About the course
SEC501: Advanced Security Essentials - Enterprise Defender
Mon, July 8 - Sat, July 13, 2019
Contents | Additional Info
Instructor: Bryce Galbraith
6,275 EUR 6,025 EUR paid by May 29
(IAT Level III)
Nearly 100% of the material covered in SEC501 is immediately applicable to the daily role of an analyst and a risk manager alike, regardless of industry.
Terry Boedeker, FireEye
By far, this is the most interesting, informative, and immediately applicable course I've taken.
Ken Ortiz, NOAA Fisheries
Effective cybersecurity is more important than ever as attacks become stealthier, have a greater financial impact, and cause broad reputational damage. SEC501: Advanced Security Essentials - Enterprise Defender builds on a solid foundation of core policies and practices to enable security teams to defend their enterprise.
It has been said of security that "prevention is ideal, but detection is a must." However, detection without response has little value. Network security needs to be constantly improved to prevent as many attacks as possible and to swiftly detect and appropriately respond to any breach that does occur. This PREVENT - DETECT - RESPONSE strategy must be in place both externally and internally. As data become more portable and networks continue to be porous, there needs to be an increased focus on data protection. Critical information must be secured regardless of whether it resides on a server, in a robust network architecture, or on a portable device.
Of course, despite an organization's best efforts to prevent network attacks and protect its critical data, some attacks will still be successful. Therefore, organizations need to be able to detect attacks in a timely fashion. This is accomplished by understanding the traffic that is flowing on your networks, looking for indications of an attack, and performing penetration testing and vulnerability analysis against your organization to identify problems and issues before a compromise occurs.
Finally, once an attack is detected we must react quickly and effectively and perform the forensics required. Knowledge gained by understanding how the attacker broke in can be fed back into more preventive and detective measures, completing the security lifecycle.
You Will Learn
- How to build a comprehensive security program focused on preventing, detecting, and responding to attacks
- Core components of building a defensible network infrastructure and how to properly secure routers, switches, and network infrastructure
- Methods to detect advanced attacks on systems that are currently compromised
- Formal methods for performing a penetration test to find weaknesses in an organization's security apparatus
- How to respond to an incident using the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
- Approaches to analyzing malware, ranging from fully automated analysis to static properties analysis, behavioral analysis, and code analysis
SEC501.1: Defensive Network Architecture
SEC501.2: Penetration Testing
SEC501.3: Security Operations Foundations
SEC501.4: Digital Forensics and Incident Response
SEC501.5: Malware Analysis
SEC501.6: Enterprise Defender Capstone
"I started off working as a network engineer and architect building enterprise networks. This role organically transitioned into secure design and engineering. My interest at the time in penetration testing and exploitation allowed me to verify that our designs being put into production were truly hardened. This interest eventually drove me into a career in full-blown reverse engineering and 0-day bug discovery/exploit development. After a long history of writing and teaching courses for SANS on advanced penetration testing and exploit writing, I am excited to take that experience and apply it back into defense. We selected a group of rock star authors to build the SEC501 syllabus and content, including Dave Shackleford, Phil Hagen, Matt Bromiley, and Rob Vandenbrink."
- Stephen Sims