Test Drive World-Class SANS Cyber Security Training

In today's fast-paced threat landscape, proficiency in Linux is not optional - it's essential. Hackers know how to use Linux and a single unsecured Linux box could be all it takes for your organization to fall victim to a devastating cyberattack. Whether you are defensive, offensive, performing incident response, or working in mobile or ICS, this course will equip you with the fundamental proficiency, knowledge, and tools needed to stay ahead of the game. Acquire yours by taking our practical, hands-on training.

SEC450 provides students with technical knowledge and key concepts essential for security operation center (SOC) analysts and new cyber defense team members. By providing a detailed explanation of the mission and mindset of a modern cyber defense operation, this course will jumpstart and empower those on their way to becoming the next generation of blue team members. 16 Hands-on Labs & Defend the Flag Capstone

SEC497 is based on two decades of experience with open-source intelligence (OSINT) research and investigations supporting law enforcement, intelligence operations, and a variety of private sector businesses ranging from small start-ups to Fortune 100 companies. The goal is to provide practical, real-world tools and techniques to help individuals perform OSINT research safely and effectively. One of the most dynamic aspects of working with professionals from different industries worldwide is getting to see their problems and working with them to help solve those problems. SEC497 draws on lessons learned over the years in OSINT to help others. The course not only covers critical OSINT tools and techniques, it also provides real-world examples of how they have been used to solve a problem or further an investigation. Hands-on labs based on actual scenarios provide students with the opportunity to practice the skills they learn and understand how those skills can help in their research. 29 Hands-on Labs + Capstone CTF

Cyber reskilling and upskilling are significant concerns for enterprises both large and small. Technologists must have a broad range of knowledge and certain basic skills in multiple areas. Every member of a security team, increasingly extended into Information Technology and DevOps, must prepare to ensure that any system, software, or infrastructure that is coded, built, and deployed is resilient to attack. Team members must have the knowledge necessary to identify the adversaries in their midst, which requires knowledge of the adversaries' tactics, techniques, and procedures, as well as familiarity with real-world tools that reveal their activities within the enterprise. Adversaries must be contained when uncovered-controlling their lateral movement and limiting the extent of their infiltration minimizes the risks of disclosure, alteration, and destruction of mission-critical enterprise data. Critically, having all hands on deck is key to eradicating the adversary, remediating compromised systems, and recovering lost assets. Prevent. Detect. Respond.

SEC503™: Network Monitoring and Threat Detection In-Depth™ training delivers the technical knowledge, insight, and hands-on training you need to confidently defend your network, whether traditional or cloud-based. You will learn about the underlying theory of TCP/IP and the most used application protocols so that you can intelligently examine network traffic to identify emerging threats, perform large-scale correlation for threat hunting, and reconstruct network attacks. 37 Hands-on Labs + Capstone Challenge

In today's rapidly evolving threat landscape, traditional cybersecurity measures are no longer sufficient. This advanced training addresses the challenge by equipping practitioners with cutting-edge skills in cybersecurity engineering and advanced threat detection for cloud, network, and endpoint environments. Featuring 18 hands-on labs, a final capstone project, plus gamified bootcamp challenges, it immerses you in real-world scenarios. Master NDR, EDR, and MITRE ATT&CK to build a robust SOC with threat-informed defenses. Elevate your expertise and stay ahead of adversaries with this comprehensive course.

This course is designed to help students establish and maintain a holistic and layered approach to security, while taking them on a journey towards a realistic 'less trust' implementation based on Zero Trust principles, pillars and capabilities. Effective security requires a balance between detection, prevention, and response capabilities, but such a balance demands that controls be implemented on the network, directly on endpoints, within cloud environments, and ultimately, around the data we are trying to protect. The strengths and weaknesses of one solution complement another solution through strategic placement, implementation, and continuous fine-tuning. To address this need, this course focuses on combining strategic concepts of infrastructure and tool placement while also diving into their technical application.

The threat landscape has changed and gone are the days when erecting a strong perimeter is sufficient to keep adversaries at bay. Supply chain attacks are one of the many effective ways to circumvent traditional perimeter-based controls. In these difficult to spot attacks, organizations unintentionally invite the adversary inside using unvalidated but "trusted" technologies, effectively leading to self-compromise. SEC547: Defending Product Supply Chains teaches how to minimize the risk of supply chain attacks via in-depth supply chain risk management strategies and tactics. The course covers the threat landscape and provides critical skills for defenders across 13 custom tailored labs, provides real-world examples of how these attacks work and how to stop them from happening to you. You'll leave this course with the industry best practice required to inject security and assurance into your organization's technology acquisitions.

Many organizations have logging capabilities but lack the people and processes to analyze them. In addition, logging systems collect vast amounts of data from a variety of data sources which require an understanding of the sources for proper analysis. This class is designed to provide training, methods, and processes for enhancing existing logging solutions. This class will also provide the understanding of the when, what, and why behind the logs. This is a lab-heavy course that utilizes SOF-ELK, a SANS-sponsored free SIEM solution, to train hands-on experience and provide the mindset for large-scale data analysis.

The challenges faced by security professionals are constantly evolving, so there is a huge demand for those who can understand a technology problem and quickly develop a solution. If you have to wait on a vendor to develop a tool to recover a forensics artifact, or to either patch or exploit that new vulnerability, then you will always be behind. It is no longer an option for employers serious about information security to operate without the ability to rapidly develop their own tools. This course will give you the skills to develop solutions so that your organization can operate at the speed of the adversary. SEC573 is an immersive, self-paced, hands-on, and lab-intensive course. After covering the essentials required for people who have never coded before, the course will present students with real-world forensics, defensive, and offensive challenges. You will develop a malware dropper for an offensive operation; learn to search your logs for the latest attacks; develop code to carve forensics artifacts from memory, hard drives, and packets; automate the interaction with an online website's API; and write a custom packet sniffer. Through fun and engaging labs, youll develop useful tools and build essential skills that will make you the most valuable member of your information security team. 128 Hands-on Labs + Capture-the-Flag Challenge

With Open-Source Intelligence (OSINT) being the engine of most major investigations in this digital age the need for a more advanced course was imminent. The data in almost every OSINT investigation becomes more complex to collect, exploit and analyze. For this OSINT practitioners all around the world have a need for performing OSINT at scale and means and methods to check and report on the reliability of their analysis for sound and unbiased reports. In SEC587 you will learn how to perform advanced OSINT Gathering & Analysis as well as understand and use common programming languages such as JSON and Python. SEC587 also will go into Dark Web and Financial (Cryptocurrency) topics as well as disinformation, advanced image and video OSINT analysis. This is an advanced fast-paced course that will give seasoned OSINT investigators new techniques and methodologies and entry-level OSINT analysts that extra depth in finding, collecting and analyzing data sources from all around the world.

SEC595 provides students with a crash-course introduction to practical data science, statistics, probability, machine learning, and AI. The course is structured as a series of short discussions with extensive hands-on labs that help students to develop useful intuitive understandings of how these concepts relate and can be used to solve real-world problems. The best analogy is that we are using an apprenticeship approach to bring you from beginner to journeyman in AI and related fields. If you've never done anything with data science or machine learning but want to use these AI techniques, this is definitely the course for you! 30 Hands-on Labs

SEC673 is designed as the logical progression point for students who have completed SEC573: Automating Information Security with Python, or for those who already familiar with basic Python programming concepts. We jump immediately into advanced concepts. SEC673 looks at coding techniques used by popular open-source information security packages and how to apply them to your own Python cybersecurity projects. We'll learn from the best of them as we spend the week making information security for our project, named SPF100, as easy to develop and maintain as that of the most popular cybersecurity projects. Discover how to organize your code and use advanced programming concepts to make your code faster, more efficient, and easier to develop and maintain.

This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, "Congratulations, you are now a security officer." If you need to get up to speed fast, Security 301 rocks!

Whether you're new to information security or a seasoned expert with a specialized focus, SEC401 provides the essential skills and techniques needed to secure critical information and technology assets, whether on-premises or in the cloud. The course teaches you how to apply these concepts directly into a winning defensive strategy, all framed in terms of combating today's adversaries. This is how we fight, and this is how we win! With 20 hands-on labs, SEC401 empowers you to implement these skills effectively in real-world scenarios.

Want to write better? Learn to hack the reader! Discover how to find an opening, break down your readers' defenses, and capture their attention to deliver your message-even if they are too busy or indifferent to others' writing. This unique course, built exclusively for cybersecurity professionals, will strengthen your writing skills and boost your security career.

SEC403 shows you how to put together an effective security briefing, secure the interest and engagement of your audience, and confidently deliver presentations to a variety of groups. You will learn effective techniques to secure management approval for new security projects and tools, as well as how to handle the toughest questions and adjust on-the-fly. Designed exclusively for cybersecurity professionals, this course covers best practices for common security presentations such as penetration testing reports, security assessment reports, incident updates, after-action reports, security awareness briefings, and more.

ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

The ICS418: ICS Security Essentials for Leaders course empowers leaders responsible for securing critical infrastructure and operational technology environments. The course addresses the need for dedicated ICS security programs, the teams that run them, and the skills required to map industrial cyber risk to business objectives to prioritize safety. ICS418 will help you lead the people, processes, and technologies necessary to create and sustain lasting ICS cyber risk programs while promoting a culture of safety, reliability, and security.

The ICS456: Essentials for NERC Critical Infrastructure Protection course empowers students with knowledge of the what and the how of the version 5/6/7 standards. The course addresses the role of the Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), and Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems, and helps asset owners determine the requirements applicable to specific implementations.

ICS515: ICS Visibility, Detection, and Response will help you gain visibility and asset identification in your Industrial Control System (ICS)/Operational Technology (OT) networks, monitor for and detect cyber threats, deconstruct ICS cyber attacks to extract lessons learned, perform incident response, and take an intelligence-driven approach to executing a world-leading ICS cybersecurity program to ensure safe and reliable operations. Note: This class was previously named ICS515: ICS Active Defense and Incident Response. The course has gone through a significant update changing much of the content, most of the labs, and adding a day in course length.

Unveil the prevalent risks, discover mitigation tactics, and gain insights into AI-related cybersecurity and policy development. Designed for AI adopters to decision-makers, this training ensures a comprehensive grasp of GenAI's transformative impact on both personal and professional realms. Embrace the AI evolution with confidence and competence.

LDR414 is fully updated for the April 2024 CISSP exam update! LDR414: SANS Training Program for CISSP Certification is an accelerated review course to prepare you to pass the exam. The course, designed by expert practitioners and SANS Fellows, Eric Conrad and Seth Misenar, prepares students to navigate all types of questions included on the new version of the exam. SANS' unique offering allows you to not only pass the test, but also to learn from the best.

Recent laws are requiring organizations to perform a cybersecurity risk assessment for compliance and audit reasons. However, many organizations do this without a specific strategy, which leads to random defenses, ineffective programs, and financial loss. In this introduction to cybersecurity risk assessments, understanding the business context for the assessment promotes accurately discerning business risk and protecting accordingly. Go beyond theoretical and academic and truly understand how to properly prepare for and perform risk assessments that matter - know what risks to look for in relation to your specific organizational context, how to uncover these risks effectively, and present results to leadership for actionable results. LDR419 teaches students the foundational knowledge and practical, hands-on skills they need to perform such risk assessments.

Security leaders realize that cybersecurity is no longer just a technical issue but also a human one. Their greatest challenge now has become how to most effectively manage their human risk, as people are involved in over 80% of all breaches. Many organizations attempt to address this by running security awareness programs, but far too often most programs are compliance focused, nothing more than mandatory annual training. As a result, not only is their workforce highly insecure, but most of their workforce has a very negative perception of cybersecurity. This course enables organizations to effectively manage and measure their human risk by changing people's behavior and building a strong security culture.

Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This security managers training course will teach leaders about the key elements of any modern security program. Learn to quickly grasp critical cybersecurity issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, application security, DevSecOps, cloud security, and security operations. This is more than security training. You will learn how to lead security teams and manage programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.

The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.

Vulnerability, patch, and configuration management are not new security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage these capabilities effectively. The quantity of outstanding vulnerabilities for most large organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new vulnerabilities in their infrastructure and applications. When you add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, security may seem unachievable. This course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 16 Cyber42 and lab exercises.

This cloud security strategy for leaders training course focuses on what managers, directors, and security leaders need to know about developing their plan/roadmap while managing cloud security implementation capabilities. To safeguard the organization's cloud environment and investments, a knowledgeable management team must engage in thorough planning and governance. We emphasize the essential knowledge needed to develop a cloud security roadmap and effectively implement cloud security capabilities. Making informed security decisions when adopting the cloud necessitates understanding the technology, processes, and people associated with the cloud environment. 12 Hands-on Cyber42 Exercises + Capstone.

Are you struggling to get everyone in your organization to care about and buy into cybersecurity? Do you feel like you are battling an uphill battle regarding cybersecurity with both your executive leadership and your workforce? Learn how to engage and transform your organization into cybersecurity's biggest believers and supporters by institutionalizing a strong security culture. In addition, students will apply everything they learn through a series of eleven interactive team labs, numerous case studies, and the chance to earn the LDR521 Challenge Coin in the Cyber42 leadership simulation capstone.

Many cybersecurity professionals are highly technical but often unfamiliar with project management terminology, methodologies, resource management, and leading teams. Overseeing diverse groups of stakeholders and team members, estimating resources accurately, as well as analyzing risk as applied to different organizational structures and relationships is a struggle for many new technical project leaders. Today's virtual work environment only increases these complexities. It is critically important to understand how to leverage a wide range of development approaches and project management framework components to maximize resources across various business units for project success. Confidently lead security initiatives that deliver on time, within budget, reduce organizational risk and complexity while driving bottom line value. 35 Exercises

If you are a SOC manager or leader looking to unlock the power of proactive, intelligence-informed cyber defense, then LDR551 is the perfect course for you! In a world where IT environments and threat actors evolve faster than many teams can track, position your SOC to defend against highly motivated threat actors. Highly dynamic modern environments require a cyber defense capability that is forward-looking, fast-paced, and intelligence-driven. This SOC manager training course will guide you through these critical activities from start to finish and teach you how to design defenses with your organization's unique risk profile in mind. Walk away with the ability to align your SOC activities with organizational goals. 17 hands-on exercises + Cyber42 interactive leadership simulations.

If you are worried about leading or supporting a major cyber incident, then this is the course for you. LDR553: Cyber Incident Management focuses on the non-technical challenges facing leaders in times of extreme pressure. Whilst you may have a full team of technical staff standing-by to find, understand and remove the attackers, they need information, tasking, managing, supporting, and listening to so you can maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers. This course contains nine (9) case studies for hands-on learning.

The successful information security leader is responsible for more than just managing cybersecurity teams that protect their organization's interests. There are few disciplines more critical to organizational success than financial stewardship, so an effective information security leader must also have solid knowledge of business finance. This course will take information security leaders on a journey to help them understand and successfully navigate their organization's financial status. Understanding and effectively communicating financial stewardship will contribute to your own success, the success of the cybersecurity team that you are privileged to lead, and, ultimately, the success of your organization.

High-profile cybersecurity attacks indicate that offensive attacks are outperforming defensive measures. Cybersecurity engineers, auditors, privacy, and compliance team members are asking how they can practically protect and defend their systems and data, and how they should implement a prioritized list of cybersecurity hygiene controls. In SANS SEC566, students will learn how an organization can defend its information by using a vetted cybersecurity control standard. Students will specifically learn how to implement, manage, and assess security control requirements defined by the Center for Internet Security's (CIS) Controls. Students will gain direct knowledge of the CIS Controls and ecosystem of tools to implement CIS controls across organizations complex networks, including cloud assets. 17 Lab Exercises and a program management simulation.