Discover our SECO and PwC new trainings

We are extremely happy to announce that SECO-Institute and PwC Luxembourg are joining forces to bring new services in the field of cybersecurity. 

Thanks to this partnership, we are delivering a comprehensive training curriculum around today's most critical aspects of information security which will offer true value to security and privacy professionals and help them build their career.

This distinctive blend of expertise between SECO-Institute and PwC's professionals leveraged under an hands-on pedagogic approach will provide our trainees with a unique and very practical learning experience to reach a new level of proficiency.

Our common goal is to build and support the cybersecurity community.

Ethical Hacking Foundation offers participants a comprehensive and hands-on introduction to ethical hacking and penetration testing. The training evaluates how hackers work, how a penetration test is performed and what agreements must be in place to safely carry out a penetration test.

Students will learn the difference between - and practice of passive and active reconnaissance and use open-source intelligence, sniffing and port scanning tools and techniques to gain valuable information on a target.

They will gain hands-on experience in vulnerability scanning, SQL injection, password cracking, XSS, and remote and local file inclusion by completing realistic lab challenges. At the end of the course, students will use their  newly acquired skills to perform a basic black-box penetration test (Capture the Flag challenge). All exercises are performed in a secure environment.

Included in the training:


Duration: 2 Days from 9am-5pm

Language: English

Number of participants: 12


  • 2 days of instructor led training
  • SECO-Institute course materials
  • Student Syllabus with hands on exercises
  • Basic Linux Commands Reference Guide
  • Premium TryHackMe account to practice your cybersecurity skills (1 month)
  • Exam Syllabus with guidance to prepare for and book your exam
  • Practice exam
  • Exam voucher
  • Digital Certification Badge after passing the exam

 Objectives

By the end of this program, the participants will:

  • Understand the penetration testing process, the legal implications of hacking, know what agreements to make in the intake phase to safely carry out a penetration test, and how to prepare for the reporting phase
  • Understand the difference between passive and active reconnaissance, and know how to use open-source intelligence (OSINT), sniffing and port scanning tools and techniques to gain valuable information on a target
  • Have gained hands-on experience in vulnerability scanning, SQL injection, password cracking, XSS, and remote and local file inclusion
  • Have used their newly acquired skills to perform a basic black-box penetration test in a Capture the Flag challenge

Content

Module 1: Penetration Testing - Preparation

  • Ethical Hacking introduction
  • Hacking and The Law: A Brief Overview of Cybercrime Legislation
  • The Penetration Testing Process
  • Reporting
  • Kali Linux

Module 2: Reconnaissance

  • Passive Reconnaissance
  • Active Reconnaissance: Sniffing and Scanning

Module 3: Web Application Attacks

  • Web Application Vulnerability Scanning
  • Cross-Site Scripting (XSS)
  • Structured Query Language (SQL)
  • SQL Injection
  • Password Cracking
  • Brute-forcing
  • File Inclusion

Module 4: Capture the Flag

In this CTF challenge, you will break into the wireless network of SECO’s Bicsma Company (black box). You will use the techniques learnt in Modules 1-3 to discover interesting hosts, identify what services run on them, access and exploit these services to gain access to the systems. The ultimate purpose of the CTF is to find the recipe to the Bicsma Cola drink, which is stored on the server.


Exam

This training prepares for the Ethical Hacking Foundation exam (S-EHF) from SECO-Institute. The Certification Title is granted based on the successful completion of an online exam, proctored by SECO-Institute. The exam voucher is included in the training.

  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 40 multiple choice questions
  • Passing rate: 70%
  • Time: 60 minutes

Target audience

The training benefits anyone looking for a comprehensive introduction in Ethical Hacking. For students without experience in Linux, a Basic Linux Commands Reference Guide is included in the course materials, it is highly recommended to read that prior to the first day of training.

Dark Web Foundation was co-developed with the Netherlands Organisation for Applied Scientific Research (TNO), the first scientific research institute to partner with INTERPOL to combat cybercrime. It offers a comprehensive and practical introduction to the Dark Web. During the course you will understand the technology behind the Dark Web, and you will use Tor to discover hidden sites and services. You will grasp the business dynamics of Dark Markets, and you will gain insight into Dark Web investigations through real-world incidents. Finally, you will get a thorough grounding in Bitcoin transactions, Bitcoin mining and Bitcoin laundering. The course draws on the practical experience of high-level cybersecurity experts and Dark Web researchers.

Included in the training:


Duration: 2 Days from 9am-5pm

Language: English

Number of participants: 15


  • 2 days of instructor led training
  • SECO-Institute course materials
  • Exam Syllabus with guidance to prepare for and book your exam
  • Practice exam
  • Exam voucher
  • Digital Certification Badge after passing the exam

 Objectives

By the end of this program, the participants will:

  •  Understand the Technology behind the Dark Web
  • Be able to use Tor to discover hidden sites and services
  • Grasp the business dynamics of Dark Markets.
  • Understand the basics of Blockchain technology
  • Understand how crypto currencies are used for money laundering, Crime- and Terrorism Funding and payments on Dark Markets
  • Have a thorough grounding in Bitcoin transactions, Bitcoin mining and Bitcoin laundering.
  • Have gained insight into Dark Web investigations through real-world incidents.

Content

 Module 1: Introduction

  • Introduction, history and technology, legitimate and criminal uses
  • Clear-, deep- and dark web
  • Crypto currencies
  • Law enforcement activities and interventions
  • Dark Markets
  • Pillars of anonymity
  • Crime opportunity theory
  • Offender profiles

Module 2: PGP & The Onion Router (Tor)

  • Identifiable Information
  • Pretty Good Privacy (PGP)…or not so pretty good?
  • PGP investigation
  • The Onion Router (Tor) basics, protocol & routing
  • The envelope game
  • Perfect forwarding secrecy
  • Hidden services and rendezvous point
  • Dark Web investigation

Module 3: Bitcoin & Blockchain, Money Laundering, Crime & Terrorism Funding

  • Crypto and Bitcoin basics
  • Blockchain technology
  • Advanced wallets
  • Monero versus Bitcoin
  • Money Laundering and Crime/Terrorism Funding
  • Bitcoin laundering and mixing services
  • Bitcoin laundering and cashing out

Exam

This training prepares for the Dark Web Foundation title (S-DWF) from SECO-Institute. The certification is granted based on the successful completion of an online exam, proctored by SECO-Institute. The exam voucher is included in the training.

  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 40 multiple choice questions
  • Passing rate: 70%
  • Time: 60 minutes

Target audience

This is an entry level training for anyone interested to learn the foundations of and technology behind the Dark Web. A technical background is not required to participate. This training is not aimed at those already investigating the Dark Web. Participants will need to install the TOR browser on their PC/Laptop.

Typical participants & their objectives:

  • Cybersecurity professionals will learn the foundations of the Dark Web as facilitator of hidden threats facing their organization.
  • Law enforcement, NGO’s and other investigators will gain insight on how criminal activities evolve on the hidden part of the web, and understand how crypto currency is used for money transactions, money laundering and terrorism funding.
  • Policy makers and government officials benefit from this course in their efforts to develop legislation that combat crime in the digital era.

Information Security Foundation introduces students to the human, organisational and technological domains of information security. The aim of the course is to let students gain a basic understanding of information security governance, risk management, international standards relevant to information security, awareness, threats to information security, and best practices relevant to implementing and managing information security. During the course discussions, demonstrations, and exercises will help students translate these theoretical concepts to the practices of their own working environment.

Included in the training:


Duration: 2 Days from 9am-5pm

Language: English

Number of participants: 20


  • 2 days of instructor led training
  • SECO-Institute course materials
  • Exam Syllabus with guidance to prepare for and book your exam
  • Practice exam
  • Exam voucher
  • Digital Certification Badge after passing the exam

 Objectives

By the end of this program, the participants will:

  • Know how information security has evolved over the years, and  which “old” approaches are still fundamentally sound (and why that is so) and why some do not provide sufficient assurance anymore.
  • Understand how information security relates to IT, business- and other resilience processes and how it can support them (enterprise risk management, business continuity management, data protection & privacy, and crisis management)
  • Understand why information security is essentially an information risk management process.
  • Know how risk management is defined as a process in general, the subprocesses that are part of it, and what drives the decisions made in information risk management.
  • Understand how governance and planning are paramount to creating and maintaining an effective Information Risk Management process
  • Understand why people are one of the most important factors in IS, both as causers of risk and as gatekeepers; and why awareness and empowerment are required to achieve proper security practices in the human domain
  • Understand how information security supports business goals, the relation between strategy, policies and procedures and how standards and best practices can help implement them on an operational level.
  • Know which organisational tools are used to make sure people and processes behave in a secure fashion, and that continuous process improvement requires proper monitoring and review of progress and effectiveness
  • Have a basic understanding of core disciplines that help implement information security (Asset Management, Access Control, Data Protection, Vulnerability Management, Incident Response and Security Intelligence), understand the basic concepts behind them and the most common technologies that are used.

Content

Module 1: Introduction

  • Defining information security
  • Scoping information security: People, Processes, Technology
  • IT versus business
  • Relationship to other processes
  • Information security evolving: Then, now and in the future
  • Roles & responsibilities

Module 2: Information Security Risk Management

  • Risk Management as a process
  • Drivers in information risk management
  • Managing Risk
  • Assessing Risk
  • Governing Risk
  • Standards and Frameworks

Module 3: Risk Mitigation: Human Focus

  • Knowledge, attitude, behavior
  • Manipulating humans & social engineering
  • Continued motivation & empowerment
  • Limitations of awareness campaigns

Module 3bis: Risk Mitigation: Organizational Focus

  • Security Organization Overview
  • Pros and cons of best practices, frameworks and standards
  • Dealing with 3rd parties that have their own best practices
  • Case study: Migrating an on – premise service to a cloud provider

Module 4: Risk Mitigation: Technological Focus

  • Asset Management
  • Access Control
  • Data Protection
  • Case study: Preparing for and mitigating a Ransomware attack
  • Vulnerability Management
  • Incident Response
  • Security Intelligence
  • Case study: handling a vulnerability notification
  • Recap of the course
  • Practice exam

Exam

This training prepares for the Information Security Foundation exam (S-ISF) from SECO-Institute. The Certification Title is granted based on the successful completion of an online exam, proctored by SECO-Institute. The exam voucher is included in the training.

  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 40 multiple choice questions
  • Passing rate: 70%
  • Time: 60 minutes

Target audience

The training benefits anyone looking for a comprehensive introduction in information security and information risk management. This is an entry level training, no previous experience is required to participate.

Our lead experts

Koen Maris

​Koen Maris is partner at PwC Luxembourg, leading the Cyber Security practice with more than 20 years of experience in information/cyber security in cross industry environments. Koen is specialised in Secure Operations Centers, incident response and awareness raising at all levels of an organisation. He has experience with Distributed Ledger Technology, IoT, OT/IT security, threat intelligence and forensics. Koen has a strong technical background and operational experience in cyber security as well as strong  competencies in security architecture, solution design, program management, business development.

Maxime Clementz

Maxime is a Senior Manager within the Cybersecurity Advisory team of PwC Luxembourg. He develops his ethical hacker skills by committing himself in various assignments for big companies, banks and European institutions. As a technical specialist, he takes part in penetration tests, incident response, vulnerability assessment and information security advisory.

He contributes to the development of the team’s hacking capabilities by sharing the results of his technology watch and R&D and is now leading the CSIRT and Threat Intelligence initiatives of PwC Luxembourg. He especially enjoys sharing knowledge by presenting his results or by giving talks and training courses. Maxime teaches IT security at a French engineering school.

Contact us

Maxime Pallez

Cybersecurity Director, PwC Luxembourg

Tel: +352 62133 41 66

Simon Petitjean

Cybersecurity Director, PwC Luxembourg

Tel: +352 62133 43 74

Antonin Jakubse

Senior Manager, Privacy, PwC Luxembourg

Tel: +352 62133 44 12

Stay Connected: