Cyber Defence

UNSW graphic yellow


This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or


5 days

Delivery mode




Standard price


Defence price


Accelerate your career, learn new skills, and expand your knowledge.

First in Australia for research excellence and impact.

Top 50 in the world. 2020 QS World University Rankings.


This course provides an in-depth understanding of the techniques and policies used in computer and network defence. Cyber defenders learn the strategy and technical skills to protect and harden cyber systems, collect appropriate information through logging, detect-attempted attacks, and respond to intrusions. Numerous cyber defence technologies and their effectiveness are discussed within this framework. This course increases the competency of participants in building cyber resilience within an organisation.

Course content

Day 1: Networking and Threat Modelling

This session kicks off with a comprehensive introduction to Cyber Defence, The Information Environment and Network Centric Operations. Students are introduced to ways of affecting the information environment and approaches to threat modelling, and will be stepped through examples of network attacks.


Situational awareness, Network Collection Value-Chain, Self-Synchronisation, Hardening, Obfuscation, Threat-Detected Protection, Anomaly Detection, Network Attacks.

Day 2: Protection

This session presents the concept of using protection techniques to proactively prevent or minimise the effect of a compromise or breach. Techniques covered include methods listed in the ASD Essential 8, architectural security design and vulnerability scanning.


User Application Hardening, Host-Based Hardening, Minimising Attack Surfaces, Linux Firewalls, Network Segmentation, Demilitarised Zones, LUN Masking, Encryption.

Day 3: Collection and Detection

Students are introduced to collection methods such as the deployment and configuration of sensors, sensor data processing and aggregation for analysis. The session also covers detection strategies, network- and host-based intrusion detection and honeypots.


Network Sensors, Fusion, IOCs and Signatures, Anomaly Detection, Security Onion Architecture, Open Threat Exchange, Honeypots.

Days 4 & 5: Incident Response

These sessions give an overview of orientation and investigation techniques. Students will understand how to make sense of observed information to assess the situation, identify indicators of compromise and the extent of threat activity. We'll also cover how such indicators initiate incident response plans and look at writing, editing and proper formatting of intelligence reports.


Orientation, Investigation, Instigation, Association, Incident Response Planning, Intelligence Reporting.

Please download the Cyber Defence course PDF.

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • conduct threat modelling
  • deploy network and host-based intrusion detection systems to identify malicious actors
  • link malicious indicators of compromise to build an intelligence picture
  • apply NSO theory, methodology and frameworks to innovate defensive techniques
  • provide advice and briefings on threats to both technical and non-technical audiences.

Who should attend

This course is well suited to experienced IT professionals who wish to further specialise in offensive and defensive tactical Cyber Operations.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.