Certified Network Defender (CND) v3
- 02 Aprile 2025
- Duration 24 weeks
- 01 June 2026
- Duration: 36 weeks
Gain the skills to protect, detect, and respond to modern network security threats.
As an Authorized Training Center of EC-Council, we deliver official CND training and certification
Key features & benefits
100+ Hands-On Labs for real-world defense and response practice
Accredited & Recognized Globally – ISO/IEC 17024, DoD 8570/8140, NCSC (UK)
Built on the 4-pronged defense strategy: Protect, Detect, Respond, Predict
Covers all 5 NIST Cybersecurity Framework functions for full compliance
Learn to secure hybrid, cloud, mobile, and IoT environments
Gain a globally recognized certificate mapped to NICE job roles
Build practical, job-ready skills that employers demand today
Boost your career – certified defenders are in high demand worldwide
Course outline
Module 01
Network attacks and defense Strategies
Network attacks and defense Strategies
This module covers mechanisms of various attack techniques and hacking methodologies that attackers use to breach the security of an organization’s networks.
It also introduces defense strategies that network defenders should adopt to ensure comprehensive network security. Key topics covered: Attack, threat, threats sources, threat actors, vulnerability, risk, network attacks, application attacks, social engineering attacks, email attacks, mobile attacks, cloud attacks, supply chain attacks, wireless attacks, hacking methodologies and frameworks, adaptive security strategy, and defense-in-depth security.
The hands-on lab exercises in this module help to understand the modus operandi of different attacks at network, application, and host levels.
Module 02
Administrative network security
Administrative network security
This module covers administrative security measures, including compliance efforts, creating and enforcing security policies, security awareness training, asset management, etc.
Key topics covered: Compliance, regulatory frameworks, security policies, security awareness, asset management, and recent cybersecurity trends.
The hands-on lab exercises in this module help to demonstrate skills in security policy implementation, asset management, employee monitoring, etc.
Module 03
Technical network security
Technical network security
This module covers the technical aspects of network security. It describes the concepts of access control, Identity and Access Management (IAM), cryptographic security techniques, and various network security devices and protocols.
Key topics covered: Access controls, Authentication, Authorization, and Accounting (AAA), IAM, cryptography, network segmentation, zero trust, network security controls, and network security protocols.
The hands-on lab exercises in this module help demonstrate skills in implementing access controls, VPN, etc.
Module 04
Network perimeter security
Network perimeter security
This module covers the security configuration of network perimeter devices such as firewalls, intrusion detection and intrusion protection systems (IDSs/IPSs), routers, switches, etc., for effective perimeter protection.
Key topics covered: Firewalls, firewall types, firewall topologies, firewall selection, firewall implementation and deployment, firewall administration, IDS/IPS, IDS/IPS classification, IDS/IPS selection, false positives, false negatives, router security, switch security, software-defined perimeter (SDP).
The hands-on lab exercises in this module help to demonstrate skills in perimeter security, which includes how to configure and implement firewalls and IDS/IPS with the help of well-known tools such as pfSense, Smoothwall, Windows Firewall, iptables, Suricata, Wazuh, ModSecurity, etc.
Module 05
Endpoint security – windows systems
Endpoint security – windows systems
This module covers various security features and secure configuration techniques used to secure Windows systems.
Key topics covered: Windows security risks, Windows security components, Windows security features, Windows security baseline configurations, user account and password management, Windows patch management, Windows user access management, active directory security, Windows network services and protocol security, and Windows security best practices.
The hands-on lab exercises in this module help demonstrate Windows security skills, including but not limited to Windows patch management, Windows file integrity, Windows endpoint protection, Windows security configuration baseline, active directory security, security troubleshooting, permissions, etc.
Module 06
Endpoint security – linux systems
Endpoint security – linux systems
This module covers the Linux OS, its security features, and the various techniques to harden the OS security.
Key topics covered: Linux security risks, Linux installation and patching, Linux user access and password management, Linux OS hardening techniques, Linux network and remote access security, and Linux security tools and frameworks.
The hands-on lab exercises in this module help demonstrate skills in Linux security, including but not limited to system hardening, system security auditing, file integrity monitoring, permissions, access controls, etc.
Module 07
Endpoint security – mobile devices
Endpoint security – mobile devices
This module covers securing the use of mobile devices under various mobile usage policies implemented and enforced in enterprises.
Key topics covered: Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), Corporate Owned, Personally Enabled (COPE), Company Owned, Business Only (COBO), Mobile Device Management (MDM), Mobile Application Management (MAM), Mobile Threat Defense (MTD), Unified Endpoint Management (UEM), Mobile Email Management (MEM), Mobile Content Management (MCM), Enterprise Mobility Management (EMM), mobile device security, android security, and iPhone security.
The hands-on lab exercises in this module help demonstrate skills in implementing MDM solutions and various mobile security measures.
Module 08
Endpoint security – IoT devices
Endpoint security – IoT devices
This module covers the use of IoT devices, the associated security challenges and risks, as well as appropriate security measures implemented to secure IoT-enabled environments.
Key topics covered: IoT devices, IoT application areas, IoT ecosystem, IoT communication models, IoT-enabled environments, IoT security risk and challenges, IoT security in IoT-enabled IT environments, IoT security tools, IoT security best practices, IoT security standards, initiatives, and efforts.
The hands-on lab exercises in this module help demonstrate skills to secure IoT device communication.
Module 09
Administrative application security
Administrative application security
This module covers various application security measures implemented to monitor, patch, and upgrade the installed applications constantly.
Key topics covered: Application whitelisting, application blacklisting, application sandboxing, application patch management, and web application firewalls (WAFs).
The hands-on lab exercises in this module help demonstrate skills in application whitelisting, application sandboxing, WAF, etc.
Module 10
Data security
Data security
This module covers various security measures implemented to secure an organization’s data from prying eyes.
Key topics covered: Data security, data encryption data at rest, data encryption at transit, data masking, data backup, data retention, data destruction, data loss prevention (DLP), and data integrity.
The hands-on lab exercises in this module help demonstrate skills in data encryption at rest, data encryption at transit, database encryption, email encryption, data backup, data recovery, disk encryption, etc.
Module 11
Enterprise virtual network security
Enterprise virtual network security
This module covers virtualization concepts and technologies such as network virtualization, software-defined network, and network function virtualization and their security.
Key topics covered: Network virtualization (NV), software-defined network (SDN), network function virtualization (NFV) security, OS virtualization security, container security, docker security, and Kubernetes security.
The hands-on lab exercises in this module help demonstrate skills in docker security audit, SDN communication security, Kubernetes security, etc.
Module 12
Enterprise cloud security
Enterprise cloud security
This module covers the various aspects of enterprise cloud security that are important for an organization to securely store or process data on the cloud.
Key topics covered: Cloud Computing, cloud security, shared responsibility model, Amazon Cloud (AWS) Security , Microsoft Azure cloud security, and Google Cloud Platform (GCP) security.
The hands-on lab exercises in this module help demonstrate skills in AWS IAM, AWS KMS, AWS Storage, Azure MFA, GCP IAM, Azure Resource locking, and GCP Cloud IAP.
Module 13
Enterprise wireless network security
Enterprise wireless network security
This module covers various security measures and best practices used to secure wireless networks in enterprises.
Key topics covered: Wireless network, wireless standards, wireless topologies, wireless network components, wireless network encryption, wireless network authentication, wireless network security measures, and Wi-Fi security tools.
The hands-on lab exercises in this module help demonstrate skills in wireless router security.
Module 14
Network traffic monitoring and analysis
Network traffic monitoring and analysis
This module covers threat, bandwidth, and performance monitoring with the help of network traffic monitoring and analysis.
Key topics covered: Network traffic monitoring, baseline traffic signatures, suspicious network traffic signatures, threat detection with Wireshark, bandwidth monitoring, performance monitoring, network anomaly detection, and behavior analysis.
The hands-on lab exercises in this module help demonstrate skills in packet capturing, traffic monitoring, traffic analysis, threat detection, and bandwidth monitoring with tools such as Wireshark, tcpdump, PRTG, Capsa, NTOP, etc.
Module 15
Network logs monitoring and analysis
Network logs monitoring and analysis
This module covers threat detection with the help of log monitoring and analysis.
Key topics covered: Logs, Windows log analysis, Linux log analysis, Mac log analysis, firewall log analysis, router log analysis, web server log analysis, and centralized log management.
The hands-on lab exercises in this module help demonstrate skills in configuring, viewing, and analyzing logs in a local as well as a centralized location.
Module 16
Incident response and forensics investigation
Incident response and forensics investigation
This module covers the role of incident response and forensic investigation in an organization’s security.
Key topics covered: First responder, incident handling and response process, SOAR, endpoint detection and response (EDR), extended detection and response (XDR), and forensics investigation.
The hands-on lab exercises in this module help demonstrate skills in incident ticketing, reporting, and escalations with OSSIM.
Module 17
Business continuity and disaster recovery
Business continuity and disaster recovery
This module covers concepts around business continuity and disaster recovery.
Key topics covered: Business Continuity (BC), Disaster Recovery (DR), Business Continuity Management (BCM), BC/DR Activities, Business Impact Analysis (BIA), Recovery Time Objective (RTO), Recovery Point Objective (RPO), Business Continuity Plan (BCP), and Disaster Recovery Plan (DRP).
The hands-on lab exercises in this module help demonstrate skills in implementing business continuity and disaster recovery scenarios with NLB.
Module 18
Risk anticipation with risk management
Risk anticipation with risk management
This module covers various phases in implementing and executing an organization’s risk management program.
Key topics covered: Risk management, risk identification, risk assessment, risk treatment, risk treatment steps, risk tracking and review, risk management frameworks (RMFs), vulnerability management, vulnerability scanning, vulnerability reporting, and privacy impact assessment (PIA).
The hands-on lab exercises in this module help demonstrate skills in network security audit, vulnerability management, application vulnerability scanning, and analysis.
Module 19
Threat assessment with attack surface analysis
Threat assessment with attack surface analysis
This module covers concepts around visualizing, analyzing, and reducing the attack surface.
Key topics covered: Attack surface, attack surface analysis, system attack surface, network attack surface, software attack surface, physical attack surface, human attack surface, Indicators of Exposures (IoEs), attack simulation, attack surface reduction, attack surface monitoring tools, and cloud and IoT attack surface analysis.
The hands-on lab exercises in this module help demonstrate skills in system attack surface analysis, application attack surface analysis, attack surface mapping, etc.
Module 20
Threat prediction with cyber threat intelligence
Threat prediction with cyber threat intelligence
This module covers leveraging threat intelligence capabilities for responding quickly, decisively, and effectively to emerging threats.
Key topics covered: Cyber threat intelligence, threat Intelligence types, Indicators of Compromise (IoCs), Indicators of Attack (IoA), threat intelligence layers, threat intelligence sources, threat intelligence feeds, threat intelligence platforms (TIP), and threat hunting.
The hands-on lab exercises in this module help demonstrate skills in integrating OTX threat feeds, threat hunting, etc.
Our partners & vendors
Ready to grow your cybersecurity team?
Training prerequisites
Core knowledge
No strict prerequisites — anyone can enroll through official training
Recommended: a basic understanding of computer networks, IP addressing, and common protocols (DNS, DHCP, ARP, ICMP)
Technical skills
Familiarity with network concepts such as routing and traffic flow
Ability to use basic network tools (e.g., ping, traceroute, nslookup)
OS & tools
Comfortable working with at least one operating system (Windows, Linux, or macOS)
Able to perform basic command-line operations and navigate file systems
Training & register details
TRAINING OVERVIEW
Certified Network Defender (CND) v3
Build resilient networks with hands-on training in modern defense strategies
Training duration: 5 days (40 hours)
Format: Instructor-Led Online
Level: Intermediate
Language: Ukrainian
Materials: English | 24 months valid
Labs: 24/7 180 days access
Exam attempts: 1 official exam voucher included (312-38)
HOW TO REGISTER
1. Submit your application
Submit a quick application to let us know you’re interested in the course.
2. Intro call
We’ll schedule a short call to learn more about your goals and expectations.
3. Confirm your spot
Get accepted and complete the paperwork. We’ll send you all the info you need.
4. Start learning
Access your learning platform and get familiar with the materials.
5. Join the community
Get access to the student chat, events, and mentorship opportunities.
Who is CND for?
Network & security professionals
Enhance your expertise with globally recognized skills in network defense, monitoring, and incident response
Teams & Businesses
Strengthen your organization’s cyber resilience with staff trained to protect, detect, respond, and predict network threats
Government & defense
Trusted by agencies and defense organizations worldwide for building capable cyber defense teams
Educators & trainers
Incorporate official EC-Council content into your academic or corporate cybersecurity programs
FAQ
Do I need prior experience to join CND?
Basic knowledge of networking and security is recommended but not mandatory.
Is the exam voucher included?
Yes, the training package includes an official exam voucher.
How long is the certification valid?
The CND certification is valid for three years. Recertification is required to maintain active status.
Does the course cover cloud and IoT security?
Yes, CND v3 includes modules on cloud, IoT, and OT/SCADA environments.
Can my company arrange private training?
Yes, SEG provides corporate training solutions customized to your team’s needs.
How do I become a C|ND expert?
To attend the C|ND class, students should have at least fundamental knowledge of networking concepts to take up the C|ND certification program in the EC-Council. The program equips you with the strategic and technological skills for network security roles. Upon passing the C|ND examination, you obtain the certification. Stay updated with the latest industry trends, participate in workshops and seminars, and get practical experience in incident response and risk management. Finally, develop leadership skills, contributing to offering solutions to advance defense strategies.
What jobs can I get after the C|ND certification program?
The C|ND certification equips you with skills to qualify for roles such as:
- Network Administrators
- Network Security Administrators
- Network Engineer
- Data Security Analyst
- Network Security Engineer
- Network Defense Technician
- Security Analyst
- Security Operator
- Network security
- Cybersecurity Engineer
Is the C|ND for beginners?
Yes, the CND course is applicable for beginners. Network security skills are the basic fundamental skill set for any cybersecurity professional. To begin with the training program, students should have fundamental knowledge of networking concepts. C|ND is an intermediate-level professional program where anyone who works as a network administrator, security analyst, network engineer, and more can join the program.
What does a C|ND do?
A Certified Network Defender identifies, protects, and prevents cyber threats to a network. They inspect networks for malware or unauthorized access, conduct penetration testing, and fix vulnerabilities. The defenders also maintain the organizations’ security by installing and updating software, keeping the networks resilient and intact in the face of evolving cyber threats.
What is the C|ND?
Certified Network Defender (C|ND) is an ANAB-accredited professional certification program the EC-Council offers. With an exclusive focus on defense and network security, it offers the best knowledge and practical skills necessary for safeguarding networks. Being the first program to offer an adaptive security (protect, detect, respond, and predict) approach, C|ND covers a wide spectrum of network security controls, risk management, security system solutions, security policies, and many more. Upon earning the certification, professionals gain an insight into the values and practices to protect the network’s integrity and confidentiality.