Back to Academy

VCA-SEC-101 — Cybersecurity Principles

Virtus Academy · Core

The pipeline’s security-literacy course. Students learn the CIA triad, STRIDE threat modeling, the OWASP Top 10, a working (non-cryptographer) model of modern crypto, and the professional practice of coordinated vulnerability disclosure. picoCTF runs as the weekly lab spine — students build offensive fluency while developing defensive intuition. Required for every downstream offensive or RE course in the pipeline.

Duration: ~14 weeks (tentative)
Position: 11th Grade, Fall
Prereq: VCA-NET-101 + VCA-FND-102
Credential: VCA-SEC-101 Certificate of Completion
Register interest — we’re not taking enrollments yet. Email academy@virtuscybersecurity.com.
Detailed syllabus in development. The full charter (weekly schedule, lab exercises, assessment rubric) is being written. Register interest to be notified when the detailed course guide is published.

Course Overview

VCA-SEC-101 is the first Virtus Academy course where the security in cybersecurity is the explicit subject. Prior courses treated the adversarial framing as background (ethics, authorization). This course moves it to the foreground: students build threat models, reason about what could go wrong, study disclosed vulnerabilities as the professional literature of the field, and practice offensive and defensive thinking in a structured, ethical environment. The course does not produce graduates who can do a penetration test — that is VCA-PEN-101 — but it produces graduates who understand the discipline well enough to take the next step.

What Students Learn

  • Security principles. CIA triad, least privilege, defense-in-depth, fail-safe defaults, open-design.
  • Threat modeling. STRIDE, DREAD (historical), attack trees, practical workshops on student-chosen systems.
  • Web application security. OWASP Top 10 walked through with real-world example CVEs.
  • Cryptography literacy. Symmetric vs. asymmetric, hashing, digital signatures, TLS at the handshake level, common mistakes (don’t-roll-your-own, don’t-reuse-nonces).
  • Authentication and authorization. Passwords (well and poorly), MFA, session management, tokens, federation basics.
  • Operational security. Logging, monitoring, incident response fundamentals, blue-team vocabulary.
  • Coordinated disclosure. CERT/CC practice, the social contract of responsible disclosure, real-world case studies.
  • Hands-on CTF. picoCTF as weekly lab spine — students work through a structured ladder of challenges.

Capstone (Planned)

A written explainer of a significant historical CVE, chosen from an instructor-curated list. The student reconstructs the technical detail, the timeline, the disclosure, and the impact, then writes a 5–8 page report pitched at the “educated non-specialist” register — a smart friend who is not a security professional should be able to understand what happened and why it mattered.

Certification Alignment

ISC2 CC (free) CompTIA Security+

Primary: ISC2 Certified in Cybersecurity (CC) — free via the ISC2 One Million Certified in Cybersecurity program. Every student should sit it. Secondary: CompTIA Security+ — the industry baseline, widely recognized by employers. VCA-SEC-101 covers the substantive Security+ domains at greater depth than the exam requires. Students who want the credential should sit Security+ within three months of completion.

Interested in VCA-SEC-101?

Email academy@virtuscybersecurity.com with your register and why.

Email academy@virtuscybersecurity.com

Virtus Academy is the educational arm of Virtus Cybersecurity, LLC — an SDVOSB. Virtus Academy is an independent program; no affiliation with any government academy or university is claimed or implied.