information. Another is concern over privacy and confidentiality of patient medical records (patient health information), and data security issues.

Meghan Compton, the CISO at Prime Valley Healthcare, Inc., was looking over the morning IT infrastructure risk assessment reports when a call came in from Alex, a member of her security team. Alex has been keeping an eye on Dr. Froth’s online account. He is a new physician that just joined the physicians’ network at Prime Valley. Dr. Froth’s risk score has been increasing over the past month including multiple logins on his account from different offices and there has been activity from Europe at odd hours of the day.

While the security team has been monitoring Dr. Thomas Froth’s risk score, they find another risk score increasing, this time for the Head of Mergers & Acquisitions, Roy Smith. It is the same IP address that was linked to Dr. Froth that is also linked to Roy Smith’s account.

It seems that Prime Valley has joined the unfortunate trend of breaches caused by an undetected phishing attack.

Because of the increasing risk assessment, Prime Valley has had to notify the President and CEO and implement a threat investigation. Pressure is mounting on Meghan’s team to identify exactly what has happened and ensure that patient data hasn’t been breached.

One week later Alex found something. Alex presents some key findings from his analysis to Meghan using IBM QRadar Advisor with Watson. He tracked the attack back to legacy software that was used by the physician network. The attackers were in the physician network 3 months before Prime Valley Healthcare, Inc. finalized the acquisition. The attackers got into the physician network through a Facebook message.

The M&A team must have been in such haste that they overlooked making sure the network was secure before connecting accounts into Prime Valley’s corporate network. Using IBM X-Force Exchange to perform a threat intelligence investigation, the Threat Hunter on Meghan’s team identified a pattern from the Balkans with responsibility for other attacks on the US health system.

What Is Cybersecurity?

Too many events. Too many false alarms. Too many systems to track threats from root to damage. And not enough expertise to manage all this data and keep a team ahead of the enemy. The reality is that analysts need an assist from artificial intelligence (AI).

AI and machine learning make it easier and faster to find the root cause and chain of events comprising advanced persistent threats and insidious insider activity.

Cyber attacks continue to advance in scale and complexity. At the same time, IT budgets are thin, and security talent is simply outstripped by demand. The modern security operations center (SOC), whether on-site or virtual, needs to deploy a combination of technologies and people to close the gap between attacks and remediation.

With the right process you can get clear visibility into enterprise-wide infrastructure activities, coupled with the ability to respond dynamically to help protect against advanced, persistent, and opportunistic threats, whether they come from outside or inside the organization.


  • Expanding knowledge and understanding of the topic through lectures, examples, videos, and quizzes.

    Build foundational proficiency through a mix of classroom trainings, case studies, videos, and quizzes.

    Session: approx. 90 min.

    Lecture 1 – Cybersecurity Landscape

    • Cybersecurity in the World Today
    • Cyber Threats Taxonomy
    • Cybersecurity Domains

    Lecture 2 – Cyber Resilience

    • Cybersecurity Industry Challenges
    • Cyber Resilience Frameworks
    • Cyber Resilience Lifecycle

    Lecture 3 – Threat Intelligence

    • Threat Landscape
    • Anatomy of a Cyber Attack
    • Threat Hunting Methodology

    Lecture 4 – Network Security

    • Network Security Landscape
    • Enterprise Network Security
    • Anatomy of a Network Attack

    Lecture 5 – Mobile & IoT Security

    • Mobile & IoT Global Trends
    • Mobile & IoT Security Landscape
    • End-point Protection

    Lecture 6 – Application Security

    • Introduction to Web Applications
    • Application Security Practices
    • Application Security Attacks

    Lecture 7 – Data Security

    • Data Breaches – Industry Overview
    • Insider Threat and Phishing Attacks
    • Ransomware and Fraud Attacks
    • Industry Case Study

    Lecture 8 – Cloud Security

    • Cloud Global Trends
    • Cloud Security Challenges
    • Cloud Security in Practice
    • Industry Case Studies

    Lecture 9 – Security Intelligence

    • SIEM Landscape
    • SIEM Characteristics
    • SIEM in Action
    • SIEM Explained
    • SIEM Identifies a Phishing Attempt
    • Using the SIEM

    Lecture 10 – Security Operations Center

    • Security Operations Center (SOC) Overview
    • SOC Operations Team
    • SOC Incident Lifecycle
  • Implement concepts learnt with hands-on lab activities, games, and simulations.

    Lab session: approx. 120 min.

    Lab 1 – Monitor Global Security Incidents

    • Explore an Interactive Threat Chart
    • Monitor Global Attacks in Real-Time

    Lab 2 – Network Security Tools

    • Understand the data behind your IP
    • Explore your Command Line Interface
    • Learn about basic tools attackers use
    • Cement industry best practices such as DNS

    Lab 3 – Endpoint Security Practices

    • Footprinting and how to find vulnerabilities
    • Witness how an attacker takes control
    • Protect yourself using Secure Shells
    • Discover how X-Force keeps tab online

    Lab 4 – Web Banking Data Breach Scenario

    • Understand the role of a penetration tester
    • Discover more methods to attack a system
    • Conceptualize repercussions of attacks

    Lab 5 – Scan And Investigate Vulnerabilities

    • Create and run a patch scan
    • Adjust impact scores for important assets
    • Run a custom scan with active tests
    • Investigate a vulnerability

    Lab 6 – Using IBM Qradar

    • Navigate the web interface
    • Investigate suspicious activity
    • Create a report
    • Manage network hierarchy

    Lab 7 – Investigating User Behavior

    • Validate environment
    • Run log events to generate user traffic
    • Configure rules
    • Modify User Behavior Analytics
    • Investigate users

    Lab 8 – Analyzing Threats With Intel

    • Prepare data in QRadar
    • Trigger an offense and import into i2
    • Use ANB to perform investigation
    • Import data into i2 Analyst’s Notebook
    • Examine human resource data
  • Explore industry case studies to understand the real-world impact of the topics covered.

    Every use case approx. 16 hrs. group work

    Group work session: 16 hrs. per use case.

    Design Thinking

    • Design Thinking in Cybersecurity
    • Security Breach Scenarios
    • Empathize with four personas
      1. Security Operations Center Manager
      2. Triage (L1) Security Analyst
      3. Incident Response (L2) Security Analyst
    • Cyber Threat Hunter


    Rule Triggers Offense

    A QRadar rule triggers an offense indicating malicious files on a single endpoint. How would the Security Operations Center deal with this offense?

    False Positives

    A QRadar rule (Rule 23) triggers a large volume of false positives. The root cause is a change in the networking infrastructure that was not communicated to the Security Operations Center ahead of time. Who should do what and when?

    New Threat

    A new X-Force Advisory is published by IBM. FS has not heard of this threat previously. Logs for detecting an intrusion through this vulnerability are not integrated into QRadar. What’s painful about the process of dealing with this Advisory?


This course uses the following tools:

  • IBM X-Force Exchange
  • IBM i2 Analyst’s Notebook
  • Mozilla Firefox
  • PuTTY
  • IBM QRadar Vulnerability Manager
  • IBM QRadar
  • IBM Watson User Behavior Analytics
  • Wireshark
  • Zenmap


Instructor Workshop

Facilitator has taken the course and successfully passed the exam.

  • Avid speaker with good presentation skills
  • Pedagogical group management skills
  • Encourage critical thinking and domain exploration
  • Experience handling data sets and IP copyrights

Classroom Format

Individuals with an active interest in applying for entry-level jobs in cybersecurity related fields.

  • Basic IT Literacy skills*

*Basic IT Literacy – Refers to skills required to operate at the user level a graphical operating system environment such as Microsoft Windows® or Linux Ubuntu®, performing basic operating commands such as launching an application, copying and pasting information, using menus, windows and peripheral devices such as mouse and keyboard. Additionally, users should be familiar with internet browsers, search engines, page navigation, and forms.

Digital credential

Practitioner Certificate

IBM Cybersecurity Practitioner Certificate

IBM Cybersecurity Practitioner Certificate

See badge

About this Certificate

Through validated Cybersecurity instructor-led training, this badge earner has demonstrated the ability to have acquired the skills and understanding of Cybersecurity concepts and technologies

The certificate program earner has demonstrated proficiency and understanding of Cybersecurity technical topics and design thinking.

The earner has gained the ability to apply the concepts and technology to design and develop a Cybersecurity solution prototype that is applicable to real-world Cybersecurity scenarios, and suitable for educational purposes.


Cybersecurity, Cyber resilience, Network security, IoT security, Application security, Data security, Cloud security, i2, X-Force exchange, IBM Watson, QRadar, SIEM, AI, AI security, Vulnerability manager, UBA, IBM QRadar Advisor with Watson, MITRE, Diamond, IBM IRIS, Threat hunting, Incident Response, Security operations center, SOC, Industry expertise, Security analyst, Design Thinking, Use cases, Communication, Collaboration, Teamwork, Problem-solving, Empathy, Personas, User-centric, Innovation, Stakeholder, Security breach, Scenarios, Browser security, Nmap, Wireshark, CLI.


  • Must attend a training session at a higher education institution implementing the IBM Skills Academy program
  • Must have completed the instructor-led Cybersecurity Practitioners training.
  • Must have earned the Enterprise Design Thinking Practitioner Badge.
  • Must pass the Cybersecurity practitioners exam and satisfactorily complete the group exercise.

Instructor Certificate

IBM Cybersecurity Practitioner Certificate- Instructor

IBM Cybersecurity Practitioner Certificate: Instructor

See badge

About this Certificate

Through an IBM instructor-led workshop, this badge earner has acquired skills in Cybersecurity concepts, technology, and use cases.

This certificate program earner has demonstrated proficiency in the following topics: Cybersecurity Foundations, Enterprise Cyber Resilience, Cyber Threats Landscape, Implementation of an Incident Response Team, Security Operations Center Roles, Tools and Practices, Design Thinking for Cybersecurity, and Cybersecurity Industry Use Cases.

The earner has demonstrated the capacity to deliver the Cybersecurity course as an instructor applying pedagogical skills to drive the group work using role playing techniques and challengs based scenarios.


Cybersecurity, Cyber resilience, Network security, IoT security, Application security, Data security, Cloud security, i2, X-Force exchange, IBM Watson, QRadar, SIEM, AI, AI security, Vulnerability manager, UBA, IBM QRadar Advisor with Watson, MITRE, Diamond, IBM IRIS, Threat hunting, Incident Response, Security operations center, SOC, Industry expertise, Security analyst, Design Thinking, Use cases, Trainer, Lecturer, Advisor, Communication, Collaboration, Teamwork, Problem-solving, Empathy, Personas, User-centric, Innovation, Stakeholder, Security breach, Scenarios, Browser security, Nmap, Wireshark, CLI.


  • Must be an instructor of a Higher Education Institution which has or is implementing the IBM Skills Academy Program.
  • Must have completed the IBM Cybersecurity Practitioners — Instructors Workshop.
  • Must have earned the Enterprise Design Thinking Practitioner Badge.
  • Must fulfill the requirements of IBM’s Skills Academy teaching validation process.