Content Section

    • Course Title: Cyber Network Defender (Cert)
    • Course Number: 230-25D30 (CP)
    • College: Signal Leader Development College (SLDC)
    • Division: Information Services & Security Division (ISSD)
    • Status Change Date: January 2020
    • Training site: USACCoE&FG, Fort Gordon, GA
    • Length: 14 Weeks 0 Days
    • Managed: Army Training Requirements and Resources System (ATRRS)

    To provide selected Active Component (AC), Reserve Component (RC), and National Guard (NG) Non-Commissioned Officers in grades E6 & E7 from ANY Army Military Occupational Specialty (MOS) with the knowledge, skills, and abilities to perform duties associated with the five Computer Network Defense (CND) specialties (i.e., Infrastructure Support (IS), Analyst (AN), Incident Responder (IR), Auditor (AU) and Manager (MGR)), Information Assurance Technical (IAT) Levels I-III, and Information Assurance Management (IAM) Levels II-III as required by skill level IAW AR 25-2 and DoD 8570.01-M.


    This course provides instruction and allows practical exercises in the Linux operating system, Fundamental Scripting and Programming with PowerShell, Intrusion Analysis, Cybersecurity Fundamentals, Critical Security Controls, Enterprise Defense, Incident Handling, Command Line Tools, Assured Compliance Assessment (ACAS), Host-Based Security System (HBSS), Enterprise Security Manager (ESM), and a Capstone Event.

  • Back to Top  
  • Prerequisites:
    • 96 months Minimum Time in Service
    • MOS immaterial
    • Top Secret w/Sensitive Compartmented Information
    • 105 ASVAB GT Score
    • 105 ASVAB ST Score
    • Student must complete the 25D application process to receive approval (final 25D Acceptance memo) from Office Chief of Signal
  • Special Information:
    • The SEC501, Advanced Security Essentials - Enterprise Defender course leads to a GIAC Certified Enterprise Defender (GCED) certification.
    • The SEC504, Hacker Tools, Techniques, Exploits and Incident Handling course leads to a GIAC Certified Incident Handler (GCIH) certification which is a requirement to hold CND Incident Reporter positions.
    • The SEC566, Implementing and Auditing the Critical Security Controls course leads to a GIAC Certified Critical Controls certification.

    A capstone training event is conducted at the end of the course to assess student learning and to evaluate their ability to perform required MOS specific critical tasks in a simulated field environment.

    • This course is un-phased.
    • The course is structured in modules, lessons, some of which are Commercial off the Shelf (COTS) courses.
    • A - Introduction to Cybersecurity (112 hours)
    • B - Intrusion Analysis (48 hours)
    • C - Defending the Enterprise (80 hours)
    • D - Critical Security Controls (80 hours)
    • E - Incident Handling (80 hours)
    • F - DOD Tools (88 hours)
    • G - CAPSTONE (40 hours)