The capstone week brings together all prior concepts, emphasizing integration as the defining quality of resilient design. Students learn that resilience arises not from isolated tools but from coherent architectures that link cryptography, identity, networks, applications, and supply chains into a unified strategy. Frameworks such as NIST CSF, ISO 27001, FAIR, and OWASP are revisited as guides for aligning technical measures with organizational priorities.

Case studies contrast failures of design—flat networks, poor identity controls—with examples of resilient architectures that contained damage and supported rapid recovery. Governance, communication, and humility are emphasized as traits of effective leadership. Learners finish the course prepared to explain trade-offs, design layered defenses, and lead with adaptability. The ultimate outcome of secure design is trust—confidence that systems will function reliably even under attack.
Produced by BareMetalCyber.com

This week addresses the rapidly evolving threat landscape. Ransomware is studied from its early origins to its present role as a multimillion-dollar business model, while advanced persistent threats demonstrate the persistence and adaptability of state-sponsored actors. Insider threats add complexity, highlighting the difficulty of defending against misuse of legitimate credentials. Frameworks such as MITRE ATT&CK, STRIDE, and DREAD provide structured ways to map adversary behavior and anticipate weaknesses.

Students examine case studies including ransomware attacks on healthcare and the SolarWinds compromise, illustrating the systemic and human consequences of modern campaigns. Defensive strategies such as zero trust, microsegmentation, threat hunting, and layered defense are explored, alongside the challenges of cost and complexity. By the end of the week, learners will recognize that adaptability is the defining characteristic of resilience, requiring continuous monitoring, cultural change, and leadership commitment.
Produced by BareMetalCyber.com

Applications and APIs form the backbone of digital services, enabling everything from online banking to global supply chains. Students study common weaknesses cataloged in the OWASP Top 10, including injection, misconfiguration, and weak session management, as well as the specific risks of mobile and API security. Case studies of T-Mobile and Peloton highlight how weak APIs expose sensitive data, while the persistence of SQL injection shows that technical knowledge alone is not enough—cultural and organizational discipline are required.

Attention is also given to testing methodologies such as static, dynamic, and interactive analysis, as well as runtime protections. Learners explore the secure software development lifecycle, where security is embedded from design through deployment. By the end of this week, students will appreciate that application security is both technical and cultural, demanding governance, training, and communication alongside tools and frameworks.
Produced by BareMetalCyber.com