OpenSecurity Logo
asdf
Enterprise Vulnerability Assessment
asdf
Live Session Beginning Thursday, December 5th
In today's rapidly evolving cybersecurity landscape, understanding and operationalizing risk scores is essential to staying ahead of threats. This live workshop will explore the principles behind risk calculation, illustrating why moving beyond precomputed scores is critical for consistent and impactful remediation. Using CVSS and EPSS as focal points, we'll discuss their latest advancements, including CVSS version 4 and EPSS's emerging role in prioritization.

Participants will also engage in an interactive exercise with DefectDojo, an open-source tool by OWASP, applying CVSS and EPSS scores to real-world vulnerabilities.

Join us to enhance your cybersecurity toolkit and turn scores into actionable solutions.
Presenters:
Presenter
Matthew Toussain
Founder
Intermediate Level

Tactical Vulnerability Assessment

Master the art and science of identifying, assessing, and managing vulnerabilities across enterprise environments.

Course Overview

Comprehensive vulnerability assessment training for security professionals

Duration

6 hours

Level

Intermediate

Format

Interactive Labs & Lecture∂

As cyber threats evolve, so must our defense strategies. This course offers streamlined, practical training on vulnerability assessment and management tailored for modern enterprises. Covering key topics such as threat management, vulnerability assessment frameworks, and dynamic security programs, students will gain hands-on experience with industry-standard tools and methodologies.

Designed for security personnel in mid to large-sized organizations, the course emphasizes a holistic approach to vulnerability assessment, focusing on real-world scenarios and the attackers' perspective. Through interactive labs and a comprehensive cyber range, participants will develop the skills necessary to secure enterprise networks and cloud infrastructure against advanced threats.

Key Learning Outcomes

Master these essential skills to become a vulnerability assessment professional

Vulnerability Assessment Fundamentals

Master core concepts and methodologies of enterprise vulnerability assessment

Seven-Phase Assessment Framework

Learn a comprehensive, structured approach to vulnerability management

Threat Intelligence & Modeling

Analyze and apply threat intelligence in your security operations

Industry-Standard Tools

Gain hands-on experience with professional security tools

Transformational Security Programs

Develop strategies to build and manage robust security programs

Real-World Scenarios

Apply your skills through case studies and realistic challenges

Course Schedule
A look at the daily agenda

Day 1: Engagement Planning, Threat Modeling, and Discovery – 3hrs

Lecture and Case Study: Introduction, Engagement Planning, and Equifax – 45min

The class begins with an impact discussion focused on the goals and purposes of Vulnerability Assessment and Management in the context of a critical victim, Equifax. Creating change in our environments, often requires us to communicate the importance of its vulnerabilities.

Lab: Engagement Plan Review – 10min

Students will conduct an interactive quiz-based lab on the Open Security training platform to create a fully scoped tactical engagement plan.

Lecture and Demo: Threat Modeling – 30min

To know what vulnerabilities are possible in your environment it is important to begin by understanding what we have, how much it matters, and who is trying to take it from us.

Lecture: Discovery – 30min

Students will learn holistic approaches to asset identification across multiple information security domains.

Lab: Network and Cloud Discovery – 30min

As we begin active scrutiny of the enterprise, you will learn how to interpret tool output and form a detailed network map.

Case Study: Hybrid-Cloud Ransomware Breach – 30min

A software vendor for ICS management systems was compromised in 2022. This is the true story of an Incident Response performed by Open Security Inc.

Prerequisites & Requirements

As this is a lab-oriented, specialized, and technical course, functional knowledge of information security concepts, technology, and networking is highly recommended.

  • Basic understanding of networking concepts
  • Familiarity with common operating systems (Windows, Linux)
  • Knowledge of fundamental security principles
Detailed Course Curriculum

Expand each section to see detailed topics

Frequently Asked Questions

Ready to Enhance Your Security Skills?

Join us for this immersive vulnerability assessment course and learn to protect your organization from evolving threats.

Who Should Attend
  • Practitioners whose job involves assessing networks and systems to find and remediate vulnerabilities
  • Vulnerability Assessors & Managers
  • Penetration Testers
  • Security personnel with a need to understand, communicate, and vocalize enterprise security risk with industry standard mechanisms
Additional Resources
  • Join the conversation on Discord!
  • Have questions? Contact Us!