Computer Security Technician

Course Description

CTS0069 – Computer Security Technician is a Postsecondary Adult Vocational (PSAV) clock-hour course preparing students for entry-level employment in cybersecurity support and technician roles. The course covers fundamental cybersecurity concepts; the threat landscape including malware, social engineering, network attacks, and emerging threats; security tools and technologies; security operations practices; introductory security analysis; introductory incident response; security policies and compliance frameworks; and the substantial supervised laboratory practice required to develop foundational technical security competencies. Content is aligned with industry-standard cybersecurity entry-level credentials, particularly CompTIA Security+ — the most widely-recognized U.S. entry-level cybersecurity credential.

The course sits within the Florida Statewide Course Numbering System (SCNS) under Computer Technology Skills > Cybersecurity and is offered at approximately 27 Florida public institutions. CTS0069 is delivered at FCS technical colleges, district technical centers, and adult career and technical education centers throughout the state. The course typically runs 300 contact hours, providing substantial preparation for entry-level cybersecurity work and articulation toward cybersecurity AS degree programs (such as the St. Petersburg College Cybersecurity AS degree, the EFSC Cybersecurity AS, the Hillsborough Community College Cybersecurity AS, the Valencia College Cybersecurity AS, and others).

Florida's substantial cybersecurity employer base — including major Florida-based companies, federal contractors with substantial Florida presence (Lockheed Martin, Northrop Grumman, L3Harris, Booz Allen Hamilton, others), substantial Florida defense and aerospace operations (Cape Canaveral Space Force Station, Patrick Space Force Base, MacDill Air Force Base, Eglin Air Force Base, NSA Pensacola, others), substantial Florida healthcare cybersecurity needs (HIPAA-driven), substantial Florida financial-services cybersecurity needs (Florida is a substantial financial-services market, including major credit unions, regional banks, and substantial Citigroup operations in Tampa), and substantial state and local government cybersecurity needs — creates persistent strong demand for trained cybersecurity workers. Cybersecurity is widely-recognized as among the strongest IT-career growth areas; substantial Florida employer demand combined with persistent worker shortages creates substantial career opportunity for trained cybersecurity workers.

Learning Outcomes

Required Outcomes

Upon successful completion of CTS0069, students will be able to:

• Apply principles of cybersecurity fundamentals: the CIA Triad (Confidentiality, Integrity, Availability) — the foundational cybersecurity framework; AAA framework (Authentication, Authorization, Accounting); the substantial role of cybersecurity in contemporary IT; the cybersecurity terminology, history, and culture; the contemporary cybersecurity threat landscape.
• Recognize and discuss major cybersecurity threats: malware (viruses, worms, trojans, ransomware — the substantial contemporary ransomware threat; spyware; rootkits; bots and botnets); social engineering attacks (phishing, spear phishing, whaling, vishing, smishing, pretexting); network-based attacks (man-in-the-middle, denial-of-service and DDoS, ARP poisoning, DNS attacks); web-based attacks (cross-site scripting, SQL injection, cross-site request forgery); password attacks (brute force, dictionary, rainbow tables, credential stuffing); insider threats; advanced persistent threats (APTs); the substantial contemporary threat from nation-state and organized-crime actors.
• Apply principles of identification and authentication: passwords (and password-policy considerations); multi-factor authentication (MFA — substantially more important than passwords alone); biometric authentication; smart cards and tokens; passwordless authentication (FIDO2, WebAuthn); the substantial contemporary push toward passwordless and MFA-based authentication; single sign-on (SSO).
• Apply principles of access control: the principle of least privilege; the principle of separation of duties; access control models (DAC, MAC, RBAC — Role-Based Access Control, ABAC — Attribute-Based Access Control); the substantial role of access control in security operations.
• Apply principles of cryptography fundamentals: symmetric encryption (AES); asymmetric encryption (RSA, ECC); hashing (SHA-2, SHA-3); digital signatures; certificates and Public Key Infrastructure (PKI); SSL/TLS; the substantial role of cryptography in contemporary cybersecurity.
• Apply principles of network security: firewalls (stateful packet inspection, application-layer firewalls, next-generation firewalls); intrusion detection and prevention systems (IDS/IPS); network segmentation; VPNs (Virtual Private Networks); proxies; the substantial role of network security in defense-in-depth.
• Apply principles of endpoint security: antivirus and anti-malware tools (next-generation); endpoint detection and response (EDR); host-based intrusion detection; full-disk encryption; mobile device management (MDM); patch management; the substantial role of endpoint security in defense.
• Apply principles of application security: input validation; secure coding practices at introductory level; common vulnerabilities (OWASP Top 10 — SQL injection, XSS, broken authentication, others); web application firewalls (WAFs); the substantial role of application security in contemporary computing.
• Apply principles of data security: data classification; data-at-rest encryption; data-in-transit encryption; data loss prevention (DLP); secure data destruction; backup and recovery; the substantial role of data security in regulatory compliance.
• Apply principles of cloud security at introductory level: shared-responsibility model in cloud environments; cloud access security brokers (CASBs); the substantial growth of cloud computing and the corresponding cloud-security considerations; the major cloud providers (AWS, Microsoft Azure, Google Cloud) and their respective security frameworks.
• Apply principles of introductory security operations: Security Operations Center (SOC) introduction; SIEM (Security Information and Event Management) introduction; security monitoring and alerting; the substantial role of security operations in contemporary cybersecurity practice.
• Apply principles of introductory incident response: incident response phases (preparation, identification, containment, eradication, recovery, lessons learned — the NIST framework); incident triage; chain of custody; the substantial role of effective incident response in damage limitation; introductory awareness of digital forensics.
• Apply principles of introductory threat intelligence and vulnerability management: threat intelligence sources; vulnerability scanning; penetration testing at introductory awareness level (CTS0069 covers awareness; offensive security requires substantially more advanced training); patch management; vulnerability prioritization.
• Apply principles of security policies, frameworks, and compliance: security policy development; major cybersecurity frameworks (NIST Cybersecurity Framework — substantial U.S. government framework; ISO 27001; CIS Controls); regulatory compliance (HIPAA for healthcare; PCI DSS for payment cards; SOX for financial reporting; GDPR; CCPA; Florida cybersecurity-related regulations); the substantial role of compliance in contemporary cybersecurity practice.
• Apply principles of security awareness and training: the substantial role of human factors in cybersecurity; security-awareness training programs; phishing simulation programs; the relationship between user education and overall security posture.
• Apply principles of introductory risk management: risk identification; risk assessment (qualitative and quantitative); risk treatment (accept, mitigate, transfer, avoid); the substantial role of risk-based decision-making in cybersecurity resource allocation.
• Demonstrate professional and ethical cybersecurity behaviors: substantial professional ethics expected of cybersecurity workers; the substantial trust placed in cybersecurity practitioners; legal considerations including Computer Fraud and Abuse Act and similar statutes; the substantial career-ending consequences of cybersecurity ethical failures.
• Successfully complete laboratory exercises developing technical security skills using virtualized environments, security tools, and realistic scenarios.
• Prepare for and (where pursued) pass the CompTIA Security+ certification examination — among the most widely-recognized U.S. entry-level cybersecurity credentials.

Optional Outcomes

Depending on institutional emphasis:

• Engage with specific cybersecurity domains in greater depth: network security; endpoint security; cloud security; identity and access management.
• Engage with introductory awareness of penetration testing and red team operations: substantial awareness only — full offensive-security training requires substantial additional coursework.
• Engage with introductory awareness of digital forensics: substantial Florida-related computer forensics field; FBI Cyber Division Florida operations; Florida-specific cybercrime investigations.
• Engage with industry-relevant cybersecurity certifications beyond CompTIA Security+: CompTIA Network+ (foundational networking certification often pursued before or alongside Security+); CompTIA CySA+ (Cybersecurity Analyst — focused on security-operations role); SSCP (Systems Security Certified Practitioner — through (ISC)²); CompTIA PenTest+ (penetration testing); the substantial range of more-advanced cybersecurity certifications (CISSP, CISM, GIAC) typically pursued after substantial professional experience.
• Pursue articulation toward cybersecurity AS degree programs through participating Florida institutions.

Major Topics

Required Topics

• Cybersecurity Fundamentals: CIA Triad (Confidentiality, Integrity, Availability); AAA framework (Authentication, Authorization, Accounting); cybersecurity's role in contemporary IT; cybersecurity terminology, history, culture; contemporary threat landscape.
• Cybersecurity Threats: Malware (viruses, worms, trojans, ransomware, spyware, rootkits, bots and botnets); social engineering (phishing, spear phishing, whaling, vishing, smishing, pretexting); network-based attacks (MITM, DoS/DDoS, ARP poisoning, DNS attacks); web-based attacks (XSS, SQL injection, CSRF); password attacks (brute force, dictionary, rainbow tables, credential stuffing); insider threats; advanced persistent threats (APTs); nation-state and organized-crime threats.
• Identification and Authentication: Passwords and password-policy considerations; multi-factor authentication (MFA); biometric authentication; smart cards and tokens; passwordless authentication (FIDO2, WebAuthn); push toward passwordless and MFA-based authentication; single sign-on (SSO).
• Access Control: Principle of least privilege; principle of separation of duties; access control models (DAC, MAC, RBAC, ABAC); access control's role in security operations.
• Cryptography Fundamentals: Symmetric encryption (AES); asymmetric encryption (RSA, ECC); hashing (SHA-2, SHA-3); digital signatures; certificates and Public Key Infrastructure (PKI); SSL/TLS; cryptography's role in contemporary cybersecurity.
• Network Security: Firewalls (stateful packet inspection, application-layer, next-generation); intrusion detection and prevention (IDS/IPS); network segmentation; VPNs; proxies; network security's role in defense-in-depth.
• Endpoint Security: Antivirus and anti-malware tools (next-generation); endpoint detection and response (EDR); host-based intrusion detection; full-disk encryption; mobile device management (MDM); patch management; endpoint security's role in defense.
• Application Security: Input validation; secure coding practices at introductory level; common vulnerabilities (OWASP Top 10 — SQL injection, XSS, broken authentication, others); web application firewalls (WAFs); application security's role in contemporary computing.
• Data Security: Data classification; data-at-rest encryption; data-in-transit encryption; data loss prevention (DLP); secure data destruction; backup and recovery; data security's role in regulatory compliance.
• Cloud Security (Introductory): Shared-responsibility model in cloud environments; cloud access security brokers (CASBs); cloud growth and corresponding security considerations; major cloud providers (AWS, Microsoft Azure, Google Cloud) security frameworks.
• Security Operations (Introductory): Security Operations Center (SOC) introduction; SIEM (Security Information and Event Management) introduction; security monitoring and alerting; security operations' role in contemporary cybersecurity practice.
• Incident Response (Introductory): Incident response phases (preparation, identification, containment, eradication, recovery, lessons learned — NIST framework); incident triage; chain of custody; effective incident response's role in damage limitation; digital forensics introduction.
• Threat Intelligence and Vulnerability Management (Introductory): Threat intelligence sources; vulnerability scanning; penetration testing at introductory awareness level; patch management; vulnerability prioritization.
• Security Policies, Frameworks, and Compliance: Security policy development; major frameworks (NIST Cybersecurity Framework; ISO 27001; CIS Controls); regulatory compliance (HIPAA, PCI DSS, SOX, GDPR, CCPA, Florida cybersecurity-related regulations); compliance's role in contemporary cybersecurity practice.
• Security Awareness and Training: Human factors in cybersecurity; security-awareness training programs; phishing simulation programs; user education/security posture relationship.
• Risk Management (Introductory): Risk identification; risk assessment (qualitative and quantitative); risk treatment (accept, mitigate, transfer, avoid); risk-based decision-making in cybersecurity resource allocation.
• Professional and Ethical Cybersecurity Behaviors: Professional ethics expected of cybersecurity workers; trust placed in cybersecurity practitioners; legal considerations (Computer Fraud and Abuse Act and similar); career-ending consequences of cybersecurity ethical failures.
• Laboratory Exercises: Technical security skills development using virtualized environments, security tools, realistic scenarios.
• CompTIA Security+ Certification Preparation: Among the most widely-recognized U.S. entry-level cybersecurity credentials.

Optional Topics

• Cybersecurity Domains (Greater Depth): Network security; endpoint security; cloud security; identity and access management.
• Penetration Testing and Red Team Operations (Awareness): Substantial awareness only.
• Digital Forensics (Introductory): Florida-related computer forensics field; FBI Cyber Division Florida operations; Florida-specific cybercrime investigations.
• Industry-Relevant Certifications: CompTIA Network+; CompTIA CySA+; SSCP through (ISC)²; CompTIA PenTest+; CISSP, CISM, GIAC for advanced practitioners.
• AS Articulation: Cybersecurity AS degree programs at participating Florida institutions.

Resources & Tools

• FLDOE Curriculum Framework: The authoritative reference is the FLDOE Computer Security Technician PSAV framework or related cybersecurity framework documents.
• Most-adopted textbooks at Florida institutions: CompTIA Security+ Guide to Network Security Fundamentals by Ciampa (Cengage) — among the most widely-adopted Security+ textbooks; Principles of Information Security by Whitman, Mattord (Cengage); CompTIA Security+ Study Guide by Chapple, Seidl (Sybex/Wiley) — practical certification-focused guide; Cybersecurity Essentials by Brooks, Grow, Craig, Short (Wiley).
• CompTIA certification preparation resources (highly relevant): CompTIA Official Study Guide for Security+; CompTIA CertMaster Learn (online learning platform); CompTIA exam objectives (free at comptia.org).
• Reference resources: National Institute of Standards and Technology (NIST) Cybersecurity Framework (free at nist.gov/cyberframework); CIS Controls (free at cisecurity.org); OWASP (Open Web Application Security Project) at owasp.org; SANS Institute resources at sans.org.
• Florida-specific resources: Florida State Cybersecurity Office; Florida Department of Management Services Cybersecurity Operations Center (Florida's state cybersecurity center); Florida Cyber Operations Center; FBI Tampa, Miami, Jacksonville Cyber operations.
• Lab equipment (institution-provided): Virtualized lab environments (typically VMware, VirtualBox, or cloud-based labs); Kali Linux for offensive-security awareness; Wireshark for network analysis; Metasploit for vulnerability awareness (offensive use restricted); SIEM tools (Splunk Free, ELK Stack); commercial security tools where institution has educational licensing.
• Industry credentials sought during/after the program: CompTIA Security+ (most widely-pursued) — the central certification CTS0069 prepares for; CompTIA Network+ often pursued alongside or before Security+ for foundational networking knowledge; CompTIA CySA+ for security-operations specialization; (ISC)² SSCP for systems security; AWS or Microsoft Azure foundational certifications for cloud-security path.
• Career and Technical Student Organization: Phi Beta Lambda for technology students broadly; SkillsUSA with cybersecurity competition categories; National Cyber League (NCL) — substantial participation by Florida community college and university teams.
• Online resources: SANS Institute free training resources at sans.org/free; Cybrary (cybrary.it); TryHackMe (tryhackme.com — substantial hands-on cybersecurity learning); HackTheBox (hackthebox.com — practical cybersecurity practice); CompTIA exam-objectives documents (free).
• Tutoring and support: Institution IT-program tutoring; faculty office hours; institutional Cyber Defense Club organizations (most Florida institutions with cybersecurity programs maintain student cybersecurity clubs); Florida cybersecurity industry mentorship opportunities.

Career Pathways

CTS0069 completion qualifies students for direct employment in cybersecurity entry-level positions and provides foundation for advancement in cybersecurity careers. Specific Florida career pathways include:

• Cybersecurity Technician / Information Security Specialist (Entry-Level) — direct cybersecurity work at major Florida employers; substantial demand at hospitals, banks, government, defense contractors, and businesses across sectors.
• Security Operations Center (SOC) Analyst (Entry-Level / Tier 1) — monitoring and triaging security alerts in 24/7 SOC environments; among the most common entry-level cybersecurity roles.
• Help Desk / IT Support with Security Specialty — IT support roles increasingly include security responsibilities; CTS0069 strengthens IT-support credentials.
• Junior Security Analyst — entry-level analytical roles supporting security operations.
• Security Awareness Coordinator — supporting security-awareness programs at organizations.
• Compliance Specialist — supporting regulatory compliance work at hospitals (HIPAA), payment processors (PCI DSS), public companies (SOX), and other regulated industries.
• Articulation to Cybersecurity AS Degrees — CTS0069 provides foundation for articulation to Florida cybersecurity AS programs (St. Petersburg College, EFSC, Hillsborough Community College, Valencia College, Miami Dade College, Broward College, others). Many Florida AS-Cybersecurity programs grant substantial articulation credit for completed CTS0069.
• Articulation to BAS-Cybersecurity Programs — Florida BAS programs in cybersecurity exist at substantial number of FCS institutions (Eastern Florida State College, Hillsborough Community College, Miami Dade College, Daytona State College, Polk State College, Valencia College, others) and BS-Cybersecurity at SUS institutions.
• Florida Cybersecurity Employer Landscape: Major Florida-based companies; federal contractors with substantial Florida presence (Lockheed Martin, Northrop Grumman, L3Harris, Raytheon, Booz Allen Hamilton, SAIC, others); Florida defense and aerospace operations (Cape Canaveral Space Force Station, Patrick Space Force Base, MacDill Air Force Base, Eglin Air Force Base, NSA Pensacola); Florida health systems with substantial cybersecurity departments (AdventHealth, Orlando Health, BayCare, Lee Health, Memorial Healthcare, HCA Healthcare, Tampa General, Cleveland Clinic Florida, Mayo Clinic Florida); Florida financial services (Citigroup Tampa, Raymond James, World Fuel Services Miami, Florida-based credit unions and regional banks); Florida state and local government cybersecurity teams; substantial Florida managed-security-service-provider (MSSP) sector.

Special Information

Articulation

CTS0069 articulates broadly within the Florida public-college system per SCNS conventions. Many Florida AS-Cybersecurity programs grant substantial articulation credit for completed CTS0069, allowing students to advance directly into AS coursework with credit for foundational cybersecurity content. Specific articulation should be verified with the receiving institution.

CompTIA Security+ Certification

CTS0069 content is closely aligned to CompTIA Security+ exam objectives (current version: SY0-701, with future versions expected). Students completing CTS0069 are typically prepared to sit for the CompTIA Security+ examination, although some additional preparation is typical (especially using CompTIA Official Study Guide or CompTIA CertMaster Learn for objective-by-objective review). The CompTIA Security+ certification is among the most widely-recognized U.S. entry-level cybersecurity credentials and is required for many U.S. Department of Defense cybersecurity positions per DoD 8570/8140 baseline-certification requirements (substantial Florida federal contractor demand).

Background Considerations

Many cybersecurity employers conduct comprehensive background investigations including credit checks, criminal history checks, drug screening, and (for federal/defense-contractor roles) security clearance. Students should understand that:

• U.S. citizenship is required for many federal/defense cybersecurity roles
• Substantial criminal history can disqualify applicants from federal/defense cybersecurity positions
• Substantial financial concerns (bankruptcy, substantial debt) can disqualify applicants from positions requiring security clearance
• Drug use history, including marijuana use even where state-legal, can disqualify applicants from federal positions
• The substantial scrutiny associated with cybersecurity positions reflects the substantial responsibility

Course Format and Hours

CTS0069 is a clock-hour PSAV course structured at 300 contact hours per most Florida institutional implementations — typically delivered over one semester (15-16 weeks at approximately 20 hours per week) or two semesters (part-time scheduling). Course hours include classroom instruction, substantial laboratory practice in virtualized environments, and substantial certification-preparation work for CompTIA Security+. Many institutions offer day, evening, and online formats to accommodate working students.

Credits

CTS0069 is a 0-credit PSAV clock-hour course. Per Florida convention, PSAV courses are measured in clock hours rather than college credits. Most Florida AS-Cybersecurity programs award substantial articulation credit for completed CTS0069.

Course Code Variations

Florida institutions consistently use CTS0069 for this PSAV course. Some institutions use the format "CTS 0069" with a space. Course title is consistently "Computer Security Technician" or close variations. Programs are aligned to FLDOE Computer Security Technician framework and consistent across Florida technical colleges, FCS technical centers, and adult-education centers.