Advanced Cybersecurity Concepts

Contact: ISSO Support Team | ISSO@cms.hhs.gov

CMS Slack Channel: #cms-isso

Last Reviewed: 10/30/2025

Advanced Cybersecurity Concepts is an instructor-led course that deepens skills in secure architecture, AI security, code scanning, penetration testing, malware analysis, and others. It builds on foundational training to address evolving cyber risks for CMS.

What is Advanced Cybersecurity Concepts?

Advanced Cybersecurity Concepts is an instructor-led, concept-driven course that deepens skills across:

Secure architecture
Artificial Intelligence (AI) security
Code scanning
Penetration testing
Malware analysis
Computer forensics

It’s designed to build on foundational security training offered at Centers for Medicare & Medicaid Services (CMS) and complements the ISSO Boot Camp by expanding into advanced methods, frameworks, and real-world reporting and remediation practices.

Purpose of Advanced Cybersecurity Concepts

As CMS systems grow more complex and threats are more sophisticated, ISSOs and security professionals need more than foundational knowledge. This course builds on the ISSO Boot Camp by strengthening the ability to anticipate, analyze, and respond to evolving risks.

Through this program, CMS continues its commitment to building a highly skilled, forward‑looking security community — one that safeguards sensitive information, supports mission delivery, and adapts to the ever‑changing cyber landscape.

Who should attend?

ISSOs and Security Analysts: Professionals seeking deeper technical and architectural proficiency.

System developers and engineers: Staff involved in secure design, testing, and cloud architecture.

Compliance and audit partners: Team members aligning implementations with CMS policies and federal standards.

Learning objectives

Secure architecture: Apply least privilege, defense in depth, security by design, and network segmentation across Open Systems Interconnection (OSI) layers and cloud models (IaaS, PaaS, SaaS).

AI security frameworks: Align the NIST AI RMF core functions (Govern, Map, Measure, Manage) with the KPMG AI Security Framework domains to manage AI risks end-to-end.

Code scanning: Conduct static, dynamic, and interactive analysis; integrate tools into Continuous Integration (CI) / Continuous Delivery (CD) pipelines; address false positives and reporting metrics.

Penetration testing: Perform reconnaissance, scanning, exploitation, post-exploitation, and remediation; deliver both executive and technical reports.

Malware and attack vectors: Identify and mitigate common malware types and delivery vectors, including phishing, exploit kits, and drive-by downloads.

Computer forensics: Perform evidence collection and preservation, disk imaging and analysis, memory forensics, and prepare findings for legal contexts.

Schedule and format

When: Offered quarterly.

Session structure: 9:00 AM–1:00 PM ET, two days a week across three consecutive weeks.

Delivery: Live, instructor-led virtual sessions via Microsoft Teams, aligned with CMS’s ISSO training model.

Next session dates: November 05 & 06, 2025. Session dates for 2026 are to be announced.

How to register

To obtain more details and express interest in registering for the course, email ISSO@cms.hhs.gov.

Authorization to Operate (ATO)

Ongoing Authorization (OA)

Assessments & Audits

CMS Policies and Guidance

Federal Policies and Guidance

Application Security

Security Operations

Risk Management and Reporting

Agreements

Privacy Activities

Privacy Resources

Reporting & Compliance

System Security

Tests & Assessments