About the course
Certification: GDSA GIAC Defensible Security Architecture
This course is designed to help students build and maintain a truly defensible security architecture. There will be a heavy focus on leveraging current infrastructure (and investment), including switches, routers, and firewalls. Students will learn how to reconfigure these devices to better address the threat landscape they face today. The course will also suggest newer technologies that will aid in building a robust security infrastructure.
What You Will Learn
NOTE: The term "architecture" is interpreted differently by different organizations and in various regions of the world. This course focuses on strategic and technical application and use cases, including fine-tuning and implementing various infrastructure components and cyber defense techniques. If you are expecting the course to focus exclusively on strategic solution placement and use cases, the course is not for you.
SEC530: Defensible Security Architecture and Engineering is designed to help students establish and maintain a holistic and layered approach to security. Effective security requires a balance between detection, prevention, and response capabilities, but such a balance demands that controls be implemented on the network, directly on endpoints, and within cloud environments. The strengths and weaknesses of one solution complement another solution through strategic placement, implementation, and fine-tuning.
To address these issues, this course focuses on combining strategic concepts of infrastructure and tool placement while also diving into their technical application. We will discuss and identify what solutions are available and how to apply them successfully. Most importantly, we'll evaluate the strengths and weaknesses of various solutions and how to layer them cohesively to achieve defense-in-depth.
The changing threat landscape requires a change in mindset, as well as a repurposing of many devices. Where does this leave our classic perimeter devices such as firewalls? What are the ramifications of the "encrypt everything" mindset for devices such as Network Intrusion Detection Systems?
In this course, students will learn the fundamentals of up-to-date defensible security architecture and how to engineer it. There will be a heavy focus on leveraging current infrastructure (and investment), including switches, routers, and firewalls. Students will learn how to reconfigure these devices to significantly improve their organizations' prevention capabilities in the face of today's dynamic threat landscape. The course will also delve into the latest technologies and their capabilities, strengths, and weaknesses. You will come away with recommendations and suggestions that will aid in building a robust security infrastructure.
While this is not a monitoring course, it will dovetail nicely with continuous security monitoring, ensuring that security architecture not only supports prevention but also provides the critical logs that can be fed into a Security Information and Event Management (SIEM) system in a Security Operations Center.
Multiple hands-on labs conducted daily will reinforce key points in the course and provide actionable skills that students will be able to leverage as soon as they return to work.
You Will Be Able To
- Analyze a security architecture for deficiencies
- Implement technologies for enhanced prevention, detection, and response capabilities
- Comprehend deficiencies in security solutions and understand how to tune and operate them
- Apply the principles learned in the course to design a defensible security architecture
- Determine appropriate security monitoring needs for organizations of all sizes
- Maximize existing investment in security architecture by reconfiguring existing assets
- Determine capabilities required to support continuous monitoring of key Critical Security Controls
- Configure appropriate logging and monitoring to support a Security Operations Center and continuous monitoring program
While the above list briefly outlines the knowledge and skills you will learn, it barely scratches the surface of what this course has to offer. Hands-on labs throughout the course will reinforce key concepts and principles, as well as teach you how to use key scripting tools.
When your SEC530 training journey is complete, and your skills are enhanced and honed, it will be time to go back to work and deliver on the SANS promise that you'll be able to apply what you learned in this course the day you return to the office.
This Course Will Prepare You To
- Layer security solutions ranging from network to endpoint and cloud-based technologies
- Understand the implications of proper placement of technical controls
- Tune, adjust, and implement security techniques, technologies, and capabilities
- Think outside the box on using common security solutions in innovative ways
- Balance detection with prevention while allowing for better response times and capabilities
- Understand where prevention technologies are likely to fail and how to supplement them with specific detection technologies
- Understand how security infrastructure and solutions work at a technical level and how to better implement them
What You Will Receive
Introduction and walk-through videos of most labs
A Linux VM loaded with tons of tools and other resources
A Digital Download Package that includes the above and more
Syllabus (36 CPEs)
SEC530.1: Defensible Security Architecture and Engineering
SEC530.2: Network Security Architecture and Engineering
SEC530.3: Network-Centric Security
SEC530.4: Data-Centric Security
SEC530.5: Zero-Trust Architecture: Addressing the Adversaries Already in Our Networks
SEC530.6: Hands-On Secure-the-Flag Challenge
GIAC Defensible Security Architecture
"The GIAC Defensible Security Architecture (GDSA) certificate is an industry certification that proves an individual is capable of looking at an enterprise defense holistically. A GDSA no longer emphasizing security through a single control but instead applies multiple controls ranging from network security, cloud security, and data-centric security approaches to properly prevent, detect, and respond. The end result is defense-in-depth that is maintainable and works." - Justin Henderson, SANS SEC530 Course Author
"Holders of the GIAC Defensible Security Architect (GDSA) certification have proved to be all-round defenders, capable of designing, implementing and tuning an effective combination of network-centric and data-centric controls to balance prevention, detection, and response. Certified GDSA professionals are versatile blue-teamers and cyber defenders possessing an arsenal of skills to protect an organization's critical data, from the endpoint to the cloud, across networks and applications. Armed with these skills, certified GDSA individuals possess, not only a strategic but also a tactical, hands-vision, that empowers them to continually improve an organization's security posture, knowing how to best defend now and in the future." - Ismael Valenzuela, SANS SEC530 Course Author
Defensible Security Architecture: network-centric and data-centric approaches
Network Security Architecture: hardening applications across the TCP/IP stack
Zero Trust Architecture: secure environment creation with private, hybrid or public clouds
Basic understanding of network protocols and devices
Experience with Linux from the command line
Important! Bring your own system configured according to these instructions!