Cyber Defense Courses

Cyber Defense Courses

SEC301: Intro to Information Security

This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, "Congratulations, you are now a security officer." If you need to get up to speed fast, Security 301 rocks!

Learn More

SEC401: Security Essentials Bootcamp Style

SEC401 teaches you the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Learn tips and tricks from the experts so that you can win the battle against the wide range of cyber adversaries that want to harm your environment.

Learn More

MGT414: SANS Training Program for CISSP® Certification

MGT414: SANS Training Program for CISSP® Certification is an accelerated review course designed to prepare you to pass the exam. The course takes into account the 2015 updates to the CISSP® exam and prepares students to navigate all types of questions included on the new version of the exam.

Learn More

SEC440: Critical Security Controls: Planning, Implementing, and Auditing

For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Top 20 controls are effectively implemented. It closely reflects the Top 20 Critical Security Controls.

Learn More

SEC501: Advanced Security Essentials - Enterprise Defender

Effective cybersecurity is more important than ever as attacks become stealthier, have a greater financial impact, and cause broad reputational damage. SEC501: Advanced Security Essentials - Enterprise Defender builds on a solid foundation of core policies and practices to enable security teams to defend their enterprise.

Learn More

SEC503: Intrusion Detection In-Depth

SEC 503: Intrusion Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that you can intelligently examine network traffic for signs of an intrusion.

Learn More

SEC505: Securing Windows and PowerShell Automation

In SEC505, learn PowerShell scripting and Windows security at the same time -- and have fun doing it! PowerShell is an essential skill for SOC personnel and IT administrators. PowerShell is needed for both on-premises domain controllers and Azure Active Directory up in the cloud too. Windows endpoint and server security is critical for combating advanced malware, thwarting the lateral movement of hackers inside our LANs, and protecting administrative credentials. Half the SEC505 labs use graphical tools, the other half use PowerShell, but no prior PowerShell experience is required to take the course. Come learn about Server Nano, Windows Credential Guard, IPSec, PKI, PowerShell Just Enough Admin (JEA), and much more.

Learn More

SEC506: Securing Linux/Unix

This course provides in-depth coverage of Linux and Unix security issues that includes specific configuration guidance and practical, real-world examples, tips, and tricks. We examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems, including vulnerabilities in the password authentication system, file system, virtual memory system, and applications that commonly run on Linux and Unix.

Learn More

SEC511: Continuous Monitoring and Security Operations

This course assesses the current state of security architecture and continuous monitoring, and provides a new approach to security architecture that can be easily understood and defended. When students finish, they have a list of action items in hand for making their organization one of the most effective vehicles for frustrating adversaries. Students are able to assess deficiencies in their own organization's security architectures and effect meaningful changes that are continuously monitored for deviations from their expected security posture.

Learn More

SEC550: Active Defense, Offensive Countermeasures and Cyber Deception

The current threat landscape is shifting. Traditional defenses are failing us. We need to develop new strategies to defend ourselves. Even more importantly, we need to better understand who is attacking us and why. You may be able to immediately implement some of the measures we discuss in this course, while others may take a while. Either way, consider what we discuss as a collection of tools at your disposal when you need them to annoy attackers, determine who is attacking you, and, finally, attack the attackers.

Learn More

SEC555: SIEM with Tactical Analytics

Many organizations have logging capabilities but lack the people and processes to analyze it. In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis. This class is designed to provide individuals training, methods, and processes for enhancing existing logging solutions. This class will also provide the understanding of the when, what, and why behind the logs. This is a lab heavy course that utilizes SOF-ELK, a SANS sponsored free SIEM solution, to train hands on experience and provide the mindset for large scale data analysis.

Learn More

SEC566: Implementing and Auditing the Critical Security Controls - In-Depth

In the last couple of years it has become obvious that in the world of information security, the offense is outperforming the defense. Even though budgets increase and management pays more attention to the risks of data loss and system penetration, data is still being lost and systems are still being penetrated. Over and over people are asking, "What can we practically do to protect our information?" The answer has come in the form of 20 information assurance controls known as the Consensus Audit Guidelines (CAG).

Learn More