Security · Topic 01 of 23 · Part I — Foundations

Course orientation

Orientation removes friction that would otherwise eat into every later session — a student who knows where things are spends their attention on the material.

Syllabus: Introduction (§ Presenting the teacher, Overview of structure, Overview of theory, Overview of practice, Goal of the course)
Topic 01 · The starting contract

Why we start here

By the end of this topic you can:
  • State who teaches the module and what their background is
  • Describe the structure of the course — theory blocks, lab blocks, assessment
  • Locate the syllabus, schedule, and lab platform
  • State the overall goal of ICT security testing and how it fits the higher-level curriculum

Who teaches this module

Inference AG

  • Swiss security firm — smart-contract and ICT-infrastructure auditing
  • HQ in Zurich
  • Blockchain & web auditing, open-source contributions
  • Practical, adversarial — allergic to checkbox security
Inference AG logo

Instructors

Emanuele
Lead — smart-contract & web auditor
Marco
Co-instructor — security engineering, audit operations

Your turn — intro round

1Name and current role / programme
2One thing you already do that touches security
3One thing you hope to walk out of this module able to do
Time-box 30 seconds each — 16 students = 8 min total. If it drags, drop to question 3 only.

Goal: calibrate depth. Where students start determines where to add examples and where to skip.

What this course is — and is not

It isIt is not
The contract for the next 8 weeksFiller — every minute here saves an hour later
How to find every artefact you will needJust logistics — it sets the framing for every topic
Calibration of expectationsNegotiable — assessment criteria are fixed and public from day one

ICT security testing is a professional discipline — not just "hacking", not just "pentesting", not just "running scanners".

Covered Landscape, legal & ethics, methodology catalogue, hands-on pentest practicum, post-testing lifecycle
Not covered to craft level Red teaming takes years of operational experience — we teach the concept and what it requires, not the craft.

How the course is structured

The rhythm is: theory → labs → synthesis.

PartTopicsTheme
I — Foundations01–06Framing, standards, scope, legal, ethics
II — Methodologies07–13OSINT, SE, scanning, review, pentest, red, blue
III — Pentest in depth14–18Recon, exploit, privesc, web, kill chain
IV — From findings to value19–23Evidence, scoring, remediation, reporting
Theory blocks Build vocabulary, mental models, and judgement.
Practical labs Anchor theory in real tools and real targets.
Reporting work What the client actually pays for — covered in Part IV.

The practical part: lab platform

AccessCredentials & instructions in SETUP.md — read before the next session
RulesThis is the only authorised testing target for coursework
ToolingPre-installed in the lab; students may add tools — within scope
HelpTeams channel for platform bugs and conceptual questions
Hard rule Testing systems other than the lab — even "just to check" — is illegal and grounds for failing the module. This is treated as its own topic in Topic 05 — Legal implications.

Further practice platforms outside the course: HackTheBox, TryHackMe, PortSwigger Web Security Academy, OverTheWire, PicoCTF.

The goal of this course

Give students the foundational knowledge and a first hands-on experience needed to participate meaningfully in ICT security testing work — whether they end up doing the testing, commissioning it, or defending against it.

A graduate of this module can:

  • Read a pentest report and understand it
  • Take part in scoping a security assessment without misleading the client
  • Run a basic vulnerability scan and interpret the output — including what it cannot tell them
  • Conduct a small, controlled penetration test end-to-end on a known lab
  • Write a finding that another engineer can act on

That is the bar. Everything in the syllabus exists to support it.

Where this module sits in a career

Directly relevant roles

  • Penetration tester / vulnerability assessor
  • Application security engineer
  • SOC analyst, threat hunter
  • Security auditor / compliance
Curriculum context Module 680 is a direct building block toward the Cyber Security Specialist EFA credential. Learning goals reflect the competency grid defined by ICT Berufsbildung Schweiz — assessments here are evidence of readiness for the broader qualification.

Most security professionals have hands-on testing experience at some point, whether they stay in offensive work or move to defence, secure development, or governance.

Check — knowledge vs. discipline

Reflection

What is the difference between "I know how this attack works" and "I am a security tester"?

Reveal answer

A security tester operates inside a contract — scope, authorisation, legal cover. They produce evidence sufficient for client action and legal defensibility, and they write a report that drives remediation. They also communicate what they did not test. Knowing the attack is the easy part; the professional discipline around it is what the profession actually pays for.

What you take home

  • Orientation is the contract — expectations, artefacts, and rules are set from day one
  • This course covers ICT security testing as a professional discipline across four structured parts
  • The lab is the only authorised target; read SETUP.md before the next session
  • The goal is graduates who can participate meaningfully in security testing — doing it, commissioning it, or defending against it
  • Knowing an attack and being a security tester are different things — the profession is in the contract, evidence, and report
  • This module is a building block toward the Cyber Security Specialist EFA and a strong entry point to multiple career tracks

Next: Topic 02 — The security testing landscape. Every later methodology will slot into the map introduced there.

END · TOPIC 01

Welcome aboard

Read SETUP.md and access the lab before the next session.