Join CSFI on LinkedIn,
591,000+ Members &


Develop your cyberspace operations skills for the deployment of network operations (NETOPS), defensive cyberspace operations (DCO), and offensive cyberspace operations (OCO).

Students will develop the skills for executing DCO concepts into organizational missions. Adversarial tactics, techniques, and procedures (TTPs) and associated tools are presented following the cyber kill chain for students to learn to defend friendly networks against current and emerging threats. Using multiple labs, this course provides students with hands-on exposure to deploy live attacks and analysis in a controlled environment to then learn how to prevent, detect, and counter such activities.

The DCOE training provides a unique opportunity to certify in a critical field of cyberspace operations, enhancing mission readiness and employability. The DCOE certification follows the NICE work role and standards for a Cyber Operator.

Developed exclusively for the Cyber Security Forum Initiative (CSFI) by professionals with experience in military cyberspace operations, this course is designed to help students acquire knowledge and appreciation of preserving the ability to protect data, networks, net-centric capabilities, and mission critical systems.

CSFI is highly invested in protecting American national security in cyberspace and is proud to provide cyberspace operations training to American entities, as well as foreign allies and partners in support of interoperability.

PRICING: $2,595.00/per student - special group discounts may apply.


Capitol Technology University (CTU), a designated National Security Agency (NSA) Center of Excellence, endorsed this course. Capitol Technology University is a National Center of Academic Excellence.


First Name

Last Name

Email Address

Phone Number

Organization Name

Work Title


What do you hope to achieve by taking the DCOE course?

(all fields required)

What You'll Learn

  • Cyberspace Operations and Cyber Mission Force
  • Cyber Kill Chain
  • Kali Linux
  • Reconnaissance (Passive and Active)
  • PBED for Cyberspace Operations
  • Attack Across Networks and Systems
  • Persistent, Integrated Operations
  • Network Protection

Detailed Course Outline

  • Introduction
  • Certification Requirements
  • Commander’s Intent
  • Evolution of Cyber Espionage and Collection Efforts
  • Cyberspace Operations and Cyber Mission Force
  • Cyberspace as a Warfighting Domain
  • The Operating Environment
  • Cyberspace Militarization
  • DoD Cyber Strategy
  • Cyberspace Operations
  • NetOps, DODIN Ops
  • DCO
  • DCO-RA
  • OCO
  • CMF Construct – CPT, NMT, CMT
  • CPT Methodology (Survey, Secure, Protect)
  • Cyber Kill Chain
  • Steps of the Cyber Kill Chain
  • Stages of an Attack
  • Case Study: Data Breach and Lessons Learned
  • Threat Intelligence Sharing
  • Kali Linux
  • Cyber Tradecraft
  • Installation
  • Command Line Tasks
  • Navigating Kali
  • Reconnaissance (Passive and Active)
  • CIA’s MICE Motivational Framework
  • Open-Source Intelligence (OSINT) – Common Tools
  • Information Sources
  • Case Study: Social Media Experiment
  • Reconnaissance with Kali Linux
  • Network Scanning
  • SQL Mapping
  • PBED for Cyberspace Operations
  • PBED Framework
  • Plan – ME3C-(PC)2 Model
  • Brief
  • Execute
  • Debrief
  • PBED Exercise
  • Attack Across Networks and Systems
  • Web Application Vulnerabilities
  • Cross-Site Scripting (XSS)
  • SQL Injection (SQLi)
  • Webshell
  • Wireless Threats
  • Network Exploitation
  • Conducting Attacks with Metasploit
  • Password Cracking
  • Persistent, Integrated Operations
  • Command and Control (C2): Maintaining Access
  • Rootkits
  • Tunneling
  • Remote Access
  • Elevated Privileges
  • Covert Channels
  • Covering Tracks: Hiding Evidence
  • Altering Logs and History Files
  • Hidden Files
  • Timestamps
  • Network Protection
  • Network Traffic Analysis
  • Vulnerability Scanning
  • Intrusion Detection System (IDS) and Intrusion Protection System (IPS)

DCOE Hands-On Labs

  • Lab 01: Navigating Kali Linux
  • Lab 02: Network Mapping
  • Lab 03: Python Scripting: Scanning and Brute Force
  • Lab 04: PBED Exercise
  • Lab 05: Cracking Wireless
  • Lab 06: Metasploit 1
  • Lab 07: Metasploit 2
  • Lab 08: Metasploit 3
  • Lab 09: EternalBlue (Shadow Brokers)
  • Lab 10: SQL Injection
  • Lab 11: Password Cracking
  • Lab 12: Data Exfiltration
  • Lab 13: Kernel Rootkit
  • Lab 14: Packet Capture and Analysis
  • Lab 15: IDS Deployment, Alert Analysis, and Reporting
  • Bonus Lab: Vulnerability Scanning
  • Bonus Lab: OSINT and Malware Analysis: Syrian Electronic Army (SEA)
  • Bonus Lab: Whispergate Malware Analysis - Destructive Malware Targeting Ukrainian Organizations and Government


Capture-the-Flag (CTF) for live training or DCO Strategy Capstone Exercise for live online and asynchronous delivery.

Who Needs to Attend

  • Anyone interested in the field of cyber warfare/cyberspace operations
  • Anyone looking to expand a cyber security career
  • Military Commanders
  • Information Operations Officers
  • Information Security/Assurance Professionals
  • Cyber Security Consultants
  • Cyber Planners
  • Military Members (J2, J3, J5, J6, J9)
  • Security Analysts
  • Network Security Engineers
  • Penetration Testers
  • Auditors
  • Government Officials
  • Security Engineers
  • Threat Hunters


While not a prerequisite, students of this course would benefit by having a working knowledge of TCP/IP, at least one year of IT security experience, and completed the CSFI Introduction to Cyber Warfare and Operations Design (ICWOD) course.

© Copyright 2024 CSFI