Listen to this Post
Introduction:
The Brazilian Federation of Banks (Febraban) has opened enrollment for the sixth edition of its Cyber Academy, a free, 40-hour cybersecurity training program offering 10,000 spots to anyone interested in digital protection. Running from July 6 to July 31, 2026, the course combines live Microsoft Teams sessions with pre-recorded EAD modules, covering everything from foundational security pillars to advanced topics like offensive hacking, AI-driven threats, cloud security, and DevSecOps. With digital fraud surging—over 13,000 victims in a single Brazilian state in just five months—this initiative aims to democratize cybersecurity knowledge and build a more resilient digital society.
Learning Objectives:
- Understand the core pillars of information security, including confidentiality, integrity, and availability (CIA triad), and how they apply to real-world banking and enterprise environments.
- Identify and analyze common cyber threats, attack vectors, and fraud techniques, including phishing, social engineering, and AI-powered impersonation attacks.
- Apply offensive and defensive security methodologies, including penetration testing, threat hunting, and incident response.
- Implement secure development practices (DevSecOps) and cloud security controls to protect modern infrastructure.
- Navigate governance, risk, and compliance (GRC) frameworks relevant to the financial sector and critical infrastructure.
You Should Know:
- The Cyber Academy 2026 Curriculum – What’s Inside the 15 Modules
The Cyber Academy is structured around 15 modules that progressively build your cybersecurity knowledge. The program kicks off on July 6 with an opening session on “The Importance of Information Security,” followed by deep dives into the pillars of security, computer networks, and cybersecurity fundamentals. Subsequent modules cover awareness and best practices, laws and regulations, fraud and cybercrime, attacks and threats, offensive security, defensive security, AI and cybersecurity, cloud security, secure development (DevSecOps), geopolitics, and GRC. The course concludes with a practical Capture The Flag (CTF) exercise from July 27–31, where participants apply their skills in a gamified security challenge.
Step‑by‑step guide to maximize your learning:
- Step 1: Enroll promptly. Registration is open until June 30, 2026, via the official Febraban portal. After enrollment, you’ll receive a confirmation email on June 30 following a curation process.
- Step 2: Prepare your environment. Install Microsoft Teams for live sessions and ensure you have a stable internet connection. Basic knowledge of operating systems and networking is helpful but not required.
- Step 3: Follow the module schedule. Live sessions occur on specific dates (e.g., July 6, 7, 13, 17, 20, 24), while recorded modules are available on-demand.
- Step 4: Engage with hands-on labs. The CTF exercise is the cornerstone of practical learning—treat it as a real incident response simulation.
- Step 5: Complete assessments. To earn the certificate, meet the minimum evaluation criteria, which include participation and successful completion of practical tasks.
- Offensive Security – Thinking Like a Hacker to Defend Better
Offensive security (Red Team) is a core component of the Cyber Academy. It teaches you to simulate real-world attacks to identify vulnerabilities before malicious actors exploit them. This includes reconnaissance, vulnerability scanning, exploitation, and post-exploitation techniques. Understanding the attacker’s mindset is crucial for building effective defenses.
Linux Commands for Reconnaissance and Scanning:
Network reconnaissance with Nmap nmap -sV -sC -A -T4 target_ip Subdomain enumeration using Amass amass enum -d example.com Directory busting with Gobuster gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt SSL/TLS vulnerability scan with testssl.sh testssl.sh https://target.com Exploit search with Searchsploit searchsploit apache 2.4
Windows Commands for Security Auditing:
Check open ports and active connections
netstat -an | findstr LISTENING
List all running services
Get-Service | Where-Object {$_.Status -eq "Running"}
Audit local user accounts and groups
net user
net localgroup administrators
Enable PowerShell logging for forensic analysis
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -1ame "EnableScriptBlockLogging" -Value 1
Check Windows Defender status and exclusions
Get-MpPreference | Select-Object ExclusionPath, ExclusionExtension
- Defensive Security – Building Your Blue Team Arsenal
Defensive security (Blue Team) focuses on monitoring, detecting, and responding to threats. This includes SIEM (Security Information and Event Management) configuration, intrusion detection, log analysis, and incident response. The Cyber Academy emphasizes practical defensive strategies applicable to financial institutions.
Essential Defensive Tools and Commands:
Linux – Log Analysis and Monitoring:
Monitor system logs in real-time
tail -f /var/log/syslog
Search for failed SSH login attempts
grep "Failed password" /var/log/auth.log | awk '{print $9}' | sort | uniq -c | sort -1r
Analyze firewall logs (UFW)
sudo ufw status verbose
sudo tail -f /var/log/ufw.log
Check for suspicious cron jobs
cat /etc/crontab && ls -la /etc/cron.
Use Lynis for system hardening audit
sudo lynis audit system
Windows – Event Log Analysis and Hardening:
Query security event logs for failed logins (Event ID 4625)
Get-WinEvent -LogName Security | Where-Object { $_.Id -eq 4625 } | Select-Object TimeCreated, Message
Check for PowerShell script execution (Event ID 4104)
Get-WinEvent -LogName "Microsoft-Windows-PowerShell/Operational" | Where-Object { $_.Id -eq 4104 }
Enable Windows Firewall logging
New-Item -Path "C:\Windows\System32\LogFiles\Firewall" -ItemType Directory -Force
Set-1etFirewallProfile -Profile Domain,Public,Private -LogBlocked True -LogAllowed True
Run Microsoft Safety Scanner for offline malware detection
Start-MpScan -ScanType QuickScan
- Artificial Intelligence in Cybersecurity – The New Battlefield
Module 10 of the Cyber Academy focuses on AI and cybersecurity. Attackers are increasingly using AI to create deepfakes, automate phishing, and bypass biometric systems. Defenders leverage AI for threat detection, anomaly identification, and automated response. Understanding AI’s dual role is essential for modern security professionals.
AI Security Checklist:
- Deepfake Detection: Use tools like Microsoft’s Video Authenticator or Intel’s FakeCatcher to verify media authenticity.
- Adversarial ML Protection: Implement input validation and model hardening to prevent adversarial attacks on AI systems.
- Automated Threat Hunting: Deploy AI-powered SIEM solutions that use machine learning to detect zero-day attacks.
- Phishing Simulation: Use AI to generate realistic phishing campaigns for employee training and awareness.
- Biometric Security: Implement liveness detection to counter AI-generated spoofing attacks.
- Cloud Security and DevSecOps – Securing the Modern Stack
Modules 11 and 12 cover cloud security and DevSecOps. As financial services migrate to the cloud, securing infrastructure-as-code, containers, and CI/CD pipelines becomes critical. DevSecOps integrates security into every phase of development, shifting left to catch vulnerabilities early.
Cloud Hardening Commands (AWS CLI):
List all S3 buckets and check public access
aws s3 ls
aws s3api get-bucket-acl --bucket your-bucket-1ame
Enable MFA for IAM users
aws iam list-users --query 'Users[].UserName' --output text | xargs -I {} aws iam enable-mfa-device --user-1ame {} --serial-1umber arn:aws:iam::account-id:mfa/{}
Audit security groups for open ports
aws ec2 describe-security-groups --query 'SecurityGroups[].{Name:GroupName,Ports:IpPermissions[].FromPort}' --output table
Enable CloudTrail for audit logging
aws cloudtrail create-trail --1ame my-trail --s3-bucket-1ame my-bucket --is-multi-region-trail
aws cloudtrail start-logging --1ame my-trail
DevSecOps Pipeline Security (GitHub Actions Example):
.github/workflows/security-scan.yml name: Security Scan on: [bash] jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Run Snyk vulnerability scan run: npx snyk test --severity-threshold=high - name: Run Trivy container scan run: trivy fs --severity HIGH,CRITICAL . - name: Run Gitleaks secret detection run: gitleaks detect --source . --verbose
- Governance, Risk, and Compliance (GRC) – The Framework for Trust
Module 14 addresses GRC, which is vital for financial institutions. GRC ensures that security practices align with legal requirements, industry standards, and business objectives. Key frameworks include ISO 27001, NIST CSF, PCI DSS, and Brazil’s LGPD (General Data Protection Law).
GRC Implementation Steps:
- Step 1: Map your organization’s assets and classify data by sensitivity.
- Step 2: Conduct a risk assessment to identify vulnerabilities and threat likelihood.
- Step 3: Implement controls aligned with frameworks (e.g., NIST 800-53).
- Step 4: Continuously monitor compliance through automated audits and reporting.
- Step 5: Train employees on security policies and incident reporting procedures.
What Undercode Say:
- Key Takeaway 1: The Cyber Academy is not just a course—it’s a national initiative to democratize cybersecurity knowledge, making it accessible to everyone from students to professionals.
- Key Takeaway 2: The inclusion of AI, cloud, and DevSecOps modules reflects the evolving threat landscape, where traditional perimeter defenses are no longer sufficient.
Analysis: The Cyber Academy’s sixth edition arrives at a critical moment. Brazil has seen a sharp rise in digital fraud, with AI-powered attacks becoming more sophisticated. By offering 10,000 free seats, Febraban is addressing both the skills gap and the urgent need for public awareness. The curriculum’s blend of theory and practice—culminating in a CTF exercise—ensures participants gain actionable skills. However, the program’s success depends on participant engagement and the quality of practical labs. The emphasis on GRC and DevSecOps also signals a shift toward integrating security into business processes, which is essential for long-term resilience. Overall, this initiative strengthens Brazil’s cybersecurity ecosystem and could serve as a model for other countries facing similar threats.
Prediction:
- +1 Widespread adoption of free cybersecurity training programs like Cyber Academy will significantly reduce successful phishing and social engineering attacks within 12–18 months.
- +1 The CTF exercise component will create a pipeline of skilled penetration testers, addressing the global shortage of offensive security professionals.
- -1 AI-powered attacks will continue to evolve faster than defensive measures, requiring continuous updates to training curricula and tools.
- -1 Organizations that do not invest in DevSecOps and cloud security will remain vulnerable to supply chain and misconfiguration attacks.
- +1 Regulatory bodies in other Latin American countries will adopt similar free training models, fostering regional cybersecurity collaboration.
- +1 The Cyber Academy’s focus on GRC will improve compliance maturity across Brazil’s financial sector, reducing regulatory fines and reputational damage.
- -1 The 40-hour format may be insufficient for deep technical mastery, necessitating additional specialized training for advanced roles.
- +1 Increased public awareness from such initiatives will lead to higher reporting rates of cyber incidents, improving overall threat intelligence.
- +1 The integration of AI security modules will prepare professionals to defend against emerging threats like deepfake-based fraud and adversarial machine learning.
- -1 Without ongoing mentorship and community support, some participants may struggle to transition from theory to practice, highlighting the need for post-course engagement.
▶️ Related Video (68% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Jonhnysantos Cyber – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
