Cybersecurity Academy

Curriculum
The Palo Alto Networks Cybersecurity Academy program offers comprehensive courses and
technology to address the educational needs of academic learning institutions globally, including
universities, colleges, and high schools.

Academy curriculum is aligned with the U.S. National Initiative for Cybersecurity Education
(NICE) framework and cybersecurity work roles.

The academic curriculum delivered by our Academy partner institutions helps provide the
knowledge and expertise that prepare their students to be successful as they pursue higher
education and/or cyber careers. Our trusted certifications validate their knowledge of Palo Alto
Networks technology, as well as their ability to prevent cyberattacks and safely enable
applications.

Cybersecurity Academy Curriculum Overview 1

Cybersecurity Survival Guide
• Identify malware types, vulnerabilities, exploits, spamming, and
phishing attacks.
The Cybersecurity Survival Guide, a free PDF e-book, presents • Configure and test a malware analysis security profile.
information to support the entry-level, fundamentals courses listed
• Describe how bots and botnets are used to attack enterprise networks.
below, as well as a glossary of terms and list of figures. This tool is vital in
preparing for the PCCET certification exam (see Certifications section • Explore Zero Trust design principles, architecture, capabilities, and
coming up). implementation.
• Review perimeter network security strategies, policies, models, and

Fundamentals Courses trust boundaries.

• Setup and configure inside, outside, and DMZ security zones on a
Cybersecurity Foundation NGFW.
Students will learn fundamental principles associated with the current
• Create and test an authentication policy on a Next- Generation
cybersecurity landscape, and concepts required to recognize and
firewall.
potentially mitigate attacks against enterprise networks and
missioncritical infrastructure. Students will also learn how to set up and • Review capabilities of the Security Operating Platform and
configure interfaces, security zones, authentication, and policies on a components.
NextGeneration firewall. Ideal for entry-level candidates in the • Explore how to secure the enterprise with NGFW and Cortex ® XDR
cybersecurity workforce, and anyone who participates in internet endpoint protection.
activities. • Discover how to secure the cloud with Prisma® Access, SaaS, and Cloud.

NIST/NICE Alignment and Work Roles • Apply two-factor authentication on the Next-Generation firewall
(NGFW).
• Technical Support Specialist (OM-STS-001)
• Configure the NGFW to allow only trusted applications.
• Work roles: Technical Support Associate; Help Desk Associate
Module 1: Cybersecurity Landscape
Course Objectives Module 2: Cybersecurity Threats
• Discover modern computing trends and application threat vectors. Module 3: Cybersecurity Attack Types
• Configure a network interface and test for connectivity. Module 4: Cybersecurity Design Models
• Identify cloud computing and software-as-a-service (SaaS) application Module 5: Security Operating Platform
challenges. Scope
• Review cybersecurity industry regulations and standards. • Level: Introductory
• Explore recent cyberattacks and their impact on business. • Duration: 2 credits - 30 contact hours
• Review attacker profiles, motivations, and the Cyberattack Lifecycle. • Format: Instructor-Led or Self-Paced
• Recognize high-profile cybersecurity attacks and Advanced Persistent
Threats. Prerequisites
No specific course prerequisites, but students should have basic internet
and application software skills.

Cybersecurity Academy Curriculum Overview 2

Network Security Fundamentals Scope
Students will gain an understanding of the fundamental tenets of • Level: Introductory
network security, and review the general concepts involved in • Duration: 3 credits - 45 contact hours
maintaining a secure network computing environment. Upon successful
• Format: Instructor-Led or Self-Paced
completion of this course, students will be able to describe general
network security concepts and implement basic network security Prerequisites
configuration techniques. Ideal for entry-level candidates in the
Successful completion of the Cybersecurity Foundation course or
cybersecurity work- force, and anyone who participates in internet
comparable experience. Students are expected to have basic internet
activities.
and application software skills.
NIST/NICE Alignment and Work Roles
Cloud Security Fundamentals
• Technical Support Specialist (OM-STS-001) Students will learn basic principles associated with securing the cloud
• Network Operations Specialist (OM-NET-001) and SaaS-based applications through Secure Access Service Edge (SASE)
• Work roles: Technical Support Associate; Help Desk Associate; architecture and understand how to recognize and potentially mitigate
Network Operations Specialist attacks against traditional and hybrid data centers and mission-critical
infrastructure. Students will also learn how to set up and configure
Course Objectives
containers on a Docker bridge network and test container security
• Identify common enterprise network devices. through the use of vulnerability scans and reports. Ideal for entry-level
• Differentiate between routed and routing protocols. candidates in the cybersecurity workforce, and anyone who participates
in internet activities.
• Recognize various types of area networks and topologies.
• Describe the Domain Name System DNS, FQDN, and IoT. NIST/NICE Alignment and Work Roles
• Recognize decimal, binary, and hexadecimal conversion methods.
• Technical Support Specialist (OM-STS-001)
• Describe the structure and fields of IP header, IPV4 and IPV6
addresses. • Network Services (OM-NET-001)
• Subnet an IPV4 Class C addressing scheme and configure IP address on • Work roles: Technical Support Associate; Help Desk Associate;
the firewall. Network Operations Specialist
• Review the four DHCP process messages and Network Address Course Objectives
Translation (NAT).
• Define cloud computing service, deployment, and shared
• Setup the firewall as a DHCP server and test the DHCP client. responsibility models.
• Recognize packet encapsulation and the lifecycle process.
• Describe cloud native technologies including virtual machines,
• Identify protocols and define the OSI and TCP model layers. containers and orchestration, and serverless computing.
• Review the transport layer protocols, ports and packet- filtering
• Identify cloud native security, including Kubernetes® security, DevOps,
procedures.
and DevSecOps, visibility, governance, and compliance challenges.
• Create and analyze packet captures using Wireshark.
• Identify common network security encryption algorithms and key • Create and run Docker bridge network containers in detached and
interactive mode.
management concepts.
• Recognize symmetric/asymmetric key rotation techniques and PKI. • Summarize hybrid data center security design concepts.
• Generate a self-signed root certificate authority (CA) certificate. • Configure and test containers with vulnerability scanning.
• Create a decryption policy on the firewall to decrypt SSH traffic and SSL • Review traditional data center security solution weaknesses.
traffic.
• Investigate east-west and north-south traffic protection methods.
• Describe the benefits of the Next-Generation firewall single- pass
architecture. • Recognize the four pillars of Prisma Cloud.
• Identify the NGFW App-ID™, User-ID™, Content-ID™ and deployment • Describe the layers and capabilities in a Secure Access Service Edge
options. (SASE).
• Explore the five steps required to implement an NGFW Zero Trust
• Review the layers in a Prisma Access architecture solution.
environment.
• Configure the NGFW to monitor, forward, and backup system logs • Demonstrate an understanding of unique SaaS-based security risks.
(Syslog). • Understand how Prisma SaaS protects SaaS-based applications and
data.
Module 1: The Connected Globe
Module 1: Cloud, Virtualization, Storage
Module 2: IP Addressing
Module 2: Cloud Native Security
Module 3: Packet Encapsulation
Module 3: Cloud and Data Center Security
Module 4: Network and Endpoint Security
Module 4: Mobile and Cloud Security
Module 5: Network Security Principles
Module 5: Secure the Cloud (Prisma)

Cybersecurity Academy Curriculum Overview 3

 Scope Prerequisites
• Level: Introductory Successful completion of the Cloud Security Fundamentals course or
• Duration: 2 credits - 30 contact hours comparable experience. Students are expected to have basic internet
and application software skills.
• Format: Instructor-Led or Self-Paced

Prerequisites Secure Access Service Edge – SASE

Successful completion of the Network Security Fundamentals course or Fundamentals
comparable experience. Students are expected to have basic internet
NIST/NICE Alignment and Work Roles
and application software skills.
• Technical Support Specialist (OM-STS-001)
Security Operations Fundamentals
• Network Services (OM-NET-001)
Students will gain an understanding of Security Operations (SecOps) and
the role it plays in protecting our digital way of life for businesses and • Systems Administration (OM-ADM-001)
customers. Students will learn continuous improvement processes to • Work roles: Tech Support Associate; Help Desk Associate; Network
collect high-fidelity intelligence, contextual data, and automated Operations; Systems Administrator
prevention workflows that quickly identify and respond to fast-evolving
threats. They will also learn how to leverage automation to reduce strain This course is designed to introduce students to the fundamental
on analysts and execute the Security Operation Center (SOC) mission to concepts associated with security convergence through a review of
identify, investigate, and mitigate threats. Ideal for entry-level candidates security access service edge (SASE) technologies incorporated with
in the cybersecurity work- force, and anyone who participates in internet Zerotrust network access (ZTNA) and software defined wide area
activities. networking (SD-WAN). Students will learn user and application centric
converged capabilities, managed from the cloud infrastructure, and
NIST/NICE Alignment and Work Roles enforced when and where an enterprise needs them through dynamically
• Threat/Warning Analyst (AN-TWA-001) created, policy-based SASE. Students will also learn how zero trust
networking models are used to replace implicit trust with continuously
• All-Source Analyst (AN-ASA-001)
assessed risk and trust levels.
• Work roles: Cyber Threat Analyst; Data Analyst
Course Objectives
Course Objectives • Define SASE and describe important SASE features and functions.
• Identify key elements of SecOps and describe processes. • Explain 10 or more benefits of a successful SASE implementation.
• Describe the 10 tenets (tools and services) of an effective SASE
• Configure and test log forwarding for traffic analysis investigation and
solution.
response.
• Understand the basic concepts of Zero Trust and Zero Trust Network
• Describe SecOps infrastructure, including security information and
Access - ZTNA.
event management (SIEM), analysis tools, and SOC engineering.
• Explain how the Kipling Model of Zero Trust is used to communicate
• Define security orchestration, automation and response (SOAR) for
the security value of Zero Trust Network Access for business
SecOps.
audiences.
• Recognize the major components of the Cortex XDR deployment • Understand the basic concepts and values of Software-Defined
architecture and explain how it protects end- points from malware and WAN - SDWAN.
exploits.
• Explain how a Secure-Autonomous SD-WAN solution such as Prisma
• Review how Cortex XSOAR automates security response actions. SD-WAN delivers better performance, increased speed, and cost
• Explain how SOC teams can leverage Cortex Data Lake to collect, savings relative to traditional WAN approaches.
integrate, and normalize enterprise security data with advanced • Describe the functionality of Prisma SASE as an application-centric
artificial intelligence (AI) and machine learning. cloud-based security solution.
• Review how Prisma SASE addresses the security challenges for users,
application and data in the hybrid workplace.
Module 1: Elements and Process of SOC
• Explain the integrated components of a Prisma Access SASE solution.
Module 2: CSOC Infrastructure and Automation
Module 3: Advanced Endpoint Protection
Module 1: Introduction to SASE
Module 4: Threat Prevention and Intelligence
Module 2: Basics of Zero Trust
Module 5: Secure the Future (Cortex)
Module 3: Basics of Software-Defined Wide Area Network - SD-WAN
Module 4: Secure the Cloud with Prisma SASE
Scope
Scope
• Level: Introductory • Level: Intermediate
• Duration: 2 credits - 30 contact hours • Duration: 2 credits - 30 contact hours
• Format: Instructor-Led or Self-Paced • Format: Instructor-Led or Self-Paced

Cybersecurity Academy Curriculum Overview 4

Prerequisites Enterprise Security Management
Successful completion of the Cybersecurity Foundation course or The ESM course provides the student with a general understanding of how
comparable experience. Students are expected to have basic internet to install, configure, and manage firewalls for defense of enterprise
and application software skills. security network architecture. Students will learn the configuration and
management steps for setting up the security, networking, accounts,
Intermediate Courses zones, and security policies of next generation firewall technologies.
Enterprise Security Deployment NIST/NICE Alignment and Work Roles
Students will gain a general understanding of how to install, configure,
• Systems Architecture (SP-ARC-002)
and deploy firewalls for the defense of enterprise network architecture.
Students will learn the configuration and deployment steps for setting up • Systems Analysis (OM-ANA-001)
App-ID, WildFire, User-ID, decryption, and logging procedures on next
generation firewall technologies. • Cybersecurity Defense Analysis (PR-CDA-001)
• Cloud Security Management (OV-MGT-001)
NIST/NICE Alignment and Work Roles
• Executive Cyber Leadership (OV-EXL-001)
• Systems Architecture (SP-ARC-001)
• Cybersecurity Defense Infrastructure Support (PR-INF-001) • Work roles: Security Architect; Systems Security Analyst; Cyber Defense
Analyst; Info Systems Security Manager; Executive Cyber Leader
• Systems Administration (OM-ADM-001)
Course Objectives
• Work roles: Enterprise Architect; Cyber Defense; Infrastructure
Support Specialist; Systems Administrator • Review industry leading firewall platforms, architecture, and defense
capability related to zero trust security models and public cloud security.
Course Objectives
• Demonstrate and apply configuration of firewall initial access, interfaces,
• Identify how App-ID reduces the attack surface and configure App-ID and security zones.
based policy rules • Configure and manage virtual routing, filtering, licensing, service routes,
• Describe and configure security, file blocking, and DoS protection software updates, and policy-based forwarding on next generation
profiles to mitigate attacks. firewalls.
• Configure the firewall to block traffic from malicious IP addresses, • Analyze security policy administrative concepts related to source and
domains, and URLs. destination network address translation.
• Describe WildFire deployment options and configure WildFire • Outline and construct security policies to identify known and unknown
updates. application software running on the service network.
• Identify the main components of User-ID and configure user to group
name mapping.
• Describe and configure SSL/TLS forward proxy and inbound inspection Module 1: Security Architecture Planning
decryption. Module 2: Configuring and Managing Firewall Interfaces
• Monitor threat and traffic information using logs, reports and the Module 3: Managing Firewall Administrator Accounts
firewall ACC.
Module 4: Configure and Manage Firewall Security Zones
Module 1: Identify Applications Module 5: Creating and Managing Security Policies
Module 2: Deploy Security Profiles Module 6: Creating and Managing NAT Policy Rules
Module 3: Configure URL Filters
Scope
Module 4: Contain Malware with WildFire
• Level: Intermediate
Module 5: Control Access with User-ID
Module 6: Block Encrypted Traffic Threats • Duration: 2 credits - 30 contact hours

Module 7: Monitor Logs and Develop Reports • Format: Instructor-Led or Self-Paced

Scope
• Level: Intermediate
Prerequisites
• Duration: 2 credits - 30 contact hours
Fundamental understanding of networking and firewall technologies.
• Format: Instructor-Led or Self-Paced
Students are expected to have basic internet and application software
skills.
Prerequisites
Successful completion of the Enterprise Security Management course
or comparable experience with Next Generation Firewall
configurations. Students are expected to have basic internet and
application software skills.

Cybersecurity Academy Curriculum Overview 5

Cloud Security Automation
Students will gain an understanding of securing cloud computing Prerequisites
technologies using an enterprise suite of services such as Prisma Cloud Successful completion of the Cloud Security Fundamentals course or
Compute, with an emphasis on cloud container configurations that comparable experience. Students are expected to have basic internet and
provide visibility and control over the risks associated with cloud and application software skills.
data center deployment. Ideal for intermediate-level candidates in the
cybersecurity workforce, and anyone who participates in internet
activities.
Security Operations Configuration
This course provides the student with an understanding of Development
NIST/NICE Alignment and Work Role Security Operations (DevSecOps), Security Orchestration and Response
(SOAR) and Threat Intelligence including the roles they play in configuring
• Systems Administration (OM-ADM-001)
the SOC for automated protection of enterprise networks and critical
• Work roles: Systems Administrator
infrastructure. Students will implement continuous improvement processes
Course Objectives designed to collect high-fidelity intelligence and contextual data, and to
• Evaluate how cloud-based machine learning aids with anomaly apply automated prevention workflows that quickly identify and respond to
detection. fast evolving and dangerous cyber threats They will also learn how to
leverage automation to reduce strain on analysts and configure the Security
• Explain how cloud security services analyze data security policies and
Operation Center (SOC) to effectively hunt for, identify, and mitigate threats
apply classification.
that circumvent traditional defense mechanisms.
• Identify container security deployment models and DevOps pipeline.
• Compare container vulnerability and compliance management NIST/NICE Alignment and Work Roles
procedures.
• Threat Analysis (AN-TWA-001)
• Evaluate container installation guides and upgrade procedures.
• All-Source Analyst (AN-ASA-001)
• Discover single and cluster container defender installation procedures.
• Describe methods used to monitor containers for vulnerabilities • Cyber Operational Planning (CO-OPL-002)
through image scanning. • Work roles: Threat Analyst; Data Analyst; Cyber Ops Planner
• Review and analyze the container CVE details and top 10 vulnerability • Info Systems Security Manager; Executive Cyber Leader
list.
• Design protection and security best practices for serverless Course Objectives
applications.
• Identify and summarize the key elements of Development, Security, and
• Examine the security enhancements provided by identity- based
microsegmentation. Operations (DevSecOps).

• Review and analyze Identity and Access Management (IAM) - cloud • Discover the Three Pillars of Security Automation: People, Processes, and
security services. Technology.
• Discover container compliance status through scans for Amazon Web • Examine how security orchestration, automation, and response (SOAR)
Services (AWS®) cloud accounts. methods use automation to improve end-to-end business operations
• Describe container monitoring and runtime behavior. cyber posture.
• Describe container model machine learning, patterns, learning states, • Identify and review Security Orchestration and Response Use Cases.
and drips.
• Explain the benefits of Security Operations Configuration and
• Analyze container model details processes, networking, and trust Implementation.
audit details.
• Explore Phishing Playbooks that execute repeatable tasks to identify false
• List the steps required to develop a new container runtime rule.
positives.
• Investigate an incident through compliance, image, snap- shots, and
• Investigate Endpoint Malware Infection and Failed User Login Playbooks.
audit details.
• Evaluate challenges associated with cloud-based identity and • Examine SSL Certificate, Vulnerability, and Endpoint Diagnostics
privileged access management. Playbooks.
• Investigate how Cortex XSOAR automates security response actions.
Module 1: Cloud Security Overview
• Review how Cortex XSOAR automates responses to ransomware and
Module 2: Monitoring Vulnerabilities
phishing attacks.
Module 3: Monitoring Behavior
• Identify how to streamline the aggregation and sharing of threat
Module 4: Maintaining Compliance intelligence.
Module 5: Incident Management
• Examine the top ransomware variant threats across the cybersecurity
Scope landscape.
• Level: Intermediate • For each stage of the Cyber Attack Life Cycle describe how threat
• Duration: 2 credits - 30 contact hours intelligence and adversarial playbooks are utilized to deploy automated
• Format: Instructor-Led or Self-Paced controls and mitigate attacks.

Cybersecurity Academy Curriculum Overview 6

 Module 1: Security Operations (SecOps) Overview • Discover how SaaS Security Posture Management - SSPM - assesses the
Module 2: Security Orchestration and Response (SOAR) security risk and manages the security posture of SaaS applications.
Module 3: XSOAR Threat Intelligence Playbooks • Explain why a converged cloud-delivered Secure Web Gateway / Secure
Access Service Edge implementation is a critical forward-facing
Module 4: Threat Hunting and Intelligence Sharing
requirement for network security.
Scope • Explain how the Autonomous Digital Experience Management add-on for
Prisma Access provides end-to-end visibility and insights for SASE.
• Level: Intermediate
• Describe how ADEM observes connections and collects information from
• Duration: 2 credits - 30 contact hours endpoints.
• Format: Instructor-Led or Self-Paced • Understand how ADEM can remediate end-user digital experience issues
and complications.
Prerequisites
• Evaluate how ADEM 'Synthetic Test' processes measure availability, loss,
Successful completion of the Security Operations Fundamentals course
latency, and jitter.
or comparable experience. Students are expected to have basic internet
and application software skills. Module 1: SASE Review
Module 2: Cloud Access Security Broker (CASB)
Module 3: Cloud Secure Web Gateway (CSWG)
Secure Access Service Edge – SASE
Module 4: Autonomous Digital Experience Management (ADEM)
Architecture
The SASE Architecture course begins with a quick review of SASE
Fundamentals and then focuses on a deeper technical understanding of Scope
SASE technologies including Zero Trust Operations Technology and
• Level: Intermediate
Information Technology, SD-WAN Instant-ON device integration, Next-Gen
Cloud Access Security Brokers - CASB, Cloud Secure Web Gateway - CSWG, • Duration: 2 credits - 30 contact hours
and Autonomous Digital Experience Management - ADEM services.
• Format: Instructor-Led or Self-Paced

NIST/NICE Alignment and Work Roles Prerequisites

• Threat Analysis (AN-TWA-001) Successful completion of the Security Operations Fundamentals course
• All-Source Analyst (AN-ASA-001) or comparable experience. Students are expected to have basic internet
and application software skills.
• Cyber Operational Planning (CO-OPL-002)
• Work roles: Threat Analyst; Data Analyst; Cyber Ops Planner
• Info Systems Security Manager; Executive Cyber Leader
Certifications
Course Objectives

Our industry-leading courseware and professional certifications help

• Identify the ten tenets of an effective SASE solution. validate technical competencies and knowledge of the Palo Alto
• Examine the functions of Zero Trust, including Zero Trust Operations Networks product portfolio. Exams are proctored by the third-party
Technology and Information Technology. testing company Pearson VUE.
• Explain the features and components of Prisma SD-WAN architecture, • Four Cybersecurity Academy Fundamentals courses - Cybersecurity
including Instant-ON device integration. Foundation, Network Security Fundamentals, Cloud Security
• Analyze the benefits and value proposition for implementing SASE Edge Fundamentals and Secure Operations Fundamentals - help the
Security candidate prepare for the Palo Alto Networks Certified Cyber-security
Entry-Level Technician (PCCET) certification. Individuals who pass this
• Evaluate the criteria and processes for securely architecting SASE
exam possess knowledge of the cutting-edge technology available
Networks, Users, Internet, Application Design and Application
today to manage the cyberthreats of tomorrow.
Deployment.
• Explain how Cloud Access Security Broker services help the organization • Cybersecurity Academy intermediate level courses help prepare for
to identify risks and comply with regulations. the Palo Alto Networks Certified Network Security Administrator
(PCNSA) certification. Individuals who pass this exam can operate Palo
• Identify how Next-Gen CASB identifies SaaS/IaaS/web app usage, Alto Networks Next-Generation Firewalls to protect networks from
encryption/tokenization, and SaaS misconfiguration. cutting-edge cyber- threats.
• Analyze how Next-Gen CASB implements real time Machine
• There are dozens of other certifications from Palo Alto Networks at
LearningBased App-ID to secure newly deployed or modified applications.
more advanced levels. Learn more here.
• Identify how SASE architecture integrates a Secure Web Gateway along
with other security services such as FWaaS, DNS Security, Threat
Prevention, DLP, and CASB.

Cybersecurity Academy Curriculum Overview 7

How to Get Started with the
Cybersecurity Academy Courses

To start incorporating the Cybersecurity Academy courses and

technology into your own curriculum, complete and accept the
Application and Agreement. Email any questions you may have to the
Academy team at academy@paloaltonetworks.com.

About This Datasheet

The information provided with this paper that concerns technical or

professional subject matter is for general awareness only, may be
subject to change, and does not constitute legal or professional
advice, nor warranty of fitness for a particular purpose or compliance
with applicable laws.

Cybersecurity Academy Curriculum Overview 8