Have you ever wondered how real attackers carry out cyber attacks? BHPT is a comprehensive hands-on course that uses on-demand labs to learn methodologies for discovering, exploiting, reporting, and responding to vulnerabilities by conducting penetration testing from an attacker's perspective against specific hosts.

The PNT course is a hands-on course designed to follow the BHPT course and teach the concepts of pivoting and tunneling, which are necessary for lateral movement within a network. Students will learn pivoting techniques to bypass firewalls by manipulating network traffic and learn how to cross boundaries in various network environments through a practical lab.

Training for establishing risk assessment methods for network equipment, security devices, and control systems based on the revised Critical Information and Communication Infrastructure standards for the second half of 2025, and eliminating vulnerabilities through the integration of years of know-how and fast, accurate inspections and remedial actions. In particular, we expect efforts to secure inspection speed and improvement plans in accordance with the designation of ISMS-P and ISO27001 certification scopes. Gain experience with network equipment, security devices, and control systems—which are relatively less accessible and more difficult to set up environments for compared to Servers, DBs, WEB, WAS, PCs, and Cloud (Public, Private).

Developed to submit annual performance records, including the establishment of information security regulations and the preparation of various activity evidence, by applying domestic and international certification standards for Information Security Management Systems (ISMS) and internal/external audit criteria to the revised Risk Assessment standards for the Management and Physical sectors of Critical Information and Communication Infrastructure in the second half of 2025. The plan is designed to prepare for changes in the external environment (AI, etc.), internal environment (new systems and changes in employees/external staff), and new evaluation indicators and legal amendments. It aims to establish activity plans to advance information security levels compared to the previous year. Specifically, it involves objectively and meticulously inspecting various activities to strengthen accident prevention systems—such as personal information leaks caused by hacking—and establishing plans for the headquarters to supervise all departments and ensure the secure management of contractors. This includes operating DevSecOps systems following the introduction of AI systems and implementing Privacy by Design (PbD) adequacy review frameworks. The execution is based on expanding monitoring and periodic inspection report areas, external disclosure areas, data linkage system inspections (API, MyData, etc.), establishing network separation improvement plans according to N2SF, and advancing Zero Trust implementation. *Possessing over 150 references for establishing and applying the world's first and highest-level information security and personal information protection activities and system enhancement plans.

IT services are rapidly transitioning to cloud environments. You will learn security practices from basic virtual infrastructure construction to security threat monitoring and vulnerability diagnosis for each area to secure the Amazon AWS cloud environment.

Nationally Certified Industrial Security Manager: "Final update of the newly renewed version is complete"!! The 2026 exam schedule is expected to be announced between February and March on the following site (https://license.kaits.or.kr/license/web/board/brdList.do?menu_cd=000021). This course is designed to help you obtain the Nationally Certified Industrial Security Manager certification by providing a systematic understanding of industrial security from a management perspective. Rather than focusing on rote memorization, the content systematically organizes the concepts, structures, and flows of industrial security so that even non-security majors can understand it, preparing you for the exam while also supporting practical work and career expansion.

This lecture provides a general guide on how to prepare while studying when you want to choose a career in IT security penetration testing, and what questions and answers to prepare for the interview. I will share my experience working as a penetration testing consultant, at large companies, and in the financial sector, and currently running a penetration testing consulting business.

This is a course where you can learn the basics of web technology. You can learn the basics of web technology in a short period of time. If you are interested in studying or getting a job related to the web, you must take this course!

Incident response is less about mastering tools and more about knowing what to judge first. Rather than focusing on how to analyze malware, this course explains the realistic thought process of determining **"whether the current situation is an actual incident and what actions to take first."** Using webtoon-based real-world scenarios, we have organized the entire flow of incident response—from identifying signs of intrusion to incident assessment, initial response, containment, and analysis/forensics—in a way that even non-experts can understand. This is not just a collection of fragmented technical explanations; it is a course where you learn the decision-making criteria and response perspectives that practitioners can apply immediately in the field.