DoD DCWF - Vulnerability Assessment Analyst

MVAA - Certified Vulnerability Assessment Analyst

The Vulnerability Assessment Analyst course is meticulously designed to equip participants with the expertise needed to proficiently identify, assess, and mitigate vulnerabilities across computer systems, networks, and applications.

Through a blend of theoretical concepts, hands-on exercises, and real-world scenarios, participants will develop a deep understanding of vulnerability assessment methodologies, security principles, and best practices, ensuring they are well-prepared to navigate the complexities of modern cybersecurity landscapes.

Additionally, through rigorous exercises and real-world simulations, participants will cultivate critical thinking and analytical skills, enabling them to anticipate potential cybersecurity threats and proactively devise strategic solutions. By analyzing complex scenarios and evaluating diverse risk factors, participants will gain the ability to think ahead, identifying vulnerabilities before they escalate into significant security breaches.

The Vulnerability Assessment Analyst course serves as a cornerstone in equipping cybersecurity professionals to navigate the complex terrain of contemporary threats, with readiness and expertise.

Intermediate

Certification

600+ hours

$1295

No Expiry, No Renewals

Course Overview

The Vulnerability Assessment Analyst course aims to equip participants with the skills required to adeptly identify, assess, and mitigate vulnerabilities across computer systems, networks, and applications.

Engaging in immersive practical lab sessions, students will delve into hands-on activities aimed at analyzing security architectures, evaluating security controls, and implementing defense-in-depth strategies to safeguard critical assets and data.

Participants will develop advanced proficiency in penetration testing, vulnerability assessment, and compliance auditing of web applications, software applications, hosts, and networks.

Additionally, they will master the art of drafting comprehensive, industry-standard reports that effectively communicate findings, recommendations, and remediation strategies to stakeholders.

Upon completion of the Vulnerability Assessment Analyst course, participants will be equipped with a diverse skill set enabling them to:

Develop the ability to define project scope and perform effective assessment activities within specified timeframes.
Utilize standard automated tools for vulnerability assessment to identify and mitigate security risks.
Identify and address security vulnerabilities on Windows and Linux systems through comprehensive assessments.
Conduct network vulnerability assessments to secure organizational networks from potential cyber threats.
Assess web applications for vulnerabilities using best practices in security testing and remediation.
Analyze vulnerability assessment outcomes to prioritize risk management efforts and implement corrective measures.
Utilize sophisticated scanning technologies and develop checklists for continuous system, network, and application security monitoring.

Knowledge, Skills and Abilities You Will Acquire

MCSI is one of the most respected and trusted names in cyber security education and training. Our certifications teach critical skills, knowledge and abilities needed to advance a career in cyber security. Our courses are comprehensive and up-to-date, and our instructors are experienced professionals who are dedicated to helping students learn. MCSI provides the real-world skills and knowledge you need to protect any organization from cyber threats.

Lab Setup and Virtualization
Automated Vulnerability Scanning

Automated vulnerability scanning is essential for vulnerability assessment analysts because it enables efficient and comprehensive identification of security weaknesses across systems, networks, and applications. This approach saves time and resources by automating repetitive tasks, allowing analysts to focus on analyzing and addressing critical vulnerabilities promptly.

OpenVAS

OpenVAS is essential for MVAA professionals as it automates vulnerability scanning, allowing for comprehensive audits of networks and applications. It enables analysts to identify and prioritize vulnerabilities efficiently, supporting robust remediation efforts.

OWASP ZAP

OWASP ZAP (Zed Attack Proxy) plays a critical role in web application security testing for MVAA analysts. It automates vulnerability detection in web applications, enabling thorough security assessments and enhancing the overall security posture of applications.

W4AF

W4AF (Web Application Attack and Audit Framework) is a valuable tool for MVAA professionals, providing a framework to assess and exploit vulnerabilities in web applications. It supports automated scanning and manual testing, enhancing the accuracy and depth of vulnerability assessments.

Nmap Scripting Engine

The Nmap Scripting Engine (NSE) is indispensable for MVAA analysts due to its automation capabilities in vulnerability detection and exploitation. It empowers analysts to customize and extend Nmap's capabilities, enabling targeted assessments tailored to specific security requirements.
Network Reconnaissance

Network reconnaissance is crucial for cybersecurity professionals, including Vulnerability Assessment Analysts (MVAA), because it enables them to gather critical information about target networks, systems, and applications.

By conducting network reconnaissance, analysts can identify potential vulnerabilities, map network architectures, and understand the security posture of an organization. This knowledge is essential for developing effective vulnerability assessment strategies and implementing robust security measures to safeguard against cyber threats. Additionally, network reconnaissance helps analysts assess the attack surface and prioritize security efforts, ensuring comprehensive protection against potential threats.

theharvester

Theharvester is a powerful tool used by Vulnerability Assessment Analysts (MVAA) to gather information about email addresses, subdomains, virtual hosts, and open ports. This information is essential for conducting reconnaissance and identifying potential attack vectors.

Fierce

Fierce is another tool employed by MVAA for DNS enumeration, assisting in the discovery of non-contiguous IP space, particularly for identifying target subdomains. This information aids in mapping the network infrastructure and identifying potential vulnerabilities.

Shodan.IO

Shodan.IO is a search engine that allows MVAA to explore and discover devices connected to the internet. This tool provides insights into exposed services, including those with potential security risks, aiding in vulnerability assessment and risk management.

Passively Mapping and Enumerating Subdomains

Passively mapping and enumerating subdomains is a critical activity for MVAA, involving methods to identify and map subdomains without directly interacting with the target organization's systems. This passive reconnaissance approach provides valuable insights into the attack surface and potential vulnerabilities.
System Exploitation and Penetration Testing

System Exploitation and penetration testing are crucial for Vulnerability Assessment Analysts (MVAA) because they simulate real-world attack scenarios to identify and validate vulnerabilities. By conducting these tests, MVAA can assess the actual impact of vulnerabilities and provide actionable recommendations for remediation, enhancing overall cybersecurity posture and mitigating potential risks.

Writing PowerShell Scripts to Detect Windows Vulnerabilities

Writing PowerShell scripts to detect Windows vulnerabilities is crucial for MVAA, allowing for automated scanning and identification of security weaknesses within Windows environments. This automation enhances efficiency and accuracy in vulnerability assessment processes.

Exploiting Numerous Linux Vulnerabilities (Privilege Escalation, etc.)

Exploiting numerous Linux vulnerabilities, including privilege escalation, is important for MVAA to gain insights into common security weaknesses in Linux systems. This knowledge helps in effectively assessing and mitigating vulnerabilities across diverse environments.

Exploiting Systems Using Metasploit (such as Pivoting, SMB, etc.)

Exploiting systems using Metasploit, including techniques like pivoting and SMB exploitation, is essential for MVAA to simulate realistic attack scenarios and evaluate defensive measures. This hands-on experience enhances the ability to identify and remediate critical vulnerabilities.

Exploiting Stack Overflow Exploits

Exploiting stack overflow exploits is important for MVAA to understand memory vulnerabilities and how attackers can leverage them to gain unauthorized access. This knowledge aids in developing effective countermeasures and securing systems against such attacks.

Bypassing DEP Protection on Windows

Bypassing DEP (Data Execution Prevention) protection on Windows systems is relevant for MVAA to assess and address memory protection mechanisms that can be circumvented by sophisticated attacks. Understanding these techniques strengthens the ability to defend against advanced threats.
Web Exploitation and Penetration Testing

Web exploitation and penetration testing are crucial for MVAA to assess the security of web applications, identifying vulnerabilities that could be exploited by attackers. By conducting these tests, MVAA can proactively address weaknesses in web systems, preventing potential cyber threats and securing critical assets.

Exploiting Web Applications via File Uploads

Exploiting web applications through file uploads is essential for MVAA, allowing identification and remediation of vulnerabilities related to insecure file handling and validation.

Exploiting Web Applications via Local/Remote File Inclusion

Exploiting web applications via local or remote file inclusion techniques is critical for MVAA to assess and mitigate vulnerabilities related to improper input validation and access control mechanisms.

Exploiting Web Applications via Command Injection

Command injection exploitation is important for MVAA to identify and address vulnerabilities that allow malicious commands to be executed on web servers through user input.

Exploiting Web Applications via Advanced SQL Injection

Advanced SQL injection exploitation is crucial for MVAA to uncover vulnerabilities in database-driven web applications, allowing unauthorized access to sensitive data.

Exploiting Web Applications via Server-Side Template Injection

Server-side template injection exploitation is essential for MVAA to identify vulnerabilities in web applications that use server-side templating engines, potentially leading to remote code execution.

Exploiting Web Applications via XPath Injection

XPath injection exploitation is important for MVAA to assess vulnerabilities in web applications that use XPath queries, allowing attackers to manipulate XML-based data.

Bypassing Web Application Protections

Bypassing web application protections is critical for MVAA to understand the effectiveness of security controls and to identify weaknesses that could be exploited by attackers.
Phishing and Spear-Phishing

Phishing and spear-phishing are crucial for MVAA because they simulate real-world social engineering attacks, helping analysts assess human vulnerabilities and the effectiveness of security awareness training. By executing controlled campaigns, analysts can identify weaknesses in organizational defenses and improve overall security posture against targeted cyber threats.

Performing Reconnaissance on a Target

Performing reconnaissance on a target is essential for MVAA analysts to gather information about potential vulnerabilities, attack surfaces, and system configurations before conducting assessments.

Creating a Decoy Phishing Website

Creating a decoy phishing website is an important technique for MVAA analysts to simulate phishing attacks, assess user behaviors, and evaluate the effectiveness of security controls.

Creating Evasive Payloads

Developing evasive payloads is critical for MVAA analysts to test security defenses and assess the ability of systems to detect and prevent malicious payloads.

Bypassing Mark of the Web

Bypassing Mark of the Web is important for MVAA analysts to evade browser security features and test web-based vulnerabilities effectively.

Using HTML Smuggling

HTML smuggling is a valuable technique for MVAA analysts to evade detection mechanisms and assess web application security controls comprehensively.

Creating Convincing Email Templates

Crafting convincing email templates is essential for MVAA analysts to simulate phishing attacks and evaluate user awareness and response to email-based threats.

Utilizing GoPhish

Using GoPhish is a powerful tool for MVAA analysts to orchestrate phishing campaigns and assess user behavior, thereby improving organizational security awareness and defenses.
Documentation & Procedures

Documentation and procedures are crucial for MVAA analysts to maintain clear records of vulnerabilities, assessments, and remediation strategies, ensuring accountability and facilitating knowledge transfer within the organization. Standardized documentation also supports compliance efforts and enables efficient collaboration among security teams, enhancing overall cybersecurity posture.

Creating Windows Privilege Escalation Checklist

Developing a Windows Privilege Escalation Checklist is essential for MVAA analysts to systematically identify and mitigate vulnerabilities related to escalating privileges on Windows systems, ensuring comprehensive security assessments.

Creating Web Application Penetration Testing Checklist

Establishing a Web Application Penetration Testing Checklist allows MVAA analysts to methodically assess and address security weaknesses in web applications, improving overall application security and resilience against cyber threats.

Creating Network Penetration Testing Checklist

Developing a Network Penetration Testing Checklist enables MVAA analysts to conduct thorough assessments of network infrastructure, identifying vulnerabilities and enhancing network security measures.

Creating Linux Privilege Escalation Checklist

Crafting a Linux Privilege Escalation Checklist is essential for MVAA analysts to detect and address vulnerabilities related to privilege escalation on Linux systems, ensuring robust security posture across diverse platforms.

Creating Penetration Testing Report

Generating a comprehensive Penetration Testing Report is crucial for MVAA analysts to document findings, recommendations, and remediation strategies, facilitating informed decision-making and enhancing overall cybersecurity resilience.

DoD Cyber Workforce Framework KSATs

This course teaches the specific Knowledge, Skills, Abilities, and Tasks (KSATs) aligned with the DoD Cyber Workforce Framework (DCWF) as outlined in DoD 8140. By focusing on these critical competencies, the course ensures that you develop the essential capabilities required for various cybersecurity roles within the Department of Defense. This alignment not only guarantees that the training is relevant and comprehensive but also that it prepares you to meet the specific operational needs and standards of the DoD cyber workforce.

knowledge

ID	Description
10	Knowledge of application vulnerabilities.
22	Knowledge of computer networking concepts and protocols, and network security methodologies.
92	Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
105	Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
108	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
150	Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
1072	Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
1158	Knowledge of cybersecurity principles.
1159	Knowledge of cyber threats and vulnerabilities.
6900	Knowledge of specific operational impacts of cybersecurity lapses.
6935	Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
6938	Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.
27	Knowledge of cryptography and cryptographic key management concepts.
29	Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
49	Knowledge of host/network access control mechanisms (e.g., access control list).
63	Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
79	Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).
81A	Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
95B	Knowledge of penetration testing principles, tools, and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).
102	Knowledge of programming language structures and logic.
128	Knowledge of systems diagnostic tools and fault identification techniques.
214B	Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
801B	Knowledge of threat and risk assessment.
904	Knowledge of interpreted and compiled computer languages.
991	Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
992C	Knowledge of threat environments (e.g., first generation threat actors, threat activities).
992B	Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
1033	Knowledge of basic system administration, network, and operating system hardening techniques.
1038A	Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.
1069	Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
1141A	Knowledge of an organization’s information classification program and procedures for information compromise.
1142	Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
3150	Knowledge of ethical hacking principles and techniques.
3222	Knowledge of data backup and restoration concepts.
3513	Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.
6210	Knowledge of cloud service models and possible limitations for an incident response.

skills

ID	Description
10A	Skill in conducting application vulnerability assessments.
3B	Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.
27B	Skill in assessing the application of cryptographic standards.
160	Skill in assessing the robustness of security systems and designs.
181A	Skill in detecting host and network based intrusions via intrusion detection technologies.
210	Skill in mimicking threat behaviors.
225A	Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).
226	Skill in the use of social engineering techniques.
897A	Skill in performing impact/risk assessments.
922B	Skill in using network analysis tools, including specialized tools for non-traditional systems and networks (e.g., control systems), to identify vulnerabilities.
6660	Skill in reviewing logs to identify evidence of past intrusions.

abilities

ID	Description
4	Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
102A	Ability to apply programming language structures (e.g., source code review) and logic.
6918	Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

tasks

ID	Description
692	Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
784	Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
411A	Analyze organization’s cybersecurity policies and configurations and evaluate compliance with regulations and organizational directives.
448	Conduct and/or support authorized penetration testing on enterprise network assets.
685A	Maintain deployable cybersecurity audit toolkit (e.g., specialized cyber defense software and hardware) to support cybersecurity audit missions.
939	Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
940B	Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, control system and operational environments, enclave boundary, supporting infrastructure, and applications).
941A	Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Career Outcomes

Our Vulnerability Assessment Analyst course provides comprehensive training in identifying and mitigating security vulnerabilities. Through practical exercises, you will learn to conduct thorough vulnerability assessments, perform risk analyses, and prepare detailed audit reports. Gain hands-on experience with industry-standard tools and techniques for vulnerability scanning and penetration testing. By the end of the course, you will be equipped to protect your organization's IT infrastructure by effectively identifying and addressing security vulnerabilities.

MCSI certifications are highly respected and sought-after credentials in the industry. Earning an MCSI certification is a testament to your knowledge and skillset, and demonstrates your commitment to excellence. The content is cutting-edge, uniquely-designed, and hands-on. Our exercises teach in-demand skills that are immediately applicable in the field.

The certifications are valid indefinitely and do not require any renewal fees. The training is accessible without any time limits.

Syllabus

Training Modules

This course provides you with multiple training modules, each of which is designed to teach you practical skills that can help you solve important cyber problems. Each module offers exercises that will help you build your skills and capabilities.

MVAA-001: Lab setup - 5 exercises
MVAA-101: Automated Scanning for Vulnerabilities - 3 exercises
MVAA-102: Windows Vulnerability Enumeration - 5 exercises
MVAA-103: Vulnerability Assessment and Exploitation on Linux - 8 exercises
MVAA-104: Network Reconnaissance - 5 exercises
MVAA-105: Detecting vulnerabilities Using NMAP - 15 exercises
MVAA-106: Using Metasploit - 13 exercises
MVAA-107: Memory Corruption Vulnerabilities - 7 exercises
MVAA-201: Understanding Web Application Vulnerabilities - 26 exercises
MVAA-202: Command Execution Vulnerabilities in Web Applications - 6 exercises
MVAA-203: Code Injection Vulnerabilities in Web Applications - 4 exercises
MVAA-204: Advanced SQL Injection Vulnerabilities in Web Applications - 4 exercises
MVAA-205: Bypass Improper Protections in Web Applications - 3 exercises
MVAA-301: Phishing and Spear-Phishing: Researching the target - 16 exercises
MVAA-302: Phishing and Spear-Phishing: Setting up the Infrastructure - 12 exercises
MVAA-303: Phishing and Spear-Phishing: Payload Generation - 9 exercises
MVAA-304: Phishing and Spear-Phishing: Payload Delivery - 6 exercises
MVAA-305: Phishing and Spear-Phishing: Setting up the Campaign - 8 exercises
MVAA-401: Documentation and Procedures - 5 exercises
MVAA-402: Developing Custom Tools - 5 exercises

Scenarios

Cyber professionals must be ready for everything. The typical security training strategy, which focuses on individual skills and tools, is insufficient. You must be able to operate as part of a team, see the big picture, and respond swiftly and effectively to unforeseen circumstances. That's why, as part of our training, we use replays of whole cyber missions. Our scenarios help you prepare for the demands of the job and give you confidence in your ability to work professionally.

MVAA-SC-01: Secure Code Reviews - 4 exercises
MVAA-SC-02: Penetration Testing Challenges - 4 exercises
MVAA-SC-03: Operation Mission Impossible - 9 exercises
MVAA-SC-04: Operation Industrial Delta - 10 exercises

⚡ Enroll now with lifetime access for $1295 →

Certifications

MCSI Industry Certifications are important for you to earn because they signify that you have the skills required to work in a cybersecurity. Certificates of Completion are also important to earn because they signify that you have completed an exercise. Earning Certificates of Completion and Industry Certifications demonstrates that you are willing to put in the extra work to be successful.

Student

Obtain CPE points by solving exercises

Achieve multiple certifications

Receive help from instructors online

This certification is aligned with the DoD Cyber Workforce Framework (DoD 8140), ensuring you receive training that meets the standards and competencies required for cybersecurity roles within the Department of Defense. This alignment guarantees that you gain relevant, up-to-date skills and knowledge tailored to the specific needs of the DoD cyber workforce, effectively preparing you to support and secure defense operations.

	Certificate Level	Curriculum Completion Requirement	Scenarios Completion Requirement
MCSI Vulnerability Assessment Analyst (Basic)	Level 1	50%	0%
MCSI Vulnerability Assessment Analyst (Intermediate)	Level 2	75%	50%
MCSI Vulnerability Assessment Analyst (Advanced)	Level 3	95%	100%

Sample Exercises

Below are three (3) exercises from the 100+ exercises available in MCDFA - Certified Cyber Defence Forensics Analyst:

Perform DNS Scans Using Fierce

Exploit An Unrestricted File Upload Vulnerability

Read /Etc/Passwd Using A SQL Injection Vulnerability

Our Instructors

Student exercises are reviewed and graded by multiple instructors. This one-of-a-kind approach allows you to get highly personalized input from a number of successful professionals.

MCSI's teachers bring real-world experience and knowledge to the classroom, ensuring that students have the skills they need to excel in the field of information security. Due to their extensive experience in penetration testing, vulnerability assessment, reverse engineering, incident response, digital forensics, and exploit development, students will understand the most up-to-date defensive and offensive cybersecurity strategies and procedures.

Our instructors are passionate about information security and are always looking to further their own knowledge. Students who attend an MCSI course can be confident that they are learning from some of the best in the business. They can adapt their teaching approaches to match the demands of any student, regardless of their degree of expertise.

The MCSI team strives to provide the most comprehensive and up-to-date cybersecurity training available. Whether you are a seasoned security professional or new to the field, MCSI has a course that will meet your needs.

Receive personalized feedback from cybersecurity experts:

Overcome challenges and hurdles preventing you from advancing your skills

Receive guidance on how to focus your training efforts and avoid wasting time

Learn how to meet the industry's quality standards and produce high-quality work

When you're stuck, go to a support forum or ask inquiries to the instructors right on the platform

Help and Support

24/7 Discord Community

If you're looking for additional support during your studies, consider joining our Discord server. Our community of fellow students and instructors is always available to provide help and answer any questions you may have.

Personalized Support

Your submissions will be reviewed by MCSI instructors, who will provide you with personalized feedback. This input is critical since it can assist you in identifying the areas where you need to enhance your skills. The instructor's feedback will also tell you how well you did an exercise and what you can do to improve your performance even further.

Click here to see an example of personalized feedback.

Our personalized support will take your skills to the next level. Read what a student says about it:

Quick Questions

If you have any questions or need clarification on any of the exercises, MCSI offers a Quick Questions section on each exercise where you can ask for help. This is a great resource to use if you need assistance. This feature is only available for paid courses.

Actively Maintained Course

This course is actively maintained to ensure that it is current and error-free. We want to ensure that you have the best possible experience while taking this course, which includes having access to accurate and current information. This course is also tested for flaws on a regular basis, so you can be sure you're getting a high-quality product.

This course is constantly updated with the support of trustworthy industry peers to ensure that students are acquiring the most up-to-date information and skills. This dedication to staying ahead of the curve is what distinguishes this course as one of the greatest in the market.

Prerequisites

Training Laptop Requirement

This course can be completed on a standard training laptop. To ensure you have the necessary hardware to complete the course, your machine should meet the following specifications:

64-bit Intel i5/i7 2.0+ GHz processor or equivalent
8GB of RAM
Ability to run at least (1) virtual machine using Virtual Box, or an equivalent virtualization software
Windows 10 or later, macOS 10 or later, or Linux
Local administrator privileges

Do you support older operating systems?

Yes. Many of the exercises can be completed on older OS versions. A few of our students are successfully using older equipment to learn cyber security.

Proficiency in the English language

You must have the ability to comfortably read and understand IT documentation written in English. Ideally, they have an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for this course without having undertaken an English test.

Lab Environment

This course teaches you how to setup and configure your own cybersecurity lab.

There are numerous advantages to creating your own cybersecurity lab rather than paying for one. The cost savings are perhaps the most evident benefit. When compared to the expense of licensing a pre-built lab, creating your own lab can save you thousands of dollars. You also have the option of customizing the lab environment to meet your specific requirements. You can, for example, select the hardware and software that will be used in your lab.

Another advantage of setting up your own cybersecurity lab is that it allows you to learn new skills. Building a lab from the ground up necessitates knowledge of networking, system administration, and other technical subjects. This experience is invaluable in your career as a cybersecurity professional.

We frequently see students who can complete a task in a pre-built lab but cannot complete the same task at work. This is because these labs are meant to lessen work complexity, thereby creating an illusion of personal capabilities. It's also worth noting that you'll be expected to set up your own lab to test tools and techniques in the workplace. Employers may give you the resources to set up virtual computers and networks, but it will be up to you to manage the lab environment and maintain your tools.

Finally, you should know that pre-built labs are not commonly licensed by top cybersecurity professionals. They've realized that setting up a lab is simple, efficient, adaptable, cost-effective, and that it sparks creativity. It also nullifies risk of performing unauthorized actions against systems provisioned by a third-party.

Aptitude Test (Optional)

This is an intermediate course. It includes exercises for novices but assumes that they have competent IT skills and a strong understanding of cybersecurity concepts.

Aptitude Test:

If you're not sure if you'll be able to fully enjoy this course, then contact us via email to organize a free aptitude test. This test will determine whether you meet the course's basic baseline criteria. If you've never studied with us before, it will also introduce you to the MCSI Method™.

Why MCSI's Vulnerability Assessment Analyst Certification is World Class

Comprehensive Vulnerability Assessment Training

The MVAA certification equips participants with rigorous training in vulnerability identification, assessment methodologies, and mitigation strategies, preparing them for real-world cybersecurity challenges.

Specialized Focus on Security Assessments

MVAA-certified analysts gain in-depth knowledge of penetration testing, compliance auditing, and security assessments across web applications, software, hosts, and networks, enabling them to conduct thorough evaluations and vulnerability assessments.

Proficiency in Report Drafting and Communication

The MVAA certification emphasizes the development of industry-standard reports that effectively communicate findings, recommendations, and remediation strategies to stakeholders, ensuring clarity and actionable insights from vulnerability assessments.

Enrollment and Fees

Fees

Terms and Conditions

No discounts
No refunds
No transfers
No renewal fees
No hidden fees
No time limits
Exercises must be completed on MCSI's Online Learning Platform
You'll also be charged GST if you live in Australia

Cooling-Off Policy

Received a full refund if you changed your mind about a purchase within 24 hours. No questions asked. Read the full details here.

Don't Buy This Course

Don't buy this course if you think learning cyber security is simple, that it will only take a few hours, that remembering a few concepts from videos and books would be enough, or, that you should be provided with walkthroughs and solutions to practical problems instead of thinking critically for yourself.

Our competitors are misleading you by claiming that their video courses and open-book theoretical certificates will teach you everything you need to know about cyber security. We recommend that you stay away from our courses until you've realized that cybersecurity requires hundreds of hours of training against difficult challenges under the watchful eye of experts encouraging you to improve your weaknesses. Only then will you understand the value of this course and the benefits that the MCSI Method™ can bring to your career. We only want satisfied customers.

When purchasing a course, you acknowledge that you understand and agree with our 100% practical MCSI Method™: no solutions, no walkthroughs, and you're expected to use critical thinking and research to solve the exercises. If you're not sure how this work, try our free version before buying.

How does MCSI Compare?

If you are looking for a certification that will give you an edge in the job market, look no further than MCSI certifications. Thanks to our innovative approach, cybersecurity training is more affordable and effective than traditional methods.

Our pricing is more affordable than our competitors because we have reinvented how cyber training is done online. Our innovative Online Learning Platform is highly effective at teaching cyber security. The platform provides a more engaging and interactive learning experience than traditional methods, which helps students learn and retain skills better. Try the free version and see for yourself.

⚡ Enroll now with lifetime access for $1295 →

Bloom's Taxonomy

Bloom's Taxonomy is a system for categorizing distinct stages of intellectual growth. It is used in education to assist students comprehend and learn material more effectively. MCSI teaches students how to apply, analyze, evaluate, and create at the highest levels of the taxonomy. The majority of our competitors are simply concerned with getting you to remember concepts.

The intellectual developments outlined in Bloom's Taxonomy are directly tied to your capacity to advance in your cyber security career. Employers look for people who can solve challenges that are worth paying for. With us, you'll learn practical skills that are in demand and applicable to a wide range of cyber occupations.

Industry Recognized Skills

MCSI credentials are well-respected around the world, and organisations searching for people with real cyber security abilities seek them out. Obtaining an MCSI certification verifies your understanding of critical cyber security topics as well as your ability to provide real-world results.

The ability of MCSI's training programme to give students with real-world, hands-on experience is unrivalled. Students must conduct their own research and develop their own answers in order to complete our practical exercises, which are meant to give them the skills they need to be successful in the field.

With MCSI, you will build a comprehensive cybersecurity portfolio of your skills as you complete exercises. This portfolio is a powerful tool for displaying your cybersecurity knowledge and abilities. A portfolio, as opposed to typical resumes and paper-based credentials, presents a more thorough summary of your skills and accomplishments.

Students Feedback

Here's what students say about the MCSI Method™ and our Online Learning Platform:

Frequently Asked Questions

What is the MCSI Method™?

Common Questions

Are solutions included in certifications and bundles?
- No. Our method of teaching cyber security consists of challenging you with real-world problem statements that you're expected to research and solve by doing your own research. This is how you'll be expected to work in the field. When you fail an exercise, we provide you with constructive feedback to improve and try again.
Do bundles, training content, or certificates ever expire? Am I expected to buy again in the future?
- Upon purchase, bundles and certificates are permanently unlocked with no recurring or ongoing fees.
Do I need to buy the training and the certification separately?
- No. The price provided covers both. You only pay once.
Do you offer any special offers and discounts?
- We understand that many of our customers may be looking for discounts, and we would love to be able to offer them. However, we do not provide discounts because we believe that our prices are fair and reasonable. We work hard to keep our prices low, and we feel that discounts would be unfair to our other customers. We hope you understand.
If I can't solve the exercise where do I go for help?
- We have an online forum where you can ask questions and our team of professional instructors will help you out.
- Login/Register for MCSI's Online Forum
Who reviews and marks exercises?
- Trained cyber security instructors that work for Mossé Cyber Security Institute.
- MCSI instructors are highly qualified and experienced professionals who are able to teach a variety of topics related to information security. They have the ability to tailor their teaching methods to meet the needs of each student, regardless of their experience level. In addition, they are always up-to-date on the latest trends and developments in information security, which enables them to provide students with the most relevant and current information.
We can't pay via credit card. Can you raise an invoice for wire payment instead?
- Yes. Send us the list of bundles and certifications you want to purchase at [email protected]
Can I access a trial/demo the certification programmes prior to enrolling?
- We provide a free curriculum with 100+ hours practical exercises you can try.
- The Free Curriculum teaches Security Tools, Penetration Testing, Red Teaming, Threat Hunting, Cyber Defence, GRC and Windows Internals.
- Try the Free Curriculum
Do you provide Continuing Professional Education (CPE) credits?
- Yes. Every single exercise offers CPE credits. The number of credits earned depends on the difficulty of the exercise completed. Below are the CPE Credits achieve for an exercise in each difficulty:
- Novice exercises = 1 CPE credits
- Advanced Beginner exercises = 2 CPE credits
- Competent exercises = 5 CPE credits
Do I need to complete an exam to receive MCSI Certification?
- No. MCSI Certifications are completed by solving practical cybersecurity exercises.
Do I need to purchase cybersecurity tools or subscriptions?
- No. Only free or trial versions are used in our exercises. You do not require making any purchases.

More Kind Words from Students

⚡ Enroll now with lifetime access for $1295 →

DO YOU HAVE A QUESTION?

We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to learn hands-on cyber security skills online?

Try 100 hours for free