In June 2021, the Department of Defence (Defence) advised the Senate Estimates Committee that Defence is a, ‘target for persistent cyber threats and attacks ranging from issue-motivated individuals and groups, through to nation-state actors and trusted insiders’. (Pearson 2021). MAJGEN Susan Coyle, CSC, DSM has the massive task of increasing the Army’s cyber resilience in the context of Australia’s defence and national security. She speaks to how she intends to do this in, 'Australia’s Defence and National Security: How Defence is Enhancing Australia’s Cyber Resilience', published previously on The Cove.
Noting that cyber attack is a persistent threat, regardless of the phase of conflict we are in, (from soft diplomacy to direct conventional warfare) good cyber hygiene is the responsibility of every soldier and officer in the Australian Army. This cyber security professional development resource list has been developed to support Army’s Information Technology Security Officers and Security Managers (ITSO and ITSM respectively) and those who seek greater knowledge in this aspect of the cyber domain.
The list identifies a number of freely available online courses including cyber security awareness training, intermediate level management courses and courses designed to support professional certification. Each course has been reviewed and a small summary is provided to allow learners to quickly choose the most appropriate resource for their needs.
Some of the awareness resources may also be suitable to include in ongoing unit cyber security training. A specific course has been included that outlines the industry cyber security specialisations for those interested in a future career change, noting similar roles are available within Defence.
The diagram below shows the context of the resource list and depicts the three resource streams, as outlined below the diagram.
- Cyber Security Awareness – This stream provides resources that build upon Defence cyber security awareness training. The aim of the stream is to broaden Army’s cyber security knowledge base and provide resources to support in-unit cyber security training.
- Cyber Security Management – This stream provides resources to enhance and complement Army’s existing ITSO and ITSM training. This stream is focused on providing more of the ‘why’ while the Army ITSO and ITSM course will provide the ‘what’ and ‘how’.
- Cyber Security Gateways – This stream aims to identify courses that will support those individuals who wish to undertake further tertiary level study, including industry certification training in cyber security management. It also provides a resource outlining generic industry cyber security specialisations.
The resources identified within the three streams are in the public domain. A number of the courses will require learners to set up free accounts, as detailed in the course descriptions. Access to the LinkedIn Learning courses will require registration through Defence as follows:
- Registration for free Defence access to LinkedIn Learning can be found by selecting the Campus/Online Academy link on the Defence Intranet (DPN) homepage.
- Once on the Online Academy page, select the 'in Learning’ icon. This will take you to the Defence LinkedIn Learning page.
- On the LinkedIn Learning page select the ‘in Register button’ and follow the instructions from there.
Read on for more information on each resource stream to find out which course is right for you.
1. Cyber Security Awareness
The Cyber Security Awareness stream provides resources to support increased awareness of key cyber security concepts and issues for all Army personnel. Excerpts, videos and linked resources from these course can be used for in-unit cyber awareness training.
The courses have been selected to:
- Enhance and build upon the Defence Cyber Awareness Course.
- Provide resources for use in unit cyber security training
Course length run from 1 to 10 hours.
Cybersecurity in Practice (COVE+)
Log-in to Adele (U), navigate to the Army tab, and then click on the COVE+ icon. The course is part of the Art and Science of War area.
Queensland University of Technology
Beginner Level: up to 10 hours
This course aims to provide foundation cyber security knowledge including concepts, terminology, and history. The course covers the evolution of cyber security; the threat landscape (common attacks), strategies to mitigate threats, and emergent threats (Deepfakes, IoT and State Actors).
Includes a number of workplace focused activities.
Introduction to Cyber Essentials (Public Course)
US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA)
Beginner Level: 1 hour
This public course is based on the DHS CISA guidelines called Cyber Essentials. The course is aimed at managers and leaders of organisations. It addresses the cyber landscape and the essentials required to be cyber ready, discusses a holistic approach to cyber readiness, staff awareness, investment decisions and business resilience.
Contains knowledge checks throughout.
Beginner Level: 6 hours
This is an introductory course that explores a range of foundational material including cyber attackers, motivations, and capabilities; cyberwarfare; attack methods; protecting data and privacy; protecting the organisation; and cyber security career opportunities. The course has an ongoing scenario to demonstrate learning points.
Includes on-line labs, quizzes, exam, and a completion certificate.
Note: This course has some vendor content. Learners will be need to establish a free user account to access this module. Learners should use a non-Defence email address.
2. Cyber Security Management
The Cyber Security Management stream provides supplementary resources for ITSO/ITSM. The courses have been selected to:
- Enhance and complement formal ITSO and ITSM training courses
- Provide a greater depth of knowledge on the foundations of cyber security management and governance
Course length ranges from 30 minutes to 2 hours
Malcolm Shore (Ex Director GCSB NZ)
Intermediate Level: 2 hours
Intermediate level course covering cyber security and risk frameworks; controls (including ASD Essential 8); common cyber threats, (including APT, ransomware, and a brief overview of common threat myths), and management of cyber incidents.
Includes an exam and LinkedIn Learning Completion Certificate.
Note: For free access to LinkedIn Learning see details above.
CISA Foundations of Cyber Security for Managers (Public Course)
US Department of Homeland (DHS) Security, Cybersecurity and Infrastructure Security Agency (CISA)
Intermediate Level: 2 hours
This public course covers cyber security governance topics including frameworks and resource links, cyber threats (actors, controls, mobile devices, and cloud) risk management, incident response basics and risk and strategy planning.
Includes an exam.
Beginner Level: 1.5 hours
This is the first module from the SEC 301 course. This module focuses on the core cyber security principles: least privilege; Authentication, Authorisation, and Accounting (AAA); IR framework (prevent, detect and respond); the CIA ‘triad; backups; patch management; skills of a security practitioner; security roles; the nature of a threat and the goals of a security program.
Note: This is a free course demonstration of the introductory module and not the full SANS course. Learners will be need to establish a free user account to access this module. Learners should use a non-Defence email address.
Intermediate Level: 30 minutes
This module covers core concepts, principles, and methodologies that are foundational to security, compliance, and identity solutions, including Zero-Trust, shared responsibility, and the role of identity providers. The course also covers common threats and attacks, concepts on cloud adoption and encryption and hashing. This is the first module of the Microsoft Certification, Microsoft Security, Compliance, and Identity Fundamentals.
Note: This course has some vendor content.
3. Cyber Security Gateway Resources
The Cyber Security Gateway resources have been selected for those individuals who:
- Wish to develop a deeper level of understanding of cyber and information security.
- Are considering specialising in cyber security.
Accessing these sites will also provide a gateway to a range of more specialised courses/certifications.
These courses run from several weeks to several months and are generally self-paced.
This stream includes an introductory course on common workforce specialisations within the cyber security industry.
Course durations range from under 2 hours up to 5 weeks.
Charles Sturt University
Intermediate Level: 5 weeks
This course is a free short course that covers part of one of the subjects from the CSU IT Masters program. The course consists of four modules, covering cyber security fundamentals, (including threat landscape, policies, and standards), cyber security practice, (including scanning and testing, log monitoring incident response and compliance), strategies, architectures controls and programs, governance and management, maturity models, and managing the senior leadership group.
Includes a 1 hour open book exam and completion certificate. Can be conducted as an in-session or on-demand course. Learners need to register for the course.
Beginner Level: 2 hours
This course describes a number of cyber security roles and is provided to support those who are considering a specialisation or career/trade transfer. These are industry roles, however, have applicability to Defence. The roles covered include Network Administrator, Incident Responder, System Administrator (SysAdmin), Penetration Tester, Cloud Engineer, Cybersecurity Manager, and Privacy Analyst.
Note: Learners will be need to establish a free user account to access this module. Learners should use a non-Defence email address.
Note: Detailed information on Army’s and Defence cyber specialisations and trades can be found at:
The Defence subscription to LinkedIn Learning provides access to a large number of cyber security certification preparation courses. Two of the more applicable certifications for ITSO/M are detailed below.
ISACA – Certified Information Security Manager (CISM) – Focused on leadership and governance for Information Security professionals. There are 4 modules covering each of the CISM domains. Courses are taught by Mike Chapple Associate Teaching Professor University of Notre Dame. Commence with:
ISC2 – Certified Information Systems Security Professional (CISSP) 2021 – An advanced level certification focussed on a wide array of security practices and principles. There are 8 modules covering each of the CISSP topical domains. Courses are taught by Mike Chapple Associate Teaching Professor University of Notre Dame. Commence with:
Note: For free access to LinkedIn Learning see details above.