CBSTP: Certified Banking Security Technology Professional

4 sessions

Dylan Kreutzfeldt


Upcoming Sessions



  • Learn to perform essential cybersecurity functions.
  • Address real-world cybersecurity issues and establish solutions.
  • Become more efficient and effective with your cybersecurity responsibilities.
  • Collaborate with a cybersecurity expert to build material to implement at your institution.


  • Incident Response Procedures
  • System Hardening
  • Mobile Device Management
  • Penetration and Vulnerability Testing
  • Patch Management
  • Social Engineering Testing
  • Perimeter, Network, and Endpoint Security
  • Data Backup and Replication

*MUST HAVE Computer which you can install software on and do basic security testing

If session dates do not work for you, please contact the institute:

Email:, Phone: (605)269-0909

By purchasing this certification, you are hereby agreeing to the policies and procedures of the SBS Institute. Click HERE to read and review.


Module 1 – Information Security Program

Lecture 1 – Overview of Risk Management                   1:52 hours

An overview of Information Security regulations from FFIEC, FDIC, OCC, and Federal Reserve. These resources help build a framework for an information security program that is based on a financial institutions size and complexity. Then we dive into understanding how this program is created based on a risk based approach, both asset based and organizational based risk assessments. Each element of the information security program is discussed in detail, which focus on risk assessment, policy development and it audit.

Lecture 2 – Incident Response Procedures                    1:14 hours

The Incident Response Plan is a key element of the Information Security Program. We divide the discussion up into high level policy requirements, more detailed incident response planning steps, and finally specific procedures as the plan deems necessary. We leverage resources from NIST to build plan comments and focus on emerging cyberthreats such as DDOS, CATO, and Network Compromises.

Module 1 Quiz

Module 2 – Network Security

Lecture 1 – Network Security                                           1:23 hours

This section begins with a basic discussion around defense-in-depth security models or layered control programs. Gaining an understanding of how valuable they are and why they provided added protection. We then analyze the SANS (CIS) TOP 20 controls to build on ideas for layered control programs.

Lecture 2 – Vulnerability Testing                                     0:58 hours

This is a deeper dive into technical assessments such as Vulnerability Assessments, both internally and externally. We also explore the authenticated and unauthenticated models and show common vulnerabilities identified. The CVSS scoring system is analyzed to understand how vulnerabilities are rated by security experts on the 10 scale. Many different types of vulnerability assessment tools are discussed and the Nessus product is demonstrated. Next students get hands on experience conducting a lab MSBA and Nessus, to compare, contrast, and explore the results.

Module 2 Lab – Vulnerability Assessment (Nessus and Microsoft Security Baseline Analyzer)

Module 3 – Perimeter Security

Lecture 1 – Perimeter Security                                        0:53 hours

Defending the perimeter of the network is becoming increasingly more challenging in today’s world as we have more devices, connections, and vendors connecting into our systems. We discuss how to define and establish a network perimeter, from physical security to VPN connections. Knowing the perimeter is essential in protecting the network.

Lecture 2 – Penetration Testing                                       1:06 hours

A detailed comparison of penetration testing and vulnerability assessments is conducted to establish the different applications and value of each. Both assessments are essential tools for regular independent auditing but also for internal continuous monitoring. In Penetration Testing, we look to exploit known vulnerabilities to gain access, more real-world hacking techniques. A basic introduction is given to Kali Linux in the associated lab. They are required to setup a virtual software environment, download Kali, start it up and run some basic tools like NMAP and OpenVas. Detailed vulnerability exploitation is not conducted in this course but is done in the CBEH course.

Lecture 3 – Social Engineering Testing                           0:30 hours

Social Engineering testing, such as phishing assessments, are sometimes bundled with Penetration Testing. We break them out in our discussion to ensure we understand each process unique. Most common methods of social engineering are discussed, including: phishing, physical impersonation, pretexting, unknown media, and dumpster diving. Social engineering is also discussed in both the context of regular independent auditing of people and for internal continuous monitoring and training purposes.

Module 3 Lab – External Network Scans using Kali

Module 4 – Endpoint Security

Lecture 1 – Endpoint Security                                          1:31 hours

Having now discussed network security and perimeter security, we move into the endpoint protection. Discussion covers many areas such as antimalware software, host based intrusion prevention, application whitelisting, password management, active directory, and many more.

Lecture 2 – Data Backup & Replication                          0:57 hours

Data backups have changed significantly in recent years and many new methods of backups and replication are available. We start with discussion on backup tapes and tape rotations, then move into cloud backups, virtual machine replication, and snapshots. We discover advantages and disadvantages of various modules and highlight hot site, warm site, and cold site models for disaster recovery.

Module 4 Lab – Create bootable System Cleaning Toolkit

Module 5 – System Hardening

Lecture 1 – System Hardening                                         1:00 hours

System hardening can be a invaluable process within an organization which focuses on identifying default settings or security features that can be disabled, adjusted, or changed to decrease the attack surface of the organization and increase overall security. We discuss various hardening guidelines available in the industry but focus on those provided by CIS. Students will complete a hardening exercise where they pick a standard and look for those controls on their system or discussed how they would apply those controls and why.

Module 5 Lab – System hardening exercise using CIS Standards

Module 6 – Mobile Devices

Lecture 1 – Mobile Device Management                       1:15 hours

Institutions are finding many ways to increase productivity and provide employees with more mobile solutions to conduct business. Customers are also demanding more products and services that deliver banking activities to mobile platforms. We discuss risks around mobile devices, basic security controls inherent in some devices, and how to automate security with mobile device management solutions. Much of the security knowledge discussed is also useful in education programs with customers around mobile device security.

Module 6 Quiz

Module 7 – Patch Management

Lecture 1 – Patch Management                                       1:06 hours

Many phishing attacks and malicious software attacks attempt to leverage vulnerabilities in software and hardware to further an attack. These vulnerabilities need to be patched or updated on systems regularly. We discussed different approaches to patch management, and testing patches. Patch management programs must expand beyond Microsoft to include all third party products, firewalls, routers, wireless devices, and more.

Module 7 Lab – Patch Management Exercise using Secunia PSI

Module 7 Assignment – CVSS Analysis Exercise


Comprehensive 100 Multiple Choice Exam



{{ vm.helper.t('') }}

01/04/2022 CBSTP
04/05/2022 CBSTP
07/05/2022 CBSTP
10/04/2022 CBSTP

Shopping Cart

Your cart is empty