Certified Vulnerability Assessor (CVA)

Description

The CVA course focuses on understanding and executing vulnerability assessments in modern IT environments. You will study different types of vulnerabilities, learn how to assess networks, web servers, applications, and remote/VPN services, and work with professional vulnerability scanners. The course also covers patch management processes, result analysis, and reporting. Upon completion, you will be able to assess an organization’s security posture, perform a basic vulnerability test, and generate clear reports to guide security improvements.

Objectives

Upon completing this course, you will be able to:

• Explain what a vulnerability assessment is and why it is essential
• Recognize different vulnerability types, threats, and information leaks
• Apply basic risk management concepts within a vulnerability assessment
• Prepare and scan networks and systems for vulnerabilities
• Understand and support patch management processes
• Use common vulnerability assessment tools (including scanners such as Nessus)
• Interpret and prioritize scan results based on severity and risk
• Create clear, management-ready security reports and metrics
• Prepare for the Mile2 CVA certification exam

Target audience

This course is ideal for:

• Information System Owners
• Analysts and Security Analysts
• Ethical Hackers and Penetration Testers
• Information System Security Officers (ISSOs)
• IT Engineers and System Administrators
• Cyber Security Managers

Prerequisites

Basic networking understanding is recommended.

Course Materials

You receive:

• Student Guide (digital course book)
• Lab workbook with step-by-step exercises
• Practice questions to prepare for the CVA exam
• Access to the Mile2 learning platform

Course Modules

• Module 1 – Why Vulnerability Assessment
  • What is a Vulnerability Assessment?
  • Examination and assessment scope
  • Benefits of a Vulnerability Assessment
  • What are Vulnerabilities?
  • Compliance and project scoping
  • The Project Overview Statement
  • Assessing current network concerns
  • Network Vulnerability Assessment Methodology
  • Risk Management
  • Asset value and impact
  • Types of policy
• Module 2 – Vulnerability Types
  • Vulnerability severity and critical vulnerabilities
  • Information leaks
  • Denial of Service
  • Best practices to reduce exposure
• Module 3 – Assessing the Network
  • Introduction to patch management
  • What is patch management?
  • Different types of patches
  • Why patch management is necessary
  • Patch management process
• Module 4 – Assessing Web Servers and Applications
  • Patch management program challenges
  • Timing, prioritization, and testing
  • Patch management configuration
  • Alternative host architectures
  • Other operational challenges
• Module 5 – Assessing Remote and VPN Services
  • Patch management technologies
  • Components and architecture
  • Security capabilities
  • Management capabilities
• Module 6 – Vulnerability Assessments & Tools of the Trade
  • Types of vulnerability scanners
  • Cyber Vulnerability Assessment tools
• Module 7 – Output Analysis
  • Vulnerability severity
  • Reportable vulnerabilities
  • Readability factor
  • Tool output and data provided
  • Compliance audits

Labs

• Lab 1 – Intro to Common Vulnerability Exposures
• Lab 2 – Drafting Incident Response Procedures
• Lab 3 – Patch Management Architecture
• Lab 4 – Operations
• Lab 5 – Patch Management
• Lab 6 – Installing Nessus and Conducting a Vulnerability Scan
• Lab 7 – Generating Metrics on a Security Report