SEC566: SANS Brussels September 2023

Provided by

Enquire about this course

What You Will Learn

Prioritizing defenses to stop attacks with the appropriate cyber controls.

In addition to defending their information systems, many organizations have to comply with a number of cybersecurity standards and requirements as a prerequisite for doing business. Dozens of cybersecurity standards exist throughout the world and most organizations must comply with more than one such standard. As threats and attack surfaces change and evolve, an organization's security should as well. To enable your organization to stay on top of this ever-changing threat scenario, SANS has mapped the most commonly utilized cybersecurity frameworks into one comprehensive, comparative approach that enables organizations to streamline efforts and assets to properly defend their networks while meeting required standards.

SEC566 will enable you to master the specific and proven techniques and tools needed to implement and audit the controls defined in the Center for Internet Security's CIS) Controls (v7.1 / 8.0), the NIST Cybersecurity Framework (CSF), the Cybersecurity Maturity Model Certification (CMMC), ISO/IEC 27000, and many other common industry standards and frameworks. Students will learn how to merge these various standards into a cohesive strategy to defend their organization and comply with industry standards. SANS' in-depth, hands-on training will teach security practitioners to understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats. SEC566 shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, this course is the best way to understand how you will measure whether their cybersecurity controls are effectively implemented.

  • Maximize compliance analyst's time in mapping frameworks by learning a comprehensive controls matrix
  • Reduce duplicate efforts of administrators implementing cybersecurity controls from different standards and frameworks
  • Enjoy peace of mind that your organization has a comprehensive strategy for defense and compliance
  • Report the status of cybersecurity defense efforts to senior leadership in clear terms.
  • Apply a security framework based on actual threats that is measurable, scalable, and reliable in stopping known attacks and protecting organizations' important information and systems
  • Understand the importance of each control and how it is compromised if ignored, and explain the defensive goals that result in quick wins and increased visibility of network and systems
  • Identify and use tools that implement controls through automation
  • Create a scoring tool to measure the effectiveness of each controls the effectiveness of each control
  • Employ specific metrics to establish a baseline and measure the effectiveness of security controls
  • Competently map critical controls to standards such as the NIST Cybersecurity Framework, NIST SP 800-171, the CMMC, and more
  • Audit each of the CIS Critical Controls, with specific, proven templates, checklists, and scripts provided to facilitate the audit process

During this course, students will participate in hands-on lab exercises that illustrate the concepts discussed in class. The goal of these labs is to complement and enhance the understanding of the defenses discussed in the course and to provide practical examples of how the Controls can be applied in a practical, real-world scenario.

Section 1: Preparing Student Laptops for Class, How to Use the AuditScripts CIS Critical Control Initial Assessment Tool, Asset Inventory with Microsoft PowerShell

Section 2: How to Use Veracrypt to Encrypt Data at Rest, How to Use Mimikatz to Abuse Privileged Access, Understanding Windows Management Instrumentation (WMI) for Baselining

Section 3: How to Use Microsoft AppLocker to Enforce Application Control, Using PowerShell to Test for Software Updates, How to Use the CIS-CAT Tool to Audit Configurations, How to Parse Nmap Output with PowerShell

Section 4: How to Use GoPhish to Perform Phishing Assessments, How to Use Nipper to Audit Network Device Configurations, How to Use Wireshark to Detect Malicious Activity

"The exercises and labs provide great knowledge in understanding the course even further." - Nasser AlMazrouei, ADIA

"Real world tool usage and demonstration in the labs really helps understand threat potential." - Andrew Cummings, Emory University

"All labs were easy to follow and performed as expected." - Shawn Bilak, Southern Company

"Sad to have finished the last lab today. I've really enjoyed them. But, I've also learned about some resources I can use to further my learning and practices. The labs are not something I ever thought I would enjoy if I'm honest, but it's SO cool! and I cannot wait to learn more!" - Amy Garner, BUPA


Section 1: Students will learn an overview of the most common cybersecurity standards used by organizations and an introduction to how they address cybersecurity risk.

Section 2: Students will learn the core principles of data protection and Identity and Access Management (IAM), prioritizing the controls defined by industry standard cybersecurity frameworks.

Section 3: Students will learn the core principles of vulnerability and configuration management, prioritizing the controls defined by industry standard cybersecurity frameworks.

Section 4: Students will learn the core principles of endpoint security and network based defenses, prioritizing the controls defined by industry standard cybersecurity frameworks.

Section 5: Students will learn the core principles of key cybersecurity governance and operational practices, prioritizing the controls defined by industry standard cybersecurity frameworks.

  • Collective Risk Project
    • Collective Risk Model - v2021
    • Collective Control Catalog - v2021a Assessment Tool
    • Collective Control Catalog Measures - v2021a
    • Cybersecurity Standards Analysis - v2021
  • Operational Cybersecurity Executive Triad blog
  • Rekt Casino Hack Assessment Operational Series: What?! There Are Critical Security Controls We Should Follow? Part 2 of 4
  • Rekt Casino Hack Assessment Operational Series: Putting It All Together: Part 4 of 4
  • Printed and electronic courseware
  • MP3 audio files of the complete course lecture
  • MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
  • MGT551: Building and Leading Security Operations Centers


Start date Location / delivery
11 Sep 2023 Brussels Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...