Courses
Courses, workshops, and seminars help transition SEI technology and research to the broader community, disseminating recent advances relevant to our mission.
Knowledge and Techniques That You Can Apply Today
SEI courses, workshops, and seminars are created and delivered by recognized experts who have practical experience in the disciplines they teach. Our courses feature hands-on tasks and real-world scenarios. In just a matter of days, you’ll be more informed and ready to perform at a higher level.
Professional Development and Workforce Development
Whether you want to learn at your own pace online, experience the networking opportunities of our classroom facilities, or develop your workforce by bringing our instructors on-site, SEI courses give you the tools you need to create and maintain software, systems, and organizations that are efficient, secure, and reliable. Organizations can help their workforce gain competencies in software development, software acquisition, and cybersecurity.
Delivery Modes
Classroom
The SEI has training facilities in its offices in Pittsburgh, Pennsylvania, and Arlington, Virginia.
Course List
-
Acquisition Essentials for Software-Reliant Systems
Acquisition
The challenges and failures of software development and acquisition of software-reliant systems have been well documented. There are many reasons software-reliant acquisitions fail, including unrealistic estimates, overly ambitious requirements, and inadequate software engineering and testing. This hour-long course is part of a series of...
Learn More -
Assessing Information Security Risk Using the OCTAVE Approach - eLearning
Risk Assessment & Insider Threat
In this 11 module, online course participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method. The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context....
Learn More -
Building an Insider Threat Program
Risk Assessment & Insider Threat
This seven (7) hour online course provides a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program. This training is based upon the...
Learn More -
CERT Certificate in Digital Forensics
Incident Handling
In today's networked world, it is essential for system and network administrators to understand the fundamental areas and the major issues in computer forensics. Knowledgeable first responders apply good forensic practices to routine administrative procedures and alert verification, and know how routine actions can adversely affect the forensic...
Learn More -
CERT Cybersecurity Engineering and Software Assurance Professional Certificate
Network & Software Security
Software-reliant systems are acquired, built, deployed, and maintained through a coordinated set of activities referred to as a lifecycle. When implementing software-reliant systems, desired capabilities and performance parameters have historically received much more attention-and funding-than requirements for quality attributes. Yet quality...
Learn More -
CERT Cybersecurity Leadership Examination
Risk Assessment & Insider Threat
The CERT Cybersecurity Leadership Examination objectively assesses the student's understanding of cybersecurity principles that reflect basic awareness and knowledge of cybersecurity within the context of a business organization and from the perspective of organizational leadership. The examination is administered online. Learners can begin the...
Learn More -
CERT Secure Coding in C and C++ Professional Certificate
Network & Software Security
The CERT Secure Coding in C and C++ Professional Certificate provides software developers with practical instruction based upon the CERT Secure Coding Standards. The CERT Secure Coding Standards have been curated from the contribution of 1900+ experts for the C and C++ programming language. The CERT Secure Coding team teaches the essentials of...
Learn More -
CERT Secure Coding in Java Professional Certificate
Network & Software Security
The CERT Secure Coding in Java Professional Certificate provides software developers with practical instruction based upon the CERT Secure Coding Standards. The CERT Secure Coding team teaches the essentials of designing and developing secure software in Java. Completion of this Professional Certificate will enable software developers to increase...
Learn More -
Cyber Intelligence for Decision Makers
Risk Assessment & Insider Threat
With the rapidly changing nature of cyber threats and high-profile exploitations of vulnerabilities, organizations are recognizing the need to address the systemic analytical challenges of cyber intelligence. This course presents a non-technical approach to cyber intelligence for organizational managers and decision makers. It explains the...
Learn More -
Documenting Software Architectures - eLearning
Software Architecture
Software architecture has become a widely accepted conceptual basis for the development of nontrivial software in all application areas and by organizations of all sizes. However, the treatment of architecture to date has largely concentrated on its design and, to a lesser extent, its validation. Effectively documenting an architecture is as...
Learn More -
Examination of Software Architecture: Principles and Practices
Software Architecture
To ensure continued excellence in software architecture practices, the SEI objectively validates a student's understanding of software architecture before students are eligible to receive professional certificates in software architecture or become certified to lead SEI Authorized ATAM evaluations. This includes understanding of enterprise,...
Learn More -
Insider Threat Awareness Training
Risk Assessment & Insider Threat
This one hour course provides a basic understanding of insider threats within an organization and what employees should be aware of in their responsibilities to protect an organization's critical assets. This course explains how your work can be affected and how you can be targeted by Insider Threats. This training is based upon the research of...
Learn More -
Insider Threat Program Manager Certificate Examination
Risk Assessment & Insider Threat
To ensure continued excellence in Insider Threat program development, implementation, and operation, the SEI objectively validates the student's understanding and eligibility to receive the Insider Threat Program Manager (ITPM) Certificate. The certificate exam evaluates the student's comprehension of insider threat planning, identification and...
Learn More -
Insider Threat Vulnerability Assessor Certificate Examination
Risk Assessment & Insider Threat
To insure the ability of a candidate assessor to identify and manage insider threat risk within organizations, the Insider Threat Vulnerability Assessor (ITVA) Certificate Examination evaluates a candidate assessor's comprehension of the CERT insider threat assessment methodology. The Insider Threat Vulnerability Assessor Certificate Examination...
Learn More -
Managing Technical Debt of Software - eLearning
Software Architecture
Technical debt occurs when a design or construction approach is taken that is expedient in the short term, but increases complexity and cost in the long term. In the course Managing Technical Debt of Software, the concept of technical debt is examined from multiple perspectives, including how it manifests, accumulates, and impacts the enterprise....
Learn More -
Modeling System Architectures Using the Architecture Analysis and Design Language (AADL) - eLearning
Software Architecture
Modeling and validating quality attributes for real-time, embedded systems is often done with low-fidelity software models and disjointed architectural specifications by various engineers using their own specialized notations. These models are typically not maintained or analyzed throughout the lifecycle, making it difficult to predict the impact...
Learn More -
Overview of Insider Threat Concepts and Activities
Risk Assessment & Insider Threat
This three (3) hour online course provides a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches how to recognize both technical and behavioral indicators and outlines mitigation strategies. This instruction is based upon the research of the CERT National Insider Threat Center (NITC) of the...
Learn More -
Secure DevOps Process and Implementation
Network & Software Security
This 4.5 hour virtual, asynchronous course is designed for managers, developers and operational teams to offer a comprehensive training on DevOps principles and process, and to identify techniques for project planning, development, and deployment from start to finish. Specifically, this course will expose attendees to reference architectures and...
Learn More -
Software Architecture: Principles and Practices - eLearning
Software Architecture
Although the term software architecture is used frequently in today's software industry, its meaning is not universally understood. In this course we answer these questions What is software architecture? How do you use software architectures in practice? What does a software architect do for an organization? What value does software architecture...
Learn More -
Software Product Lines - eLearning
Software Product Lines
A software product line is a set of software-reliant systems that share a common, managed set of features satisfying a particular market or mission area, and are built from a common set of core assets in a prescribed way. Producing a set of related products as a product line has allowed organizations to achieve increased quality and...
Learn More -
Twenty Questions to Assess Your Program's Chances of Success
Acquisition Risk Assessment & Insider Threat
This online course introduces risk management concepts and explains the 20 key drivers that compose the SEI risk-based method for assessing complex projects, the Mission Diagnostic Protocol. This course explains what these drivers are and how the assessment of a program using the drivers creates a profile of a program's chances of success. This...
Learn More -
DevSecOps Process and Implementation
2.5 Network & Software Security
DevOps is a set of software development principles that emphasize collaboration, communication, and automation among all stakeholders, including IT operations, testers, developers, customers, and security personnel at the inception of a project. A variety of tools help stakeholders collaborate and communicate. Automation is a greater challenge....
Learn More -
Enterprise Information Security for Technical Staff
4 Network & Software Security
This four-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. The course provides a technical foundation for working with TCP/IP security and cryptography. The course...
Learn More -
Hands-on Threat Detection and Hunt
4 Network & Software Security
This four day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Cybersecurity topics such as network monitoring, intrusion detection and response, digital forensics, and threat hunting will offer a comprehensive defense-in-depth experience....
Learn More -
Secure Coding in C and C++
4 Network & Software Security
Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code...
Learn More -
Secure Coding in Java
4 Network & Software Security
Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in Java programming. This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is...
Learn More -
Effective Cybersecurity Operations
2 Incident Handling
This two-day course provides an overview of security operations structures, functions, and activities. It describes general good practices and processes for effective and resilient operations. The course discusses how to effectively manage and operate a security operations center and provide a framework to mature the operations over time. The...
Learn More -
Foundations of Incident Management
4 Incident Handling
This four-day course provides foundational knowledge for those in security-related roles who need to understand the functions of an incident management capability and how best to perform those functions. It is recommended for those new to incident handling or security operations work. The course provides an introduction to the basic concepts and...
Learn More -
Thinking Like an Analyst
1 Incident Handling
This tutorial introduces the basic skills necessary to be an effective cyber analyst. The central focus is analytical acumen, or "how to think." Practical application of portions of the analytic process will be interspersed throughout the presentation, building around a scenario of a company at risk while conducting IT business...
Learn More -
AADL in Practice Workshop
Software Architecture
The AADL in Practice Workshop combines AADL training and an AADL modeling workshop to provide practical knowledge as well as an opportunity to practice skills in a realistic setting. This Workshop will transfer expertise to participants through an effective combination of training and mentoring during practice. Organizations seeking to increase...
Learn More -
ATAM Evaluator Training
2 Software Architecture
Most complex software systems must be modifiable and perform well. They might also need to be secure, interoperable, portable, and reliable. But What precisely do quality attributes such as modifiability, security, performance, and reliability mean? Can a system be analyzed to determine whether it has certain desired qualities? How soon can such...
Learn More -
Design Guidelines and Patterns for Microservices
2 Software Architecture
In modern service-based solutions, services are developed and deployed as microservices. Microservice development involves countless technology and design choices, including industry standards, frameworks, design patterns, integration approaches, middleware products, and tools. And it is a moving landscape-new ideas and products for services and...
Learn More -
Designing Modern Service-Based Systems
1 Software Architecture
From a buzzword in the early 2000s, service-oriented architecture (SOA) has evolved into an established paradigm for developing distributed software systems. But SOA today has a different face. Microservices, API gateways, REST constraints, and event-driven messaging are just some of the design concepts that developers of modern service-based...
Learn More -
Documenting Software Architectures
4 Software Architecture
Software architecture has become a widely accepted conceptual basis for the development of nontrivial software in all application areas and by organizations of all sizes. However, the treatment of architecture to date has largely concentrated on its design and, to a lesser extent, its validation. Effectively documenting an architecture is as...
Learn More -
Managing Technical Debt of Software
1 Software Architecture
Technical debt occurs when a design or construction approach is taken that's expedient in the short term, but increases complexity and cost in the long term. In the course Managing Technical Debt of Software, the concept of technical debt is examined from multiple perspectives, including how it manifests, accumulates, and impacts the software...
Learn More -
Modeling System Architectures Using the Architecture Analysis and Design Language (AADL)
4 Software Architecture
Modeling and validating of quality attributes for real-time, embedded systems is often done with low-fidelity software models and disjointed architectural specifications by various engineers using their own specialized notations. These models are typically not maintained or documented throughout the life cycle, making it difficult to predict the...
Learn More -
Software Architecture Design and Analysis
4 Software Architecture
A system's software architecture is widely regarded as one of the most important software artifacts. Software professionals routinely make decisions that impact that architecture, yet many times that impact is not fully considered or well understood. Which design decisions will lead to a software architecture that successfully addresses the...
Learn More -
Software Architecture: Principles and Practices
4 Software Architecture
Although the term software architecture is used frequently in today's software industry, its meaning is not universally understood. What is software architecture? How do you use software architectures in practice? What does a software architect do for an organization? What value does software architecture provide? This course introduces the...
Learn More -
Cybersecurity Oversight for the Business Executive
Risk Assessment & Insider Threat
This course examines the dynamic intersection of business and technology over the course of an immersive 2-days. Targeted towards today's business executive, the courseware explores the pressing reality that cybersecurity is a business imperative and an enterprise-wide risk that spans all operations. The course provides background and context...
Learn More -
Insider Threat Analyst
3 Risk Assessment & Insider Threat
This 3-day classroom course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. It discusses various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability. This training is based...
Learn More -
Insider Threat Program Evaluator
3 Risk Assessment & Insider Threat
This three-day, instructor-led, classroom-based course presents strategies for measuring and evaluating an operational insider threat program within an organization. Using scenario-based exercises, this course takes participants through the steps to conduct an insider threat program evaluation. This training is for insider threat program managers,...
Learn More -
Insider Threat Program Evaluator (ITPE) Certificate Package
Risk Assessment & Insider Threat
Students who wish to purchase the certificate program package (two eLearning courses, classroom course, certificate exam) will receive a discount from the total cost. The program packages correspond with scheduled classroom course dates, so select the program package that best meets your scheduling needs. The Insider Threat Program Evaluator...
Learn More -
Insider Threat Program Evaluator Certificate Examination
Risk Assessment & Insider Threat
To insure the ability of a candidate evaluator to reduce exposure to insider risk and to strengthen insider threat programs within organizations, the Insider Threat Program Evaluator (ITPE) Certificate Examination evaluates a candidate evaluator's comprehension of the CERT insider threat program evaluation methodology. The Insider Threat Program...
Learn More -
Insider Threat Program Manager (ITPM) Certificate Package
Risk Assessment & Insider Threat
Students who wish to purchase the certificate program package (two eLearning courses, classroom course, certificate exam) will receive a discount from the total cost. The program packages correspond with scheduled classroom course dates, so select the program package that best meets your scheduling needs. The Insider Threat Program Manager...
Learn More -
Insider Threat Program Manager: Implementation and Operation
3 Risk Assessment & Insider Threat
This three day course builds upon the initial concepts presented in the prerequisite courses Overview of Insider Threat Concepts and Activities and Building an Insider Threat Program. The course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods...
Learn More -
Insider Threat Vulnerability Assessor (ITVA) Certificate Package
Risk Assessment & Insider Threat
Students who wish to purchase the certificate program package (two eLearning courses, classroom course, certificate exam) will receive a discount from the total cost. The program packages correspond with scheduled classroom course dates, so select the program package that best meets your scheduling needs. The Insider Threat Program Manager...
Learn More -
Insider Threat Vulnerability Assessor Training
3 Risk Assessment & Insider Threat
This 3-day course develops the skills and competencies necessary to perform an insider threat vulnerability assessment of an organization. This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching the insider threat problem since 2001 in...
Learn More -
Measuring What Matters: Security Metrics Workshop
1 Measurement & Analysis Risk Assessment & Insider Threat
It is critical to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD) and the latest attack;...
Learn More -
OCTAVE FORTE: Connecting the Board Room to Cyber Risk
2 Risk Assessment & Insider Threat
Organizations need an adaptable and agile process that allow executives to have a real-time view of cyber risks. To address this challenge, the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process has been assisting organizations to assess their technical risks for the better part of two decades, and the SEI has...
Learn More -
System Assessment and Authorization Process
2 Risk Assessment & Insider Threat
This two-day course introduces the NIST Risk Management Framework (RMF) process for system assessment and authorization. The RMF is the cybersecurity framework mandated for Federal Government departments and agencies, including the U.S. Department of Defense (DoD). Like other NIST guidance, the RMF is also used by organizations outside of the...
Learn More -
Agile in Government: Practical Considerations
2 Acquisition
This 1-2 day live-delivery tutorial enables attendees to understand basic Agile concepts that developers use, but primarily focuses on introducing the interactions that government program offices can and should have with developers (either organic or contracted) who are using Agile methods to develop government systems. A combination of lecture,...
Learn More -
Agile Virtual Schoolhouse
Acquisition
Learning is a key enabler of a successful organizational transformation. Introducing Agile knowledge to key staff can build a shared understanding and alignment in challenging, highly regulated environments. This training channel leverages best of breed resources with SEI subject matter expertise in a flexible online format for virtual and remote...
Learn More -
Leading SAFe/Agile in Government
3 Acquisition
This 3 day live-delivery course enables attendees to understand basic Agile and lean concepts that developers use, but primarily focuses on introducing the interactions that government program offices can and should have with developers (either organic or contracted) who are using Agile team methods and the Scaled Agile Framework scaling approach...
Learn More -
Advanced Topics in Incident Handling
4 Incident Handling
This four-day course, designed for computer security incident response team (CSIRT) and security operations center (SOC) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks. Building on the methods and tools...
Learn More -
Assessing Information Security Risk Using the OCTAVE Approach
3 Risk Assessment & Insider Threat
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method. The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context. Risks...
Learn More -
CERT-Certified Computer Security Incident Handler Qualification Examination
Incident Handling
This examination is designed to demonstrate that cyber-security professionals have sufficient knowledge and skill in key areas to successfully conduct network security...
Learn More -
Creating a Computer Security Incident Response Team
1 Incident Handling
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can...
Learn More -
Introduction to the CERT Resilience Management Model
2 Risk Assessment & Insider Threat
This two-day course introduces a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM) v1.2 Resilience Management Model (CERT-RMM) v1.2. CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help...
Learn More -
Managing Computer Security Incident Response Teams
3 Incident Handling
This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with...
Learn More -
Security Requirements Engineering Using the SQUARE Method
1 Network & Software Security
Through the SQUARE project, CERT researchers have developed an end-to-end process for security requirements engineering to help organizations build security into the early stages of the production life cycle. The SQUARE methodology consists of nine steps that generate a final deliverable of categorized and prioritized security requirements. This...
Learn More -
Software Assurance Methods in Support of Cyber Security
1 Network & Software Security
This workshop is focused on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. The purpose of this course is to expose managers, engineers, and acquirers to concepts and resources available now for their use to address software security assurance across the...
Learn More -
Agile Adoption Readiness and Fit Workshop
2 Acquisition
When adopting new governance practices, leaders often find mismatches between assumptions and the realities within their organizations. This 2-day workshop leverages the SEI Readiness and Fit Analysis (RFA) technique to help people involved in systems of systems from all levels of the enterprise-senior leaders, policy makers, program managers,...
Learn More -
Agile in Government: Concepts for Senior Executives
0.5 Acquisition
This 2-4 hour tutorial is designed for a small group of senior executives in a program or enterprise who are contemplating or are already in progress with adoption of Agile approaches in the organization within their purview. The tutorial includes the opportunity for discussion about practical application of concepts at the executive...
Learn More -
Overview of Creating and Managing CSIRTs
1 Incident Handling
This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT). The course will explore the relationship between...
Learn More -
Vulnerability Response Capability Development
1 Network & Software Security
This one-day course is designed for managers and project leaders who are trying to respond to vulnerabilities reported in their products. This course will provide a high-level overview of the key issues, processes, and decisions that must be made to build your organization's vulnerability response capability. As part of the course, attendees will...
Learn More
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.