Module 1: IT & Cybersecurity Basics — Start from Zero

• What is a Computer, Network, Application?
• Windows vs Linux – Basics for Security
• What is a Server? How are they used in IT?
• Introduction to Cybersecurity, Threats, Risks & Vulnerabilities
• CIA Triad and Asset Classification
• Cryptography
• Cloud vs On-Prem (AWS, Azure Overview)

Module 2: Networking & OS Fundamentals

• TCP/IP Model, Network Ports, Protocols
• Subnets, Firewalls, Proxies – How they relate to VM
• Windows & Linux Services and Updates
• Command-line basics (for log, patch, and OS checks)

Module 3: Vulnerability Management Essentials

• What is Vulnerability Management (VM)?
• Lifecycle: Discover → Analyze → Remediate → Track
• CVE, CVSS, NVD, CISA KEV
• Vulnerability Types: OS, Network, App, Cloud, 3rd Party
• Vulnerability Management vs Penetration Testing
• Roles & Responsibilities in VM Teams

Module 4: Hands-On With Vulnerability Tools

• Qualys (VMDR), Tenable Nessus, Rapid7 InsightVM
• Basic Usage, Asset Discovery, Scan Configuration
• Launching Scheduled & Ad-hoc Scans
• Agent-Based Scan vs Agentless Scan
• External Scan vs Internal Scan
• Interpreting Scan Reports, Plugin IDs, Proof, Fix

Module 5: Cloud & Container Security

• Shared Responsibility Model in Cloud
• AWS EC2, Azure VM Scanning (Qualys/Nessus Cloud)
• Overview: S3 Buckets, Public IPs, Misconfigurations
• Container Security Basics: Docker/Kubernetes Concepts
• Vulnerability Detection in Images (Trivy, Anchore demo)

Module 6: Risk-Based Vulnerability Prioritization

• CVSS Score Understanding + Business Context
• False Positive Identification
• Asset Criticality & Risk Scoring Matrix
• Prioritization Workflows for Critical Patches

Module 7: Patching, Remediation & SLA Tracking

• What is Patching? Patch Deployment Lifecycle
• Infra, Dev, Cloud Team Coordination
• SLA Enforcement
• Change Management & Exception Handling
• Tools: ServiceNow, JIRA, OSTicket

Module 8: Application Security Basics

• What is Application Security? OWASP Top 10 Overview
• Intro to Web Vulnerabilities: XSS, SQLi, Broken Auth
• Vulnerabilities in Code – Basic Awareness
• SAST, DAST, IAST – High-level understanding
• When to Escalate App Vulns to Dev Teams

Module 9: Compliance & Security Frameworks

• Regulatory Requirements in Security Programs:
• PCI DSS | ISO/IEC 27001 | HIPAA |GDPR | NIST 800-53
• Mapping CVEs to Controls
• SCAP Standard (Overview)
• Audit Support & Documentation Templates

Module 10: Reports That Get You Noticed

• Weekly & Monthly Reports for Tech & Management
• Excel Templates & Power BI Dashboards
• KPIs: Open Vulns, SLA Compliance, Aging, MTTR
• Custom Reports for Audit / Board Reviews
• Auto-Scheduling and Distribution Best Practices

Module 11: Governance & Lifecycle Program Design

• VM Program Structure: Roles, Owners, Frequency
• SLA & Policy Documents – What to Track
• Risk Acceptance & Exception Governance
• Internal & External Reporting Alignment

Module 12: Vulnerability Management Automation

• Auto-scheduling Scans and Reports
• Email Alerts and Auto Ticket Generation
• APIs (Qualys/Nessus) for Integration
• Connect with: SOAR, SIEM, JIRA