SEC530: SANS Amsterdam February 2025

Provided by

Enquire about this course

What You Will Learn

Secure by Design: Zero Trust for Modern Hybrid Networks

SEC530 is a practical class, focused on teaching effective tactics and tools to architect and engineer for disruption, early warning detection, and response to most prevalent attacks, based on the experience of the authors, highly experienced practitioners with an extensive career in cyber defense. There will be a heavy focus on leveraging current infrastructure (and investment), including switches, routers, next-gen firewalls, IDS, IPS, WAF, SIEM, sandboxes, encryption, PKI and proxies, among others. Students will learn how to assess, re-configure and validate these technologies to significantly improve their organizations' prevention, detection and response capabilities, augment visibility, reduce attack surface, and even anticipate attacks in innovative ways. The course will also delve into some of the latest technologies and their capabilities, strengths, and weaknesses. You will come away with recommendations and suggestions that will aid in building a robust security infrastructure, layer by layer, across hybrid environments, as you embark on a journey towards Zero Trust.

While this is not a monitoring course, it will dovetail nicely with continuous security monitoring, ensuring that your security architecture not only supports prevention but also provides the critical logs that can be fed into behavioral detection and analytics systems, like UEBA or Security Information and Event Management (SIEM), in a Security Operations Center (SOC).

Multiple hands-on labs conducted daily will reinforce key points in the course and provide actionable skills that students will be able to leverage as soon as they return to work.

SEC530 is a truly unique course created by defenders for defenders, offering:
  • Vendor-Neutral Expertise: Master techniques applicable across various technologies and platforms.
  • Real-World Applications: Leverage your existing infrastructure to enhance your organization's security.
  • Hands-On Labs: Engage in 24+ interactive labs and a capstone challenge to solidify your skills. Labs do not expire so you can revisit them at any time.
  • Zero Trust Implementation: Learn to build a robust, defensible security architecture from the ground up.
"SEC530 teaches you to defend and put mechanisms in place to secure the environment. The real life scenarios and examples were priceless. Hearing the stories from the trenches really made me feel like being able to apply" - Omar Zaman, United Airlines
What Is Zero Trust Implementation?

The practice of Zero Trust Implementation is a comprehensive cybersecurity strategy that assumes no entity, whether inside or outside the network, is inherently trustworthy. Instead, it requires continuous verification and validation of every user, device, and application attempting to access resources.
Business Takeaways

This course will help your organization:
  • Identify and comprehend deficiencies in security solutions
  • Design and Implement Zero Trust strategies leveraging current technologies and investment
  • Maximize existing investment in security architecture by reconfiguring existing technologies
  • Layer defenses to increase protection time while increasing the likelihood of detection
  • Improve prevention, detection, and response capabilities
  • Reduce attack surface
  • Address modern authentication challenges
  • Measure security efficacy using Time Based Security and the Think Red, Act Blue approach
Skills Learned
  • Analyze a security architecture for deficiencies
  • Learn how to anticipate the adversary and build security resiliency in hybrid environments
  • Design and Implement Zero Trust strategies leveraging current technologies and investment
  • Discover data, applications, assets and services, and assess compliance state
  • Implement technologies for enhanced prevention, detection, and response capabilities
  • Comprehend weaknesses in existing security solutions and understand how to tune and operate them
  • Understand the impact of 'encrypt all' strategies
  • Understand identity management and federation
  • Apply the principles learned in the course to design a defensible security architecture
  • Determine appropriate security monitoring needs for organizations of all sizes
  • Maximize existing investment in security architecture by reconfiguring existing technologies
  • Determine capabilities required to support continuous monitoring of key Critical Security Controls
  • Configure appropriate logging and monitoring to support a Security Operations Center and continuous monitoring program
  • Secure virtualized environments
  • Become an All-Around Defender
While the above list briefly outlines the knowledge and skills you will learn, it barely scratches the surface of what this course has to offer.
Hands-On Defensible Security Architecture and Engineering Training

The hands-on portion of SEC530 will impress and please students who want to design and build a defensible security architecture for hybrid environments. All labs are based on realistic scenarios, designed to give students a deep understanding of the technologies that power modern enterprise security solutions. Each lab has multiple ways of completing them, including detailed and visually rich step by step instructions, and an independent study guide with challenges, hints and instructional videos, designed to maximize the learning experience and equip the student to succeed in the GIAC Defensible Security Architecture (GDSA) exam.

Most labs are self-contained within the provided VM and containerized, allowing the student to stand up and work with complex environments with no troubleshoot needed. Other labs are cloud based, making use of automation frameworks like Terraform to replicate enterprise environments. None of the materials expire, including the VM, the detailed electronic workbook and labs, allowing students to revisit them at any time after class.

Throughout 6 days, students will engage in the following hands-on challenges and exercises:
  • Section 1: Practical Threat Modeling with MITRE ATT&CK, Eggress Analysis, Layer 2 Attacks, Architecting for Flow Data
  • Section 2: Auditing Router Security, Router SNMP Security, IPv6, Proxy Power
  • Section 3: Architecting for NSM, Network Security Monitoring, Encryption Considerations
  • Section 4: Securing Web Applications, Discovering Sensitive Data, Secure Virtualization
  • Section 5: Network Isolation and Mututal Authentication, SIEM Analysis and Tactical Detection, SIGMA Generic Signatures, Advanced Defense Strategies
  • Section 6: Capstone: Design/Detect/Defend
In addition, students will enjoy over additional bonus labs, including:
  • Intelligence Driven Architectures with VirusTotal Enterprise
  • Remediating Web Vulnerabilities
  • Cloud Monitoring and Asset Tracking (AWS)
  • Operationalizing JA3
  • Azure Privilege Escalation
"I just have to say, these labs are astonishingly well set up. They demonstrate exactly what's needed in very few steps. There's a lot of moving parts behind some of them but they are robust, and all in a small VM footprint. I've never seen any course lab environment executed so well." - Michael Curran, Austrade

"These containerized labs are magic. Being able to stand up an otherwise labor-intensive environment to do exercises with a single one-liner is amazing." - Ansley Barnes, Cambridge Innovation Center

"The course materials have been consistently challenging and equally clear. I absolutely love the online workbook in the VM. The formatting is perfect and I really like how it doesn't reveal the answers until you open them. Likewise with the step-by-step instructions The video instruction steps in the workbook are unique and very useful for study" - Lawrence Mecca, Mathematica
Syllabus Summary
  • Section 1: Principles of designing and building defensible systems and networks, the fundamentals of security architectures and the journey towards Zero Trust.
  • Section 2: Hardening critical infrastructure that is often found in hybrid environments, including routing devices, firewalls, and application proxies.
  • Section 3: Improving the efficacy of prevention and detection technologies using application-layer security solutions with a Zero Trust mindset.
  • Section 4: Data-centric security, including identifying core data where they reside, classification, labeling and data protection strategies across hybrid environments.
  • Section 5: Culminates our journey towards Zero Trust by focusing on implementing an architecture where trust is no longer implied but must be proven.
  • Section 6: Team-based Design-and-Secure-the-Flag competition.
Additional Free Resources
  • Adopting a Zero Trust Mindset
  • Architecting for Zero Trust
  • Instrumenting for Zero Trust
  • Operating for Zero Trust
  • AI Powered BladeRunners: The Role of AI in Implementing Zero Trust
  • Zero Trust Architecture - Applying ZTA in Today's Environment
What You Will Receive
  • Printed and electronic courseware
  • A virtual machine, an open-sourced, linux-based distribution with utilities to start and stop the containerized labs
  • An electronic workbook including detailed and visually rich step by step instructions, and an independent study guide with challenges, hints and instructional videos
  • Bonus labs that are regularly updated
  • MP3 audio files of the complete course lecture
  • On-going access to course authors and instructors via a private Slack channel
What Comes Next?

Depending on your current role or future plans, one of these courses is a great next step in your cybersecurity journey:

Safeguarding Supply Chains and Managing Third-Party Risk
  • SEC568: Product Security Penetration Testing - Safeguarding Supply Chains and Managing Third-Party Risk
  • SEC547: Defending Product Supply Chains
Network Monitoring and Security Operations
  • SEC503: Network Monitoring and Threat Detection In-Depth
  • SEC511: Continuous Monitoring and Security Operations


Start date Location / delivery
10 Feb 2025 Amsterdam Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...