Federal Cyber Defense Skilling Academy – Cyber Defense Analyst (CDA) Pathway
Learn the Skills of a Cyber Defense Analyst
CISA’s Federal Cyber Defense Skilling Academy provides full-time federal employees an opportunity to focus on professional growth through an intense, full-time, three-month accelerated training program. Those interested in developing foundational cybersecurity skills are encouraged to apply.
All FY24 Cyber Defense Analyst Sessions Are Now Closed.
Continue to check back for future session dates!
The Federal Cyber Defense Skilling Academy – Cyber Defense Analyst (CDA) Pathway
- What is the Cyber Defense Analyst Pathway?
The Skilling Academy’s Cyber Defense Analyst (CDA) Pathway helps full-time federal employees develop their cyber defense skills through training in the baseline knowledge, skills, and abilities of a cyber defense analyst.
Cyber defense analysts use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats.
The CDA Pathway will provide students with foundational cybersecurity knowledge focused on using defensive measures to protect information, information systems, and networks from threats. Some of the topics students will be exposed to include the following:
- Basic Network and Protocol Analysis
- Identifying Common Hacker Techniques, Methods, and Vectors
- Concepts of Intelligence-Based Computer Network Defense
- Incident Detection Response and Handling
Through the CDA Pathway, students will begin to develop the skills required to utilize data gathered from a diverse set of cyber defense tools and analyze events within their environment to mitigate potential cyber threats. It is important to note that these skills serve as a starting point, and additional practice and experience may be necessary for students to fully excel in this work role.
- Who Can Apply?
The Cyber Defense Analyst (CDA) Pathway is designed to be a fast-paced, three-month course. Applicants from all skill levels can apply. Although it is not required, previous exposure to cybersecurity concepts and practices may be beneficial for students to excel in the CDA coursework.
All full-time federal employees, in any job series and any grade or grade equivalent for non-General Schedule (GS) employees, are eligible to apply to CISA's Federal Cyber Defense Skilling Academy. Government contractors are not permitted to participate.
Each session has limited capacity. Applicants should commit to attend, participate, and complete the rigorous, three-month program.
Participants must register using a “.gov/.mil” email address.
Visit the National Initiative for Cybersecurity Careers and Studies (NICCS) website for comprehensive information on cyber defense analysis.
- Participation Expectations
While in the Skilling Academy, students must abide by the requirements stated below, as agreed to in the Supervisor and Applicant Agreement and Approval Form. Please note, there are very limited exceptions to these requirements.
- The applicant is currently a full-time federal employee within the United States Government.
- The Skilling Academy will be the student's sole focus for the 40-hour, full-time work week during the entire three-month duration of the course.
- Students will refrain from conducting activities associated with their regular duty assignment, including, but not limited to, meetings, calls, and work deliverables.
- Depending on agency requirements, accepted students may be required to complete an SF-182 to receive approval from their organization to attend the Skilling Academy. Applicants should discuss the requirements of the Skilling Academy with their supervisor to ensure session requirements can be fulfilled. Applicants are responsible for working with their supervisor to confirm compliance with their home agency’s policies, to include any necessary timekeeping to ensure salary payments from their home agency are not interrupted.
- During the Skilling Academy’s instruction periods, students will be required to be on camera and in business casual attire for every class.
- Due to the rigorous and fast-paced cadence of the course, the Skilling Academy strongly advises students against taking scheduled leave during the course. If a student accrues eight unexcused absences or does not finish 20% of the labs in the Skilling Academy, they will be marked as incomplete and will not graduate from the program. Students may, however, apply to future sessions.
- Sick leave and emergency personal leave are permitted; however, it is the student’s responsibility to make up any missed class content as soon as possible.
- To ensure students do not fall behind, missed instruction days and lab work must be made up by accessing class recordings and self-study materials. Class recordings are available for two weeks after each session.
- If a student fails to complete the required work assigned in the allotted class time, the student agrees to complete the required work as soon as possible.
- If a student decides to withdraw from the session after the start date, a formal withdrawal form signed by the student’s supervisor will be required.
- To fully participate in the Skilling Academy, students must have access to the following hardware and software requirements:
Minimum Configuration Requirements
- Personal or GFE laptop* or desktop computer with Windows 10 or newer
- Speakers or headset
- Camera
- Microphone
- Internet bandwidth: 10 Mbps
- CPU: 1.1 GHz, Dual Core
- RAM: 4.0 GB
- Browser: IE, Edge, Chrome, Firefox, Safari
- Apps: MS Teams
- Email: Access to federal government email account
*If you do not have a GFE laptop or desktop, you may be able to access your federal government email account and MS Teams account through another means. Contact your agency’s IT Service Desk for more information on accessing your federal email through non-GFE devices.
Recommended Configuration Requirements
- Internet bandwidth: 50+ Mbps
- CPU: 2.0 GHz, Quad Core or better
- RAM: 8.0+ GB
- Secondary monitor
- Sample Class Schedule
Below is a sample schedule of a typical day during the program. All students must join virtually Monday through Friday from 8 a.m. to 5 p.m. ET, excluding federal holidays. Students will not be able to maintain their alternative work schedule during the program. Students will return to their regular duty assignment during breaks unless the home agency has approved leave.
Time Event 8:00 AM - 8:10 AM ET Review daily agenda, answer any questions 8:10 AM - 10:00 AM ET Lectures 10:00 AM - 12:00 PM ET Lab time 12:00 PM - 1:00 PM ET Lunch break 1:00 PM - 2:30 PM ET Lectures 2:30 PM - 4:50 PM ET Lab time or self-study 4:50 PM - 5:00 PM ET Wrap up for the day *10-minute breaks will be given approximately every hour.
What Students Learn
Cyber Defense Analyst (CDA) Pathway coursework is mapped to the NICE Workforce Framework for Cybersecurity (NICE Framework) and provides valuable hands-on experience to practice CDA skills in a lab environment. As an added incentive, students receive CompTIA’s Security+ training and a voucher to take the certification exam. The CDA Pathway includes the following instructor-led modules:
- FIT – Fundamentals of IT
This module provides a comprehensive overview of key information technology (IT) concepts and technologies. It covers essential topics, such as computer hardware, software, networking, cybersecurity, and basic IT problem-solving strategies. This module is ideal for beginners in the IT field, offering foundational knowledge that serves as a steppingstone to more advanced IT studies and certifications.
- WIN100 – Windows Familiarization
This module introduces the fundamental concepts of Windows operating systems (OSs) to beginning and intermediate-level users. It covers essential topics, such as navigation, configuration, system management, file and folder operations, and basic troubleshooting within the Windows environment. This module aims to equip students with the skills and confidence needed to efficiently operate and maintain Windows OSs in personal or professional settings.
- LNX100 – Fundamentals of Linux
This module teaches basic Linux command line usage and filesystem structure; how to configure, evaluate, and troubleshoot common management services used on today’s Linux systems; and how to configure and test a Linux-based firewall. Linux system administrators are often responsible for managing systems that contain critical or sensitive data and infrastructure. The ability to manage Linux systems securely and effectively is paramount to any IT security job role. Completion of this module prepares students to handle the basic requisite tasks associated with configuring, managing, and troubleshooting Linux management tools, services, and firewalls.
- NET200 – Basic Networking and Protocol Analysis
This module focuses on traffic analysis and concepts of creating defensive measures based on analyst findings. This module covers collection of network traffic, analysis of individual packets, and setup and configuration of open-source intrusion detection systems (IDSs). Additionally, the procedures required for network exploitation analysts to implement traffic statistics are covered.
- CompTIA Security + Course and Certification
The CompTIA Security+ training module teaches security basics and prepares students for the CompTIA Security+ certification exam. This module covers many vendor-neutral topics, including different types of threats and attacks, networking technologies and tools, secure design and architecture, identity and access management, risk assessment and management, and cryptography and public key infrastructure. These topics are covered from a ground-up perspective so that even inexperienced students will be able to follow along.
- OPS300 – Concepts of Intelligence-Based Computer Network Defense
This module introduces students to traditional incident response and covers enterprise network defense with tools such as anti-virus software and intrusion detection systems (IDSs). It focuses on vulnerabilities; however, some threat actor goals and increased sophistication have rendered this insufficient. These threats, including advanced persistent threats (APTs), are prepared to conduct multiyear intrusion campaigns and use advanced tools and techniques to defeat most conventional computer network defenses.
- TA300 – Threat Analysis 1 – Correlating Attacks, Advanced Data Analytics
This module covers the analysis and management of systems, network, and security logs, and introduces incident handling alerting. Alert correlation is a process that analyzes alerts that are produced by one or more intrusion detection systems (IDSs) and provide a more concise high-level view of occurring or attempted intrusions. The correlation process is carried out by several components, each of which has a specific goal.
- TA400 – Threat Analysis 2 – Hacker Techniques, Methods, Vectors
This module covers common hacker tactics and strategies so analysts will be better prepared to detect and respond to malicious threats.
- IH300 – Incident Detection Response & Handling
This module provides training on incident detection, response, and handling basics for tracking malware and malicious activity throughout a network.
- PYH200 – Python for Security Professionals
This entry-level module is designed for security professionals who want to use Python to learn how to automate processes and build specialized tools. This module introduces students to basic code development using Python.
- CYBRScore Final Assessment – Cyber Defense Analyst
The CYBRScore® Cyber Defense Analyst Skills Assessments are designed to provide a quantitative measurement of performance using practical, hands-on scenarios to evaluate job-role competencies and knowledge, skills, and abilities (KSAs) defined by the NICE Workforce Framework for Cybersecurity (NICE Framework). Topics include protocol analysis, intrusion detection, incident handling methodology, network defense analysis, and network attack analysis. The assessment details an overall score with individual skill breakdown and provides targeted recommendations for training to improve the skill areas that need augmentation.
Upcoming Sessions
Information about upcoming courses and schedules will be announced in FY25.
Frequently Asked Questions
Have questions? Learn everything you need to know and more about the Federal Cyber Defense Skilling Academy by reading the FAQs below.
How To Apply
Apply for the Skilling Academy in two simple steps:
- Complete the application package - The application package consists of a Federal Resume, Statement of Interest and Supervisor and Applicant Agreement Form.
- Submit the Completed application package - Submit your application package through your federal government email address.
Please review the FAQs before applying.
Contact Us
Need more information?
Contact the Skilling Academy Team by emailing SkillingAcademy@cisa.dhs.gov. Emails are typically responded to within three business days.
Federal Cyber Defense Skilling Academy Privacy Act Statement
Authority: 5 U.S.C. § 301, 44 U.S.C. § 3101, and 6 U.S.C. 652(c)(11) authorize the collection of this information.
Purpose: The information gathered will be used to establish the federal applicant's eligibility for the Federal Cyber Defense Skilling Academy, and if selected to participate in the program, create a Cyberworld Institute (CWI) and COMTECH Corp. account, contact students about opportunities for cyber security training, and provide information about the classes offered by the Skilling Academy.
Routine Uses: Information collected may be disclosed as generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act of 1974, as amended. This includes using the information as necessary and authorized by the routine uses published in DHS/All-003 Department of Homeland Security General Training Records, November 25, 2008, 73 FR 71656 and DHS/ALL-004 General Information Technology Access Account Records System (GITAARS), November 27, 2012, 77 FR 70792. If accepted into the program, names and email addresses will be disclosed to Cyberworld Institute (CWI) and COMTECH Corp. to allow access to the learning content.
Disclosure: Providing this information is voluntary. However, failure to provide this information may prevent CISA from deciding applicant eligibility, creating a Cyberworld Institute (CWI) and COMTECH Corp. Cyberworld Institute (CWI) and COMTECH Corp. account if selected to participate in the program and contacting you in the event there are queries about your request or registration.