SEC301: Introduction to Cyber Security

Cert: GISF GIAC Information Security Fundamentals
This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, "Congratulations, you are now a security officer." If you need to get up to speed fast, Security 301 rocks!

What You Will Learn
To determine if the SANS SEC301 course is right for you, ask yourself five simple questions:

• Are you new to cyber security and in need of an introduction to the fundamentals?
• Are you bombarded with complex technical security terms that you don't understand?
• Do you need to be conversant in basic security concepts, principles, and terms, but do not need "deep in the weeds" detail?
• Have you decided to make a career change to take advantage of the job opportunities in cyber security and need formal training/certification?
• Are you a manager who lays awake at night worrying that your company may be the next mega-breach headline story on the 6 o'clock news?

If you answer yes to any of these questions, the SEC301: Introduction to Cyber Security training course is for you. Jump-start your security knowledge by receiving insight and instruction from real-world security experts on critical introductory topics that are fundamental to cyber security.

This five-day comprehensive course covers everything from core terminology to the how computers and networks function, security policies, risk management, a new way of looking at passwords, cryptographic principles, network attacks & malware, wireless security, firewalls and many other security technologies, web & browser security, backups, virtual machines & cloud computing. All topics are covered at an easy to understand introductory level.

This course is for those who have very little knowledge of computers & technology with no prior knowledge of cyber security. The hands-on, step-by-step teaching approach enables you to grasp all the information presented, even if some of the topics are new to you. You'll learn real-world cyber security fundamentals to serve as the foundation of your career skills and knowledge for years to come.

Written by a cyber security professional with over 35 years of industry experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as getting you ready for your next training course. It also delivers on the SANS promise: "You can use the knowledge and skills you learn in SEC301 as soon as you return to work."

You Will Be Able To

• Communicate with confidence regarding information security topics, terms, and concepts
• Understand and apply the Principles of Least Privilege
• Understand and apply the Confidentiality, Integrity, and Availability (CIA) for prioritization of critical security resources
• Build better passwords that are more secure while also being easier to remember and type
• Grasp basic cryptographic principles, processes, procedures, and applications
• Understand how a computer works
• Understand computer network basics
• Have a fundamental grasp of any number of technical acronyms: TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS, and the list goes on.
• Utilize built-in Windows tools to see your network settings
• Recognize and be able to discuss various security technologies, including anti-malware, firewalls, intrusion detection systems, sniffers, ethical hacking, active defense, and threat hunting.
• Understand wireless technologies including WiFi, Bluetooth, mobile phones and the Internet of Things (IoT)
• Explain a variety of frequent attacks such as social engineering, drive-by downloads, watering hole attacks, lateral movement, and other attacks
• Understand different types of malware
• Understand browser security and the privacy issues associated with web browsing
• Explain system hardening
• Discuss system patching
• Understand virtual machines and cloud computing
• Understand backups and create a backup plan for your personal life that virtually guarantees you never have to pay ransom to access your data

In this course, you receive the following:

• Electronic Courseware for each day of training that includes the slides presented and notes to explain them plus an electronic lab workbook explaining the hands-on labs
• Access to the SEC301.com website containing quizzes for each module, videos of the author performing each lab, and additional helpful materials
• Five days worth of high-quality instruction and explanation
• MP3 audio files of the complete course lecture

Syllabus (30 CPEs)

SEC301.1: Security's Foundation

SEC301.2: Computer Function and Networking

SEC301.3: An Introduction to Cryptography

SEC301.4: Cyber Security Technologies - Part 1

SEC301.5: Cyber Security Technologies - Part 2

GIAC Information Security Fundamentals
The GIAC Information Security Fundamentals (GISF) certification validates a practitioner’s knowledge of security’s foundation, computer functions and networking, introductory level cryptography, and cybersecurity technologies. GISF certification holders will be able to demonstrate key concepts of information security including: understanding the threats and risks to information and information resources, identifying best practices that can be  used to protect them, and learning to diversify our protection strategy.

• Cyber security terminology
• The basics of computer networks
• Security policies
• Incident response
• Passwords
• Introduction to cryptographic principles

Prerequisites

• SEC301 does not have prerequisites.
• SEC301 assumes only the most basic knowledge of computers.
• SEC301 makes no assumptions regarding prior security knowledge.

Laptop Requirements
Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

SEC301 includes both lecture and hands-on labs. There are specific computer configuration requirements to perform hands-on labs. If you take SEC301 live in the classroom, you utilize a classroom network to connect to a lab server. If you take SEC301 online via OnDemand, you connect to the lab environment via the Internet. To accomplish this, you need the following:

A laptop running any version of Microsoft Windows or a Mac.
We do not recommend attempting to perform the labs with a tablet such as an iPad or Android. A Surface tablet can perform the labs, but smaller screens are problematic.
A Web Browser. We strongly recommend the Google Chrome browser, but Internet Explorer, Firefox, Opera, Safari, or any other modern browser works.
Have the ability to connect to a wireless (WiFi) network. (For live in-person classroom attendees.)
A network setting configured to obtain an IP address and DNS servers automatically. (For live in-person classroom attendees.)
NOTE: Administrative (or "Admin") permission is NOT required to perform any of the labs you do in class.

Author Statement
"If you want to be good at something, whether it be sports, music, science, math, or cyber security, you MUST have a solid grasp of the fundamentals. In fact, the better you understand the fundamentals, the better you become at a particular skillset. Without that foundation to build on, it is almost impossible to become a master at something. The Introduction to Cyber Security course is all about building those fundamentals and creating that foundation.

One of the things I enjoy most is seeing a student have that "ah-ha" moment. The moment when they suddenly understand a topic for the first time - often a topic they have wondered about for years. You can almost literally see the "light-bulb" of understanding appear over their heads. There are "ah-ha" moments at every turn and on every day of the SEC301: Introduction to Cyber Security course."

- Keith Palmgren

"Mr. Palmgren is incredibly knowledgeable and had very interesting stories and personal experiences to share. He was great at making even the dryer topics interesting." - Brendan Hurley, Dell

Ways to Learn
OnDemand
Study and prepare for GIAC Certification with four months of online access to SANS OnDemand courses. Includes labs and exercises, and SME support.

 Live Online
Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

Who Should Attend SEC301?
The SEC301 Introduction to Information Security course is designed to address the needs of:

• People who are new to information security and in need of an introduction to the fundamentals of security
• Those who feel bombarded with complex technical security terms they don't understand but want to understand
• Professionals who need to be conversant in basic security concepts, principles, and terms, but who don't need "deep in the weeds" detail
• Those who have decided to make a career change to take advantage of the job opportunities in information security and need formal training/certification
• Managers who worry their company may be the next mega-breach headline story on the 6 o'clock news

"SEC301 was my first SANS course, and I was not disappointed! Keith was exceptional in presenting this information in a clear and concise manner. He took the time to really explain concepts and challenged us to think things through. I learned a great deal and look forward to future SANS events." - Rebekah Wolf, TenWolf Technology Information Services