Cyber Defense Courses

Cyber Defense Courses

SEC301: Intro to Information Security

This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, "Congratulations, you are now a security officer." If you need to get up to speed fast, Security 301 rocks!

Learn More

SEC401: Security Essentials Bootcamp Style

Learn More

MGT414: SANS Training Program for CISSP® Certification

MGT414: SANS Training Program for CISSP® Certification is an accelerated review course designed to prepare you to pass the exam. The course takes into account the 2015 updates to the CISSP® exam and prepares students to navigate all types of questions included on the new version of the exam.

Learn More

SEC440: Critical Security Controls: Planning, Implementing, and Auditing

For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Top 20 controls are effectively implemented. It closely reflects the Top 20 Critical Security Controls.

Learn More

SEC501: Advanced Security Essentials - Enterprise Defender

Learn More

SEC503: Intrusion Detection In-Depth

SEC 503: Intrusion Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that you can intelligently examine network traffic for signs of an intrusion.

Learn More

SEC505: Securing Windows and PowerShell Automation

Terrified by the hacker techniques you saw in SEC504? Want to block Windows attacks, thwart the lateral movement of hackers inside your LAN, and prevent admin credential theft in your Active Directory environment? And you want to have fun learning PowerShell scripting at the same time? Then SEC505 is the course for you! In SEC505 you will learn how to use PowerShell, Group Policy and other built-in tools to secure Windows clients and Windows Server. Half of the labs in SEC505 use graphical tools, the other half use PowerShell, but no prior PowerShell scripting experience is required to take the course, you will learn PowerShell along the way. Come see how to implement Credential Guard, administrative PAWs, PowerShell Just Enough Admin (JEA), AppLocker, exploit mitigations, delegation of authority in Active Directory, why NOT to use Microsoft LAPS, and more. The course author, Jason Fossen, gives away many of his PowerShell security scripts at http://SEC505.info.

Learn More

SEC506: Securing Linux/Unix

This course provides in-depth coverage of Linux and Unix security issues that includes specific configuration guidance and practical, real-world examples, tips, and tricks. We examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems, including vulnerabilities in the password authentication system, file system, virtual memory system, and applications that commonly run on Linux and Unix.

Learn More

SEC511: Continuous Monitoring and Security Operations

This course assesses the current state of security architecture and continuous monitoring, and provides a new approach to security architecture that can be easily understood and defended. When students finish, they have a list of action items in hand for making their organization one of the most effective vehicles for frustrating adversaries. Students are able to assess deficiencies in their own organization's security architectures and effect meaningful changes that are continuously monitored for deviations from their expected security posture.

Learn More

SEC545: Cloud Security Architecture and Operations

As more organizations move data and infrastructure to the cloud, security is becoming a major priority. Operations and development teams are finding new uses for cloud services, and executives are eager to save money and gain new capabilities and operational efficiency by using these services. But, will information security prove to be an Achilles' heel? Many cloud providers do not provide detailed control information about their internal environments, and quite a few common security controls used internally may not translate directly to the public cloud. The SEC545 course, Cloud Security Architecture and Operations, will tackle these issues one by one.

Learn More

SEC550: Active Defense, Offensive Countermeasures and Cyber Deception

In SEC550, you will learn to better understand attackers and their methods, develop new strategies to defend your network, and learn how to attack the attackers. You won't just learn about Active Defenses - you'll learn to track attackers using callback Word documents and Honeybadgers, and how to create and deploy honeypots. We'll work through many hands-on activities and labs that will enable you to quickly and easily implement what you learn in your own working environment.

Learn More

SEC555: SIEM with Tactical Analytics

Many organizations have logging capabilities but lack the people and processes to analyze it. In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis. This class is designed to provide individuals training, methods, and processes for enhancing existing logging solutions. This class will also provide the understanding of the when, what, and why behind the logs. This is a lab heavy course that utilizes SOF-ELK, a SANS sponsored free SIEM solution, to train hands on experience and provide the mindset for large scale data analysis.

Learn More

SEC566: Implementing and Auditing the Critical Security Controls - In-Depth

In the last couple of years it has become obvious that in the world of information security, the offense is outperforming the defense. Even though budgets increase and management pays more attention to the risks of data loss and system penetration, data is still being lost and systems are still being penetrated. Over and over people are asking, "What can we practically do to protect our information?" The answer has come in the form of 20 information assurance controls known as the Consensus Audit Guidelines (CAG).

Learn More

SEC599: Defeating Advanced Adversaries - Implementing Kill Chain Defenses

Cyber threats are on the rise: ransomware is affecting small, medium and large enterprises alike, while state-sponsored adversaries are attempting to obtain access to your most precious crown jewels. SEC599: Defeating Advanced Adversaries - Implementing Kill Chain Defenses will arm you with the knowledge and expertise you need to detect and respond to today's threats. Recognizing that a prevent-only strategy is not sufficient, we will introduce security controls designed to stop, detect and respond to attacks launched by advanced adversaries.

Learn More