CY4700 Defensive Cyberspace Operations

This course explores joint doctrine for incident response and threat hunting in defensive cyber operations. It examines real world incidents to understand adversary attack paths in vulnerable Information Technology and Operational Technology networks that include Industrial Control Systems. Students evaluate analytical methods, network hardening, security controls, and automated solutions to halt malicious cyber activity. The course provides demonstrations and labs on industry AI-powered cyber defense platforms. PREREQUISITIES: CY3000 and CS3690; or consent of the instructor.

Prerequisite

CY3000 and CS3690; or consent of the instructor

Lecture Hours

Lab Hours

Offered

Winter and Summer Quarters

Statement Of Course Objectives

The purpose of this course is to provide information and experience in the multiple dimensions of defensive cyberspace operations. The course prepares you to serve as a cyber team leader or in an equivalent service or joint cyber defense related position. Through academic material, lectures, exercises, demonstrations and labs, the course will enhance your knowledge of defensive actions in the cyber domain. Upon completion of the course, you will know how to detect, characterize, fix, contain, and clear malicious cyber activity.

Course Learning Outcomes

Upon completion of this course, the student will be able to:

Analyze adversary attack frameworks to defend against tactics and techniques in real-world military contexts.
Explain how analytic tools are used to emulate and discover adversary malicious cyber activity for incident analysis.
Describe and contrast how security controls and mitigations are used to harden networks and systems.
Assess and critique AI-powered cyber defensive platforms and playbooks integrated with cyber threat intelligence.
Demonstrate the ability to conduct independent research, write informed papers and present a group project on subjects directly related to the topics in the course.