Courses
Courses, workshops, and seminars help transition SEI technology and research to the broader community, disseminating recent advances relevant to our mission.
Knowledge and Techniques That You Can Apply Today
SEI courses, workshops, and seminars are created and delivered by recognized experts who have practical experience in the disciplines they teach. Our courses feature hands-on tasks and real-world scenarios. In just a matter of days, you’ll be more informed and ready to perform at a higher level.
Professional Development and Workforce Development
Whether you want to learn at your own pace online, experience the networking opportunities of our classroom facilities, or develop your workforce by bringing our instructors on-site, SEI courses give you the tools you need to create and maintain software, systems, and organizations that are efficient, secure, and reliable. Organizations can help their workforce gain competencies in software development, software acquisition, and cybersecurity.
Delivery Modes
Classroom
The SEI has training facilities in its offices in Pittsburgh, Pennsylvania, and Arlington, Virginia.
Course List
-
Acquisition Essentials for Software-Reliant Systems
Acquisition
The challenges and failures of software development and acquisition of software-reliant systems have been well documented. There are many reasons software-reliant acquisitions fail, including unrealistic estimates, overly ambitious requirements, and inadequate software engineering and testing. This hour-long course is part of a series of...
-
Assessing Information Security Risk Using the OCTAVE Approach - eLearning
Risk Assessment & Insider Threat
In this 11 module, online course participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method. The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context....
-
Building an Insider Threat Program
Risk Assessment & Insider Threat
This seven (7) hour online course provides a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program. This training is based upon the...
-
CERT Certificate in Digital Forensics
Incident Handling
In today's networked world, it is essential for system and network administrators to understand the fundamental areas and the major issues in computer forensics. Knowledgeable first responders apply good forensic practices to routine administrative procedures and alert verification, and know how routine actions can adversely affect the forensic...
-
CERT Cybersecurity Engineering and Software Assurance Professional Certificate
Network & Software Security
Software-reliant systems are acquired, built, deployed, and maintained through a coordinated set of activities referred to as a lifecycle. When implementing software-reliant systems, desired capabilities and performance parameters have historically received much more attention-and funding-than requirements for quality attributes. Yet quality...
-
CERT Cybersecurity Leadership Examination
Risk Assessment & Insider Threat
The CERT Cybersecurity Leadership Examination objectively assesses the student's understanding of cybersecurity principles that reflect basic awareness and knowledge of cybersecurity within the context of a business organization and from the perspective of organizational leadership. The examination is administered online. Learners can begin the...
-
CERT Secure Coding in C and C++ Professional Certificate
Network & Software Security
The CERT Secure Coding in C and C++ Professional Certificate provides software developers with practical instruction based upon the CERT Secure Coding Standards. The CERT Secure Coding Standards have been curated from the contribution of 1900+ experts for the C and C++ programming language. The CERT Secure Coding team teaches the essentials of...
-
CERT Secure Coding in Java Professional Certificate
Network & Software Security
The CERT Secure Coding in Java Professional Certificate provides software developers with practical instruction based upon the CERT Secure Coding Standards. The CERT Secure Coding team teaches the essentials of designing and developing secure software in Java. Completion of this Professional Certificate will enable software developers to increase...
-
Cyber Intelligence for Decision Makers
Risk Assessment & Insider Threat
With the rapidly changing nature of cyber threats and high-profile exploitations of vulnerabilities, organizations are recognizing the need to address the systemic analytical challenges of cyber intelligence. This course presents a non-technical approach to cyber intelligence for organizational managers and decision makers. It explains the...
-
Documenting Software Architectures - eLearning
Software Architecture
Software architecture has become a widely accepted conceptual basis for the development of nontrivial software in all application areas and by organizations of all sizes. However, the treatment of architecture to date has largely concentrated on its design and, to a lesser extent, its validation. Effectively documenting an architecture is as...
-
Examination of Software Architecture: Principles and Practices
Software Architecture
To ensure continued excellence in software architecture practices, the SEI objectively validates a student's understanding of software architecture before students are eligible to receive professional certificates in software architecture or become certified to lead SEI Authorized ATAM evaluations. This includes understanding of enterprise,...
-
Insider Threat Awareness Training
Risk Assessment & Insider Threat
This one hour course provides a basic understanding of insider threats within an organization and what employees should be aware of in their responsibilities to protect an organization's critical assets. This course explains how your work can be affected and how you can be targeted by Insider Threats. This training is based upon the research of...
-
Insider Threat Program Manager Certificate Examination
Risk Assessment & Insider Threat
To ensure continued excellence in Insider Threat program development, implementation, and operation, the SEI objectively validates the student's understanding and eligibility to receive the Insider Threat Program Manager (ITPM) Certificate. The certificate exam evaluates the student's comprehension of insider threat planning, identification and...
-
Insider Threat Vulnerability Assessor Certificate Examination
Risk Assessment & Insider Threat
To insure the ability of a candidate assessor to identify and manage insider threat risk within organizations, the Insider Threat Vulnerability Assessor (ITVA) Certificate Examination evaluates a candidate assessor's comprehension of the CERT insider threat assessment methodology. The Insider Threat Vulnerability Assessor Certificate Examination...
-
Managing Technical Debt of Software - eLearning
Software Architecture
Technical debt occurs when a design or construction approach is taken that is expedient in the short term, but increases complexity and cost in the long term. In the course Managing Technical Debt of Software, the concept of technical debt is examined from multiple perspectives, including how it manifests, accumulates, and impacts the enterprise....
-
Modeling System Architectures Using the Architecture Analysis and Design Language (AADL) - eLearning
Software Architecture
Modeling and validating quality attributes for real-time, embedded systems is often done with low-fidelity software models and disjointed architectural specifications by various engineers using their own specialized notations. These models are typically not maintained or analyzed throughout the lifecycle, making it difficult to predict the impact...
-
Overview of Insider Threat Concepts and Activities
Risk Assessment & Insider Threat
This three (3) hour online course provides a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches how to recognize both technical and behavioral indicators and outlines mitigation strategies. This instruction is based upon the research of the CERT National Insider Threat Center (NITC) of the...
-
Secure DevOps Process and Implementation
Network & Software Security
This 4.5 hour virtual, asynchronous course is designed for managers, developers and operational teams to offer a comprehensive training on DevOps principles and process, and to identify techniques for project planning, development, and deployment from start to finish. Specifically, this course will expose attendees to reference architectures and...
-
Software Architecture: Principles and Practices - eLearning
Software Architecture
Although the term software architecture is used frequently in today's software industry, its meaning is not universally understood. In this course we answer these questions What is software architecture? How do you use software architectures in practice? What does a software architect do for an organization? What value does software architecture...
-
Software Product Lines - eLearning
Software Product Lines
A software product line is a set of software-reliant systems that share a common, managed set of features satisfying a particular market or mission area, and are built from a common set of core assets in a prescribed way. Producing a set of related products as a product line has allowed organizations to achieve increased quality and...
-
Twenty Questions to Assess Your Program's Chances of Success
Acquisition Risk Assessment & Insider Threat
This online course introduces risk management concepts and explains the 20 key drivers that compose the SEI risk-based method for assessing complex projects, the Mission Diagnostic Protocol. This course explains what these drivers are and how the assessment of a program using the drivers creates a profile of a program's chances of success. This...
-
DevSecOps Process and Implementation
2.5 Network & Software Security
DevOps is a set of software development principles that emphasize collaboration, communication, and automation among all stakeholders, including IT operations, testers, developers, customers, and security personnel at the inception of a project. A variety of tools help stakeholders collaborate and communicate. Automation is a greater challenge....
-
Enterprise Information Security for Technical Staff
4 Network & Software Security
This four-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. The course provides a technical foundation for working with TCP/IP security and cryptography. The course...
-
Hands-on Threat Detection and Hunt
4 Network & Software Security
This four day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Cybersecurity topics such as network monitoring, intrusion detection and response, digital forensics, and threat hunting will offer a comprehensive defense-in-depth experience....
-
Secure Coding in C and C++
4 Network & Software Security
Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code...
-
Secure Coding in Java
4 Network & Software Security
Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in Java programming. This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is...
-
Effective Cybersecurity Operations
2 Incident Handling
This two-day course provides an overview of security operations structures, functions, and activities. It describes general good practices and processes for effective and resilient operations. The course discusses how to effectively manage and operate a security operations center and provide a framework to mature the operations over time. The...
-
Foundations of Incident Management
4 Incident Handling
This four-day course provides foundational knowledge for those in security-related roles who need to understand the functions of an incident management capability and how best to perform those functions. It is recommended for those new to incident handling or security operations work. The course provides an introduction to the basic concepts and...
-
Thinking Like an Analyst
1 Incident Handling
This tutorial introduces the basic skills necessary to be an effective cyber analyst. The central focus is analytical acumen, or "how to think." Practical application of portions of the analytic process will be interspersed throughout the presentation, building around a scenario of a company at risk while conducting IT business...
-
AADL in Practice Workshop
Software Architecture
The AADL in Practice Workshop combines AADL training and an AADL modeling workshop to provide practical knowledge as well as an opportunity to practice skills in a realistic setting. This Workshop will transfer expertise to participants through an effective combination of training and mentoring during practice. Organizations seeking to increase...
-
ATAM Evaluator Training
2 Software Architecture
Most complex software systems must be modifiable and perform well. They might also need to be secure, interoperable, portable, and reliable. But What precisely do quality attributes such as modifiability, security, performance, and reliability mean? Can a system be analyzed to determine whether it has certain desired qualities? How soon can such...
-
Design Guidelines and Patterns for Microservices
2 Software Architecture
In modern service-based solutions, services are developed and deployed as microservices. Microservice development involves countless technology and design choices, including industry standards, frameworks, design patterns, integration approaches, middleware products, and tools. And it is a moving landscape-new ideas and products for services and...
-
Designing Modern Service-Based Systems
1 Software Architecture
From a buzzword in the early 2000s, service-oriented architecture (SOA) has evolved into an established paradigm for developing distributed software systems. But SOA today has a different face. Microservices, API gateways, REST constraints, and event-driven messaging are just some of the design concepts that developers of modern service-based...
-
Documenting Software Architectures
4 Software Architecture
Software architecture has become a widely accepted conceptual basis for the development of nontrivial software in all application areas and by organizations of all sizes. However, the treatment of architecture to date has largely concentrated on its design and, to a lesser extent, its validation. Effectively documenting an architecture is as...
-
Managing Technical Debt of Software
1 Software Architecture
Technical debt occurs when a design or construction approach is taken that's expedient in the short term, but increases complexity and cost in the long term. In the course Managing Technical Debt of Software, the concept of technical debt is examined from multiple perspectives, including how it manifests, accumulates, and impacts the software...
-
Modeling System Architectures Using the Architecture Analysis and Design Language (AADL)
4 Software Architecture
Modeling and validating of quality attributes for real-time, embedded systems is often done with low-fidelity software models and disjointed architectural specifications by various engineers using their own specialized notations. These models are typically not maintained or documented throughout the life cycle, making it difficult to predict the...
-
Software Architecture Design and Analysis
4 Software Architecture
A system's software architecture is widely regarded as one of the most important software artifacts. Software professionals routinely make decisions that impact that architecture, yet many times that impact is not fully considered or well understood. Which design decisions will lead to a software architecture that successfully addresses the...
-
Software Architecture: Principles and Practices
4 Software Architecture
Although the term software architecture is used frequently in today's software industry, its meaning is not universally understood. What is software architecture? How do you use software architectures in practice? What does a software architect do for an organization? What value does software architecture provide? This course introduces the...
-
Cybersecurity Oversight for the Business Executive
Risk Assessment & Insider Threat
This course examines the dynamic intersection of business and technology over the course of an immersive 2-days. Targeted towards today's business executive, the courseware explores the pressing reality that cybersecurity is a business imperative and an enterprise-wide risk that spans all operations. The course provides background and context...
-
Insider Threat Analyst
3 Risk Assessment & Insider Threat
This 3-day classroom course presents strategies for collecting and analyzing data to prevent, detect, and respond to insider activity. It discusses various techniques and methods for designing, implementing, and measuring the effectiveness of various components of an insider threat data collection and analysis capability. This training is based...
-
Insider Threat Program Evaluator
3 Risk Assessment & Insider Threat
This three-day, instructor-led, classroom-based course presents strategies for measuring and evaluating an operational insider threat program within an organization. Using scenario-based exercises, this course takes participants through the steps to conduct an insider threat program evaluation. This training is for insider threat program managers,...
-
Insider Threat Program Evaluator (ITPE) Certificate Package
Risk Assessment & Insider Threat
Students who wish to purchase the certificate program package (two eLearning courses, classroom course, certificate exam) will receive a discount from the total cost. The program packages correspond with scheduled classroom course dates, so select the program package that best meets your scheduling needs. The Insider Threat Program Evaluator...
-
Insider Threat Program Evaluator Certificate Examination
Risk Assessment & Insider Threat
To insure the ability of a candidate evaluator to reduce exposure to insider risk and to strengthen insider threat programs within organizations, the Insider Threat Program Evaluator (ITPE) Certificate Examination evaluates a candidate evaluator's comprehension of the CERT insider threat program evaluation methodology. The Insider Threat Program...
-
Insider Threat Program Manager (ITPM) Certificate Package
Risk Assessment & Insider Threat
Students who wish to purchase the certificate program package (two eLearning courses, classroom course, certificate exam) will receive a discount from the total cost. The program packages correspond with scheduled classroom course dates, so select the program package that best meets your scheduling needs. The Insider Threat Program Manager...
-
Insider Threat Program Manager: Implementation and Operation
3 Risk Assessment & Insider Threat
This three day course builds upon the initial concepts presented in the prerequisite courses Overview of Insider Threat Concepts and Activities and Building an Insider Threat Program. The course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods...
-
Insider Threat Vulnerability Assessor (ITVA) Certificate Package
Risk Assessment & Insider Threat
Students who wish to purchase the certificate program package (two eLearning courses, classroom course, certificate exam) will receive a discount from the total cost. The program packages correspond with scheduled classroom course dates, so select the program package that best meets your scheduling needs. The Insider Threat Program Manager...
-
Insider Threat Vulnerability Assessor Training
3 Risk Assessment & Insider Threat
This 3-day course develops the skills and competencies necessary to perform an insider threat vulnerability assessment of an organization. This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching the insider threat problem since 2001 in...
-
Measuring What Matters: Security Metrics Workshop
1 Measurement & Analysis Risk Assessment & Insider Threat
It is critical to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD) and the latest attack;...
-
OCTAVE FORTE: Connecting the Board Room to Cyber Risk
2 Risk Assessment & Insider Threat
Organizations need an adaptable and agile process that allow executives to have a real-time view of cyber risks. To address this challenge, the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process has been assisting organizations to assess their technical risks for the better part of two decades, and the SEI has...
-
System Assessment and Authorization Process
2 Risk Assessment & Insider Threat
This two-day course introduces the NIST Risk Management Framework (RMF) process for system assessment and authorization. The RMF is the cybersecurity framework mandated for Federal Government departments and agencies, including the U.S. Department of Defense (DoD). Like other NIST guidance, the RMF is also used by organizations outside of the...
-
Agile in Government: Practical Considerations
2 Acquisition
This 1-2 day live-delivery tutorial enables attendees to understand basic Agile concepts that developers use, but primarily focuses on introducing the interactions that government program offices can and should have with developers (either organic or contracted) who are using Agile methods to develop government systems. A combination of lecture,...
-
Agile Virtual Schoolhouse
Acquisition
Learning is a key enabler of a successful organizational transformation. Introducing Agile knowledge to key staff can build a shared understanding and alignment in challenging, highly regulated environments. This training channel leverages best of breed resources with SEI subject matter expertise in a flexible online format for virtual and remote...
-
Leading SAFe/Agile in Government
3 Acquisition
This 3 day live-delivery course enables attendees to understand basic Agile and lean concepts that developers use, but primarily focuses on introducing the interactions that government program offices can and should have with developers (either organic or contracted) who are using Agile team methods and the Scaled Agile Framework scaling approach...
-
Advanced Topics in Incident Handling
4 Incident Handling
This four-day course, designed for computer security incident response team (CSIRT) and security operations center (SOC) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks. Building on the methods and tools...
-
Assessing Information Security Risk Using the OCTAVE Approach
3 Risk Assessment & Insider Threat
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method. The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context. Risks...
-
CERT-Certified Computer Security Incident Handler Qualification Examination
Incident Handling
This examination is designed to demonstrate that cyber-security professionals have sufficient knowledge and skill in key areas to successfully conduct network security...
-
Creating a Computer Security Incident Response Team
1 Incident Handling
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can...
-
Introduction to the CERT Resilience Management Model
2 Risk Assessment & Insider Threat
This two-day course introduces a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM) v1.2 Resilience Management Model (CERT-RMM) v1.2. CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help...
-
Managing Computer Security Incident Response Teams
3 Incident Handling
This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with...
-
Security Requirements Engineering Using the SQUARE Method
1 Network & Software Security
Through the SQUARE project, CERT researchers have developed an end-to-end process for security requirements engineering to help organizations build security into the early stages of the production life cycle. The SQUARE methodology consists of nine steps that generate a final deliverable of categorized and prioritized security requirements. This...
-
Software Assurance Methods in Support of Cyber Security
1 Network & Software Security
This workshop is focused on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. The purpose of this course is to expose managers, engineers, and acquirers to concepts and resources available now for their use to address software security assurance across the...
-
Agile Adoption Readiness and Fit Workshop
2 Acquisition
When adopting new governance practices, leaders often find mismatches between assumptions and the realities within their organizations. This 2-day workshop leverages the SEI Readiness and Fit Analysis (RFA) technique to help people involved in systems of systems from all levels of the enterprise-senior leaders, policy makers, program managers,...
-
Agile in Government: Concepts for Senior Executives
0.5 Acquisition
This 2-4 hour tutorial is designed for a small group of senior executives in a program or enterprise who are contemplating or are already in progress with adoption of Agile approaches in the organization within their purview. The tutorial includes the opportunity for discussion about practical application of concepts at the executive...
-
Overview of Creating and Managing CSIRTs
1 Incident Handling
This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT). The course will explore the relationship between...
-
Vulnerability Response Capability Development
1 Network & Software Security
This one-day course is designed for managers and project leaders who are trying to respond to vulnerabilities reported in their products. This course will provide a high-level overview of the key issues, processes, and decisions that must be made to build your organization's vulnerability response capability. As part of the course, attendees will...
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.