About the course
SEC530: Defensible Security Architecture and Engineering New
Mon, May 13 - Sat, May 18, 2019
Contents | Additional Info
Instructor: Greg Scheidel
I told my leadership that all senior network Security Engineers & Managers need to take this class. A great breadth of topics! Thank you for sharing your experiences with your lectures!
Patrick Gustafson, Allianz
As a Systems Programmer working on the development of security tools, the architectural content provided has been highly informative and extremely valuable.
Merv Hammer, Workday Inc.
NOTE: The term "architecture" is interpreted differently by different organizations and in various regions of the world. This course focuses on strategic and technical application and use cases, including fine-tuning and implementing various infrastructure components and cyber defense techniques. If you are expecting the course to focus exclusively on strategic solution placement and use cases, the course is not for you.
SEC530: Defensible Security Architecture and Engineering is designed to help students establish and maintain a holistic and layered approach to security. Effective security requires a balance between detection, prevention, and response capabilities, but such a balance demands that controls be implemented on the network, directly on endpoints, and within cloud environments. The strengths and weaknesses of one solution complement another solution through strategic placement, implementation, and fine-tuning.
To address these issues, this course focuses on combining strategic concepts of infrastructure and tool placement while also diving into their technical application. We will discuss and identify what solutions are available and how to apply them successfully. Most importantly, we'll evaluate the strengths and weaknesses of various solutions and how to layer them cohesively to achieve defense-in-depth.
The changing threat landscape requires a change in mindset, as well as a repurposing of many devices. Where does this leave our classic perimeter devices such as firewalls? What are the ramifications of the "encrypt everything" mindset for devices such as Network Intrusion Detection Systems?
In this course, students will learn the fundamentals of up-to-date defensible security architecture and how to engineer it. There will be a heavy focus on leveraging current infrastructure (and investment), including switches, routers, and firewalls. Students will learn how to reconfigure these devices to significantly improve their organizations' prevention capabilities in the face of today's dynamic threat landscape. The course will also delve into the latest technologies and their capabilities, strengths, and weaknesses. You will come away with recommendations and suggestions that will aid in building a robust security infrastructure.
While this is not a monitoring course, it will dovetail nicely with continuous security monitoring, ensuring that security architecture not only supports prevention but also provides the critical logs that can be fed into a Security Information and Event Management (SIEM) system in a Security Operations Center.
Multiple hands-on labs conducted daily will reinforce key points in the course and provide actionable skills that students will be able to leverage as soon as they return to work.
SEC530.1: Defensible Security Architecture and Engineering
SEC530.2: Network Security Architecture and Engineering
SEC530.3: Network-Centric Security
SEC530.4: Data-Centric Security
SEC530.5: Zero-Trust Architecture: Addressing the Adversaries Already in Our Networks
SEC530.6: Hands-On Secure-the-Flag Challenge
"In our many years of experience assessing the security posture of organizations, responding to incidents, and ramping up security operations, we've seen the futility of trying to monitor and defend against modern adversaries when the architecture in place has not been designed with security in mind. Likewise, we've continually seen that organizations that suffer massive breaches and business disruption often focused their emphasis prior to the breach on perimeter protection and prevention mechanisms but lacked defensible security architecture.
"We've designed this course to address this gap. In six days filled with case studies, winning techniques, instructor-led demos, and plenty of hands-on labs (including a NetWars-based Defend-the-Flag challenge), students will learn how to design, build, and harden networks, infrastructure, and applications that can truly be called 'defensible.'
"As practitioners, we know that theory is not enough, so we've made sure that this class is focused on real-world implementations of network-centric, data-centric, and zero-trust security architecture mapped to best practices and standards, but also based on our many years of experience on what works and what doesn't. You'll find that this makes the content appropriate and relevant for the reality of a wide variety of organizations and roles."
- Justin Henderson and Ismael Valenzuela