Online Training Course Catalog - SANS Institute

5 downloads 257 Views 13MB Size Report
from a single SANS Account and centrally administer its training. Based on the ... and Incident Response, Industrial Con
“I hold three GIAC certifications, have attended multiple classes, and nothing prepares me to do my job better than SANS Online Training.” —Rick Whitmore, University of Kansas

SANS ONLINE TRAINING

ONDEMAND E-learning Available Anytime, Anywhere, at Your Own Pace Pages 2-3

vLIVE Live Online Training from Your Own Home or Office Pages 4-5

SIMULCAST Attend a SANS Training Event Without Leaving Home Page 6

SELFSTUDY Self-Paced Training for the Disciplined InfoSec Student Page 7

The SANS Institute is the most trusted training provider for information security professionals around the world. SANS provides live training (from small groups to multicourse training events), online training (from self-paced to instructor-led), certification, education, and free community resources. This training guide and the enclosed IT Security Training Roadmap will help you plan your education and accelerate your career! The roadmap pullout contains all of the course, certification, and career information you need to chart a course to success in Cyber Defense, Penetration Testing, Digital Forensics and Incident Response, or another information security field. You’ll find the roadmap between pages 8 and 9.

Also in this catalog:

Pages

SANS Upcoming Live Events Cyber Defense Penetration Testing Digital Forensics Software Security Audit, Management, Legal

9 10 - 11 12 - 13 14 - 15 16 16

- www.sans.org -

1

sans.org/ondemand

Reasons to Choose SANS OnDemand Four Months of Access to Comprehensive Online Training, Virtual Labs and Quizzes Access to Highly Qualified Subject-Matter-Experts Web-Based Training Accessible 24/7 from Your Desktop, Laptop, iPad, or Android Tablet Taught by SANS’ Top Instructors, Including Rob Lee, Ed Skoudis and Steve Sims No Travel or Time Away from the Office Includes Video Labs and Hands-On Exercises Complete Set of Books and Course Media Course Progress Reports Over 30 Courses Available – Anytime, Anywhere Supplemental Preparation Tool for the GIAC Exam

OnDemand Train Anytime, Anywhere, At Your Own Pace If you’re a self-motivated learner who prefers a flexible training schedule, then SANS OnDemand is the right learning platform for you. Choose from more than 30 courses, and take them whenever and wherever you want. Each course gives you four months of access to our OnDemand computer-based training platform, which includes a mix of presentation slides, video demonstrations, quizzes, virtual labs, and audio of SANS’ top instructors teaching the material. The SANS OnDemand Platform offers numerous features and benefits that make it the best cybersecurity training available. Here are two of them: Online Chat Support – SANS subject-matter experts are available for real-time assistance and can answer most questions no matter how complex. Pause, rewind, and playback speed options – One unique feature of our online training platforms is the ability to control the pace of your learning. You have the ability to pause for a break, rewind to revisit previous content again and again, or adjust the speed of the presentation to speed up or slow down the pace of every lesson.

See the current SANS Online Training special offer at www.sans.org/online-security-training/specials to get started today.

“I love the OnDemand option. With family and work schedules, OnDemand was the only way I could finish the course. I also really enjoyed listening to the class.” FRED LEEZER, CARDINAL HEALTH

2

FOR MORE INFORMATION, CONTACT US: [email protected] 301-654-SANS (7267) sans.org/ondemand

OnDemand Courses CYBER DEFENSE AND PENETRATION TESTING: SEC301: Intro to Information Security SEC401: Security Essentials Bootcamp Style SEC501: Advanced Security Essentials - Enterprise Defender SEC503: Intrusion Detection In-Depth SEC504: Hacker Tools, Techniques, Exploits and Incident Handling SEC505: Securing Windows and PowerShell Automation SEC506: Securing Linux/Unix SEC511: Continuous Monitoring and Security Operations SEC542: Web App Penetration Testing and Ethical Hacking SEC560: Network Penetration Testing and Ethical Hacking SEC566: Implementing and Auditing the Critical Security Controls - In-Depth SEC575: Mobile Device Security and Ethical Hacking SEC579: Virtualization and Private Cloud Security SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking DIGITAL FORENSICS & INCIDENT RESPONSE: FOR408: Windows Forensic Analysis FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting FOR518: Mac Forensic Analysis FOR572: Advanced Network Forensics and Analysis FOR578: Cyber Threat Intelligence FOR585: Advanced Smartphone Forensics FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques SECURITY MANAGEMENT: MGT414: SANS Training Program for CISSP® Certification MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™ MGT514: IT Security Strategic Planning, Policy and Leadership SOFTWARE SECURITY: DEV522: Defending Web Applications Security Essentials DEV541: Secure Coding in Java/JEE: Developing Defensible Applications DEV544: Secure Coding in .NET: Developing Defensible Applications IT AUDIT: AUD507: Auditing and Monitoring Networks, Perimeters and Systems LEGAL SECURITY: LEG523: Law of Data Security and Investigations INDUSTRIAL CONTROL SYSTEMS: ICS410: ICS/SCADA Security Essentials ICS515: ICS Active Defense and Incident Response Course offerings are subject to change, please visit www.sans.org/online-security-training for regularly updated information.

- www.sans.org -

3

sans.org/vlive

Reasons to Choose SANS vLive Live Evening Courses Taken from the Convenience of Your Home or Office Access to Highly Qualified Subject-Matter-Experts Six Months of Online Course Access Meet Twice per Week for Six Weeks Course Content Authored by Instructors Labs, Hands-On Exercises and Archived Lectures Complete Set of Books and Course Media

“Overall, I am much happier with the Web-based live training as there is (a) no travel required, (b) no travel budget required, and (c) some ‘soak time’ between modules (as well as time to complete the exercises before the next session). It’s still a bit of a fire hose to drink from, but I would heartily recommend this format.” —BILL STACKPOLE, ROCHESTER INSTITUTE OF TECHNOLOGY

4

vLive Live Online Training from Your Own Home or Office vLive courses from SANS Institute are taken via online classrooms that typically meet two evenings per week for six weeks and are taught by SANS’ top instructors. They feature challenging labs and exercises that develop skills, help reinforce concepts, and are supported by subject-matter-experts. Simply log in at the scheduled times and join your instructor and classmates in an interactive virtual classroom. Don’t worry if you can’t attend every live session; classes are recorded and you can review the class archives for six months. Taking a vLive course and being a part of an interactive virtual classroom offers you numerous advantages. You’ll not only be able to interact with your peers and have access to SANS subject-matter-experts, just as importantly you’ll benefit from direct, real-time interaction with our world-class instructors throughout your course.

See the current SANS Online Training special offer at www.sans.org/online-security-training/specials to get started today.

NEW IMAGE HERE FOR MORE INFORMATION, CONTACT US: [email protected] 301-654-SANS (7267) sans.org/vlive

vLive Courses

2016 COURSE SCHEDULE: Nov 1, 2016 - Dec 8, 2016:

SEC504: Hacker Tools, Techniques, Exploits and Incident Handling

Nov 7, 2016 - Dec 14, 2016:

MGT414: SANS Training Program for CISSP® Certification

Nov 8, 2016 - Dec 15, 2016:

FOR572: Advanced Network Forensics and Analysis

Dec 5, 2016 - Jan 25, 2017:

SEC542: Web App Penetration Testing and Ethical Hacking

Dec 6, 2016 - Jan 26, 2017:

SEC560: Network Penetration Testing and Ethical Hacking

Dec 13, 2016 - Feb 2, 2017:

SEC401: Security Essentials Bootcamp Style

2017 COURSE SCHEDULE: The following courses will be available throughout 2017 (go to www.sans.org/vlive/courses for an up-to-date schedule): SEC301: Intro to Information Security SEC401: Security Essentials Bootcamp Style SEC501: Advanced Security Essentials - Enterprise Defender SEC503: Intrusion Detection In-Depth SEC504: Hacker Tools, Techniques, Exploits and Incident Handling SEC511: Continuous Monitoring and Security Operations SEC542: Web App Penetration Testing and Ethical Hacking SEC560: Network Penetration Testing and Ethical Hacking FOR408: Windows Forensic Analysis FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting FOR572: Advanced Network Forensics and Analysis FOR578: Cyber Threat Intelligence FOR585: Advanced Smartphone Forensics FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques MGT414: SANS Training Program for CISSP® Certification MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™ Course offerings are subject to change, please visit www.sans.org/online-security-training for regularly updated information.

- www.sans.org -

5

sans.org/simulcast

Reasons to Choose SANS Simulcast Live Daytime Courses Taken from the Convenience of Your Home or Office Four Months of Online Course Access Complete a Course in One Week Course Content Authored by Instructors Labs, Hands-On Exercises and Archived Lectures Highly Qualified SubjectMatter-Expert Support Complete Set of Books and Course Media No Travel Required

Simulcast Attend a SANS Training Event Without Leaving Home Simulcast training from the SANS Institute gives you the opportunity to attend a one-week live training event from your own home or office via virtual classroom technology. Complete a SANS course quickly from anywhere in the world while still learning from top SANS instructors and a classroom of peers. There are many reasons why SANS students love taking their courses through the Simulcast Platform. Through Simulcast, you receive a real-time live stream of your instructor, and real time interaction with the moderator, peers, and the SubjectMatter-Experts. It is a great SANS learning experience without the travel time and costs, and Simulcast students have the same learning outcomes as other training modalities, indicating that Simulcast students retain the knowledge learned as if they were actually in the classroom. Live from SANS Pen Test HackFest 2016 Nov 4 - 9, 2016:

SEC560: Network Penetration Testing and Ethical Hacking

Live from SANS Cyber Defense Initiative 2016 Dec 12 - 17, 2016: FOR408: Windows Forensic Analysis Dec 12 - 17, 2016: SEC504: Hacker Tools, Techniques, Exploits and Incident Handling Dec 12 - 17, 2016: SEC511: Continuous Monitoring and Security Operations Dec 12 - 17, 2016: FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting Additional Simulcast courses will be available from these 2017 events:

SANS 2017 Orlando, FL - April 7-14, 2017 www.sans.org/event/sans-2017

SANS Security West 2017

“I’m at home taking the online Simulcast class but I feel like I’m there in the room. I don’t feel isolated at all. I just have access to my comforts while taking the class.”

San Diego, CA - May 11-18, 2017 https://www.sans.org/event/sans-security-west-2017

— Deona Vastine, State of California

SANSFIRE

SANS Rocky Mountain Denver, CO - Jun 12-17, 2017 https://www.sans.org/event/rocky-mountain-2017

Washington, D.C. - Jul 24-29, 2017 There will be numerous additional Simulcast opportunities throughout 2017 – please check www.sans.org/simulcast/courses for an up-to-date schedule of Simulcast courses.

6

SelfStudy SelfStudy is self-paced training for the motivated and disciplined InfoSec student. Most SANS Cyber Defense, Penetration Testing, Digital Forensics and Incident Response, Industrial Control Systems, Developer, Audit and Legal courses are available for completion via SANS SelfStudy. For more information, visit www.sans.org/selfstudy.

$

SANS Voucher Program

The SANS Voucher Program allows an organization to manage its training budget from a single SANS Account and centrally administer its training. Based on the amount of the training investment, an organization could be eligible to receive bonus funds. The investment and bonus funds can be used to register for any SANS course, including all OnDemand, Simulcast, or vLive courses, and for GIAC certification attempts and exams. If your organization already has a SANS Voucher account, contact your administrator today and start your course tomorrow! For more information about the SANS Voucher Program, visit www.sans.org/vouchers. Please Note: Due to the pre-negotiated discounts offered by SANS Voucher Programs, they cannot be combined with any other promotions.

Host a Private Simulcast for Your Organization SANS has the ability to stream a private Simulcast to meet the needs of your organization’s distributed workforce. A SANS instructor will teach a course to your live employee audience and remote students will attend the exact same session as your live students in real-time via Simulcast technology in a virtual classroom. Remote students participate in labs, ask questions through the moderator and interact with Subject Matter Experts via the Simulcast interface. All students also receive 4 months of access to the recorded archives. For more information about SANS Private Simulcast training opportunities, visit www.sans.org/simulcast/private-training or contact us at [email protected]

- www.sans.org -

7

ABOUT SANS

SANS Live and Online Training More than 55 information security courses are taught around the world and online by an unparalleled faculty of industry leaders. www.sans.org

GIAC 30 cybersecurity certifications are available, in cyber defense, penetration testing, digital forensics, ICS/SCADA and more. www.giac.org

SANS Technology Institute Accredited graduate programs and graduate certificates in information security completed via SANS training. www.sans.edu

Securing The Human Employee security awareness program applicable to every organization. securingthehuman.sans.org

SANS Institute is the largest provider of information security training and education in the world. Since 1989, SANS has trained more than 140,000 cybersecurity professionals and delivered free news, research and resources to thousands more. SANS programs and services also include private training options, free webcasts and blogs, the CyberTalent applicant assessment

Internet Storm Center Moment-by-moment intrusion detection news for the world’s cyber defense community. isc.sans.edu

program, and the VetSuccess and Women’s Academy talent pool programs.

NetWars A suite of live and online, hands-on, interactive scenario challenges to help you master a wide range of skills. www.sans.org/netwars

E X P E R I E N C E

DFIR NetWars

T

O

U

R

N

8

A

M

E

N

T

An incident simulator packed with a vast amount of forensic, malware analysis, threat hunting, and incident response challenges designed to help students gain proficiency without the risk associated when working real-life incidents. www.sans.org/netwars/dfir-tournament

Learn more about SANS Institute at:

www.sans.org

Upcoming Live Events SANS Cyber Defense Initiative 2016 Washington, DC • December 10-17, 2016 www.sans.org/event/cyber-defense-initiative-2016

Live Simulcast Courses Available

39 Courses, NetWars & More!

SANS 2017 Orlando, FL • April 7-14, 2017 www.sans.org/event/sans-2017

Live Simulcast Courses Available

38 Courses, NetWars & More!

SANS Security West 2017 San Diego, CA • May 11-18, 2017 http://www.sans.org/event/sans-security-west-2017

Live Simulcast Courses Available

SANSFIRE Washington, DC • July 24-29, 2017

Live Simulcast Courses Available

36 Courses, NetWars & More!

PROVE YOUR SKILLS STAY COMPETITIVE GET GIAC CERTIFIED!

“GIAC defines a higher level of mastery and skill that is required in order to earn the credential. GIAC really stands out among other security certifications.” —Josh Ringer, Benfis Health System 30+ Specialized certifications are available now, learn more at www.giac.org

Where to find the SANS Institute: Twitter: @SANSInstitute LinkedIn: SANS Institute Blogs: www.sans.org/security-resources/blogs

+

Webcasts: www.sans.org/webcasts Internet Storm Center: isc.sans.edu SANS Reading Room: www.sans.org/reading-room

9

Cyber Defense

Overview of Threat Categories

It seems that wherever you turn, organizations are being broken into and the fundamental question that everyone wants answered is “Why?” Why do some organizations get broken into and others not? Our Cyber Defense curriculum mission is to teach you what needs to be done to keep an organization secure. The Critical Security Controls outlined below will enable you to identify risk, determine highest priorities, focus in on the areas that really matter, and measure progress against established baselines to improve your overall security posture.

Critical Security Controls

V6.1

The Center for Internet Security (CIS) Critical Security Controls Version 6.1 CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs CSC 7: Email and Web Browser Protections CSC 8: Malware Defenses CSC 9: Limitation and Control of Network Ports, Protocols, and Services CSC 10: Data Recovery Capability CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches CSC 12: Boundary Defense CSC 13: Data Protection CSC 14: Controlled Access Based on the Need to Know CSC 15: Wireless Access Control CSC 16: Account Monitoring and Control CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps CSC 18: Application Software Security CSC 19: Incident Response and Management CSC 20: Penetration Tests and Red Team Exercises

10

To help through the process of cataloging any threats to information systems, four categories or families of threats have been identified. Those categories are as follows: PHYSICAL THREATS Includes: Threats to the confidentiality, integrity, or availability of information systems that are physical in nature. These threats generally describe actions that could lead to the theft, harm, or destruction of information systems.

RESOURCE THREATS Includes: Threats to the confidentiality, integrity, or availability of information systems that are the result of a lack of resources required by the information system. These threats often cause failures of information systems through a disruption of resources required for operations.

PERSONNEL THREATS Includes: Threats to the confidentiality, integrity, or availability of information systems that are the result of failures or actions performed by an organization’s personnel. These threats can be the result of deliberate or accidental actions that cause harm to information systems.

TECHNICAL THREATS Includes: Threats to the confidentiality, integrity, or availability of information systems that are technical in nature. These threats are most often considered when identifying threats and constitute the technical actions performed by a threat actor that can cause harm to an information system.

AN OODA LOOP  PATCHING OBSERVE Track security bulletins, advisories ACT Rollout, Monitor, Manage “breakage”

ORIENT Access applicability, operational issues, risk

DECIDE Prioritize remediation strategy

AC GI

ST

UD Y

ST

LF SE

UL CA SIM

vL

IVE

MA DE

cyber-defense.sans.org

ON

CYBER DEFENSE CURRICULUM:

ND

Course Descriptions

SEC301: Intro to Information Security This introductory course is the fastest way to get up to speed in information security. The entry-level course includes a broad spectrum of security topics and real-life examples, and can be used to prepare for GISF Certification. sans.org/SEC301 SEC401: Security Essentials Bootcamp Style In this course, students learn the language and underlying theory of computer and information security. Since all jobs today require an understanding of security, this course will help you understand how security applies to your job. In addition, students will gain the essential and latest knowledge and skills required for effective management of security systems and processes.

sans.org/SEC401 SEC501: Advanced Security Essentials – Enterprise Defender A key theme of this course is that prevention is ideal, but detection is a must. Security professionals must know how to constantly advance security efforts in order to prevent as many attacks as possible. This prevention needs to occur both externally and internally via portable, network and server environments.

sans.org/SEC501 SEC503: Intrusion Detection In-Depth The purpose of this course is to acquaint students with the core knowledge, tools and techniques necessary to defend networks. Spanning a wide variety of topics, from foundational materials such as TCP/IP to detecting an intrusion, this training will provide students with in-depth knowledge on intrusion detection.

sans.org/SEC503 SEC505: Securing Windows and PowerShell Automation In SEC505 students learn to defend against pass-the-hash attacks, administrator account compromise, and the lateral movement of hackers inside the network by implementing the Critical Security Controls and PowerShell in a Windows environment. sans.org/SEC505 SEC506: Securing Linux/Unix Experience in-depth coverage of Linux and Unix security issues and examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems. Specific configuration guidance and practical, real-world examples, tips, and tricks are provided to help students remove vulnerabilities.

sans.org/SEC506 SEC511: Continuous Monitoring and Security Operations The Defensible Security Architecture and Network Security Monitoring/Continuous Diagnostics and Mitigation/Continuous Security Monitoring taught in this course will best position your organization or Security Operations Center to analyze threats and detect anomalies that could indicate cybercriminal behavior.

sans.org/SEC511 SEC566: Implementing and Auditing the Critical Security Controls – In-Depth As threats evolve, an organization’s security should as well. To enable your organization to stay on top of this ever-changing scenario, SANS designed this course to train students how to implement the Twenty Critical Security Controls – a prioritized, risk-based approach to security that was designed by a master group of private and public sector experts from around the world.

sans.org/SEC566 SEC579: Virtualization and Private Cloud Security Learn best practices for configuring and designing virtual security controls and infrastructure, and determine how your vulnerability assessment and forensic processes can be updated to more accurately detect and manage risks in virtual and cloud environments. sans.org/SEC579

11

Penetration Testing What Makes SANS Penetration Testing Courses Special? In SANS penetration testing courses, you will learn in-depth, hands-on skills associated with the most powerful and common attacks today. For penetration testers, vulnerability assessment personnel, and Red Teamers, you’ll be able to apply your skills in your very next project, providing even more technical depth and business value. For cyber defenders, you’ll gain key insights into offensive tactics that will help you significantly improve your organization’s defenses. And, for forensic analysts, incident handlers, and Blue Teamers, SANS penetration testing courses will transform your understanding of your adversary’s methods and help you anticipate and counter the attacker’s next move.

What Is High-Value Penetration Testing and Why Is It Important? A high-value penetration test has several aspects: • It models the activities of real-world attackers… • To find vulnerabilities in target systems… • And exploits them under controlled circumstances… • Applying technical excellence to determine and document risk and potential business impact… • In a professional, safe fashion according to a carefully designed scope and rules of engagement… • With the goal of helping an organization prioritize. These skills will help every cyber security professional in their work of securing their organization.

Penetration Testing Resources pen-testing.sans.org/resources Twitter @SANSPenTest Blog pen-testing.sans.org/blog LinkedIn linkedin.com/company/sans-pentest

SPOTLIGHT ON SANS FACULTY FELLOW ED SKOUDIS

“Successful penetration testers don’t just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in-depth, and conduct their test in a careful, professional manner. Our courses explain the inner workings of numerous tools and their use in effective network penetration test and ethical hacking projects.” - Ed Skoudis

12

AC GI

ST

UD Y

ST

LF SE

UL CA SIM

vL

IVE

MA DE

pen-testing.sans.org

ON

PENETRATION TESTING CURRICULUM:

ND

Course Descriptions

SEC504: Hacker Tools, Techniques, Exploits and Incident Handling Modern attack techniques and their associated defenses are covered in this course, so that offense can inform defense to improve the state of security in your organization by preparing you to handle incidents caused by the latest threats. sans.org/SEC504 SEC542: Web App Penetration Testing and Ethical Hacking Through detailed, hands-on exercises, this intermediate to advanced level course will provide you with the skills needed to perform web app vulnerability discovery and exploitation for your organization. sans.org/SEC542 SEC560: Network Penetration Testing and Ethical Hacking In-depth pen testing skills learned in SEC560 prepare you to conduct professional-grade pen tests, end-to-end, including scoping, recon, scanning, exploitation, and postexploitation. sans.org/SEC560 SEC575: Mobile Device Security and Ethical Hacking Secure design, deployment, operation and pen testing of mobile devices and their associated infrastructures are the topics of this course. Top-notch lessons on device analysis, app exploitation, mobile device management and wireless infrastructures are included. sans.org/SEC575 SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques In this course you will experience intense web app and web services exploitation, diving deep into the mechanics of web app infrastructures and protocols to find and fix subtle yet hugely damaging flaws before the hackers do. sans.org/SEC642 SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking This course is designed to take your skills to a whole new level, with in-depth information and techniques about targeting network infrastructures, fuzzing to find vulnerabilities, exploiting crypto problems, writing and customizing exploits for Windows and Linux, and more. sans.org/SEC5660

INDUSTRIAL CONTROL SYSTEMS CURRICULUM: ics.sans.org ICS410: ICS/SCADA Security Essentials—SANS has joined forces with industry leaders to equip security professionals and control system engineers with the cybersecurity skills they need to defend national critical infrastructure. This course provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging threats. sans.org/ICS410 ICS515: ICS Active Defense and Incident Response—This course will help you deconstruct ICS cyber attacks, leverage an active defense to identify and counter threats in your ICS, and use incident response procedures to maintain the safety and reliability of operations. The course will empower students to understand their networked industrial control system environment, monitor it for threats, perform incident response against identified threats, and learn from interactions with the adversary to enhance network security. This process of monitoring, responding to, and learning from threats internal to the network is known as active defense. sans.org/ICS515

13

With today’s ever-changing technologies and environments, it is inevitable that every organization will deal with cybercrime. Over 60% of all breach victims learn of a compromise from third-party notifications, not from internal security teams. In most cases, adversaries have been rummaging through your network undetected for months or even years. Adversaries are no longer compromising one or two systems in enterprises; they are compromising hundreds. Organizations of all sizes are in need of personnel that can master incident response techniques that can properly identify compromised systems, provide effective containment of the breach, and ultimately rapidly remediate the incident. Likewise, Government & Law Enforcement Organizations are in need of skilled personnel to perform media exploitation and recover key evidence available on adversary systems & devices. To help solve these challenges, organizations are relying on digital forensic professionals and cybercrime teams to piece together a comprehensive account of what happened. Whether your job requires you to generate accurate intelligence to detect current & future intrusions in your company’s network, or decrypt and analyze a suspect’s digital device that contains key evidence to solve your case, our DFIR courses are built under the premise that digital forensics, incident response, media exploitation and threat hunting teams are the keys to successfully identify evidence, mitigate a possible threat and provide comprehensive account of an incident. • • • •

Hunting for the adversary before and during an incident across your enterprise In-depth digital forensics knowledge of the Microsoft Windows and Apple OSX operating systems Examining portable smartphone and mobile devices to look for malware and digital forensic artifacts Incorporating network forensics into your investigations, providing better findings, and getting the job done faster Leaving no stone unturned by incorporating memory forensics during your investigations Understanding the capabilities of malware to derive threat intelligence, respond to information security incidents, and fortify defenses Identifying, extracting, prioritizing, and leveraging cyber threat intelligence from advanced persistent threat (APT) intrusions Recognizing that a properly trained incident responder could be the only defense an organization has during a compromise. As a forensics investigator, you need to know what you’re up against, and you need to have the most up-to-date knowledge of how to detect and fight it—that is what SANS DFIR classes will teach you.

• • • •

“I am a huge SANS fan, this is my second course and I plan on taking as many as I can fit into the company’s training budget for future years.” - Kurt Manke, Organic Valley

14

AC GI

ST

UD Y

ST

LF SE

UL CA SIM

IVE

DE

MA vL

digital-forensics.sans.org

ON

DIGITAL FORENSICS & INCIDENT RESPONSE CURRICULUM

ND

Course Descriptions

FOR408: Windows Forensic Analysis This course focuses on building in-depth digital forensics knowledge of the Microsoft Windows operating systems. You can’t protect what you don’t know about, and understanding forensic capabilities and artifacts is a core component of information security. Learn to recover, analyze, and authenticate forensic data on Windows systems. sans.org/FOR408 FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting This in-depth incident response and threat hunting course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivism. sans.org/FOR508 FOR518: Mac Forensic Analysis Mac Forensic Analysis aims to form a well-rounded investigator by introducing Mac forensics into a Windows-based forensics world. This course focuses on topics such as the HFS+ file system, Mac specific data files, tracking user activity, system configuration, analysis and correlation of Mac logs, Mac applications, and Mac exclusive technologies. sans.org/FOR518 FOR526: Memory Forensics In-Depth This is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases. In today’s forensics cases, it is just as critical to understand memory structures as it is to understand disk and registry structures. Having in-depth knowledge of Windows memory internals allows the examiner to access target data specific to the needs of the case at hand. sans.org/FOR526 FOR572: Advanced Network Forensics and Analysis There is simply no incident response action that doesn’t include a communications component any more - whether you conduct threat hunting operations or post-mortem incident response, understanding how systems have communicated is critical to success. Network data and artifacts is the key to success. sans.org/FOR572 FOR578: Cyber Threat Intelligence During a targeted attack, an organization needs a top-notch threat hunting or incident response team armed with threat intelligence to understand how adversaries operate and to counter the threat. This course will train you and your team in the tactical, operational, and strategic cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape. sans.org/FOR578 FOR585: Advanced Smartphone Forensics It is almost impossible today to conduct a digital forensic investigation that does not include a smartphone or mobile device. The smartphone may be the only source of digital evidence tracing an individual’s movements and motives, and can provide the who, what, when, where, why, and how behind a case. This course teaches real-life, hands-on skills that help handle investigations involving even the most complex smartphones currently available. sans.org/FOR585 FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques Understanding the capabilities of malware is critical to an organization’s ability to derive threat intelligence, respond to information security incidents, and fortify defenses. This popular course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools useful for turning malware inside-out. sans.org/FOR610

15

DEV522: Defending Web Applications Security Essentials This is the course to take to learn how to defend web applications. Traditional network defenses, such as firewalls, fail to secure web applications. The quantity and importance of data entrusted to web applications is growing, and defenders need to learn how to secure that data. sans.org/DEV522 DEV541: Secure Coding in Java/JEE: Developing Defensible Applications This course teaches students how to build secure Java applications and gain the knowledge and skills to keep a website from getting hacked, counter a wide range of application attacks, prevent critical security vulnerabilities that can lead to data loss, and understand the mindset of attackers. Learn foundational defensive techniques, cutting-edge protection, and Java EE security features you can use in your applications as soon as you return to work. sans.org/DEV541 DEV544: Secure Coding in .NET: Developing Defensible Applications This course will help students leverage built-in and custom defensive technologies to integrate security into their applications. Students will examine actual code, work with real tools, build applications, and gain confidence in the resources they need to improve the security of .NET applications. sans.org/DEV544

Audit Curriculum: AUD507: Auditing and Monitoring Networks, Perimeters and Systems This course is organized to provide a risk-driven method for tackling the enormous task of designing an enterprise security-validation program. After covering a variety of high-level audit issues and general audit best practices, the students will have the opportunity to dive deep into the technical how-to for determining the key controls that can be used to provide a level of assurance to an organization. sans.org/AUD507

Management Curriculum: MGT414: SANS Training Program for CISSP® Certification This course is designed to prepare you to pass the current CISSP® Certification Exam. It is an accelerated review course that assumes the student has a basic understanding of networks and operating systems and focuses solely on the eight domains of knowledge as determined by (ISC)2. sans.org/MGT414 MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™ This completely updated course is designed to empower advancing managers who want to get up to speed quickly on information security issues and terminology. You won’t just learn about security, you will learn how to manage security. sans.org/MGT512 MGT514: IT Security Strategic Planning, Policy and Leadership This course teaches security professionals how to navigate the ever-growing world of security by developing strategic plans, creating effective information security policy, and developing management and leadership skills. sans.org/MGT514

Legal Curriculum: LEG523: Law of Data Security and Investigations This course will teach you the law of business, contracts, fraud, crime, IT security, IT liability and IT policy – all with a focus on electronically stored and transmitted records. The course also teaches investigators how to prepare credible, defensible reports, whether for cyber crimes, forensics, incident response, human resources or other investigations. sans.org/LEG523

16

AC GI

ST

UD Y

ST

LF SE

UL CA SIM

vL

IVE

MA DE

software-security.sans.org

ON

Software Security Curriculum

ND

Course Descriptions

Course Pricing

LIMITED TIME OFFER Ends January 18!

iPAD PRO or $500 OFF SPECIAL OFFER DETAILS: The SANS Online Training iPad Pro or $500 off offer is a fantastic opportunity to make the most of your training budget while getting an exciting new training tool with your course! More than 30 OnDemand and vLive online courses that are eligible for this offer can be completed from your own computer. Train from anywhere, anytime! Use your remaining training budget to complete cutting-edge information security courses AND receive an iPad Pro! All of SANS’ Online Training features the same expert instructors, courseware and exercises as live training.

This limited time offer is easy to redeem, and your iPad Pro will be shipped soon after your registration payment is received. Redeem this offer in three simple steps: 1. Visit www.sans.org/online-security-training/specials 2. Select an eligible OnDemand or vLive online course 3. Use your chosen discount code during checkout to receive either: • • • • •

To receive A Silver iPad Pro: MACA17_Silver To receive A Gold iPad Pro: MACA17_Gold To receive A Space Gray iPad Pro: MACA17_Gray To Receive A Microsoft Surface Pro 4: PCA17 To Receive A $500 Course Discount: 500A17

For more detailed information about our Online Training formats, see pages 2-7. iPad Pro and Microsoft Surface Pro 4 are only available to individuals in the United States or Canada. The $500 discount is available globally. This offer expires January 18, 2017, and payment must be received by this expiration date to participate in the offer. Allow up to 4 weeks for iPad Pro or Microsoft Surface Pro 4 delivery. Canada customers are responsible for paying any applicable duties, taxes or customs fees. This offer cannot be combined with any other offer or discount, including SANS Voucher Program. This offer does not apply when courses are incorporated into certain larger SANS-related special programs, including the graduate program of the SANS Technology Institute. SANS course offerings are subject to change at any time, please refer back to SANS.org for up-to-date course information. SANS shall not be held liable for students who elect marketing promotions or discounts that are not consistent with their employer’s Standards of Conduct and/or procurement standards. SANS reserves the right to substitute this offer for an alternative product, service or cash award of approximately equivalent retail value. iPad Pro is a trademark of Apple Inc., registered in the U.S. and other countries. Microsoft Surface Pro 4 is a registered trademark of Microsoft.

Cyber Defense and Penetration Testing: SEC301: Intro to Information Security SEC401: Security Essentials Bootcamp Style SEC501: Advanced Security Essentials - Enterprise Defender SEC503: Intrusion Detection In-Depth SEC504: Hacker Tools. Techniques, Exploits and Incident Handling SEC505: Securing Windows with PowerShell and the Critical Security Controls SEC506: Securing Linux/Unix SEC511: Continuous Monitoring and Security Operations SEC542: Web App Penetration Testing and Ethical Hacking SEC560: Network Penetration Testing and Ethical Hacking SEC566: Implementing and Auditing the Critical Security Controls - In-Depth SEC575: Mobile Device Security and Ethical Hacking SEC579: Virtualization and Private Cloud Security SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking Digital Forensics & Incident Response: FOR408: Windows Forensic Analysis FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting FOR518: Mac Forensic Analysis FOR526: Memory Forensics In-Depth FOR572: Advanced Network Forensics and Analysis FOR578: Cyber Threat Intelligence FOR585: Advanced Smartphone Forensics FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques Security Management: MGT414: SANS Training Program for CISSP® Certification MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™ MGT514: IT Security Strategic Planning, Policy and Leadership Software Security: DEV522: Defending Web Applications Security Essentials DEV541: Secure Coding in Java/JEE: Developing Defensible Applications DEV544: Secure Coding in .NET: Developing Defensible Applications IT Audit: AUD507: Auditing & Monitoring Networks, Perimeters and Systems Legal Security: LEG523: Law of Data Security and Investigations Industrial Control Systems: ICS410: ICS/SCADA Security Essentials ICS515: ICS/SCADA Advanced Course Course prices are subject to change. Visit www.sans.org/online-security-training for regularly updated information.

$5,130 $5,910 $5,910 $5,910 $5,910 $5,820 $5,910 $5,910 $5.910 $5,910 $5,130 $5,910 $5,910 $5,910 $5,910 $5,910 $5,910 $5,910 $5,910 $5,910 $5,910 $5,910 $5,910 $5,240 $5,530 $5,130 $5,820 $4,640 $4,640 $5,820 $5,130 $5,450 $5,710

17

Compare the Features of All 4 Online Training Formats: Available Course Options

The 4 Coolest Jobs in Information Security

OnDemand

vLive

Simulcast

SelfStudy

Taught by an Unparalleled Faculty of Information Security Leaders









Custom Courseware Written for SANS, Including Books, CDs and Exercises

 







E-Learning Platform Available for 4 Months



Live Evening Meetings for 5 or 6 Weeks

Subject-Matter Expert Support

 

Real-Time Access to Instructors

Recommended SANS Courses FOR408: Computer Forensic Investigations - Windows In-Depth FOR508: Advanced Computer Forensic Analysis and Incident Response

6 Mo.

4 Mo.

4 Mo.

Virtual Lab Access

4 Mo.

6 Mo.

4 Mo.

4 Mo.

6 Mo.

4 Mo.

Minimal Impact on Your Normal Routine

  

  

 

  

Flexible & Effective SANS Training from Your Own Computer









No Travel Cost

Recommended SANS Courses MGMT414: SANS Training Program for CISSP® Certification MGMT515: SANS Security Leadership Essentials for Managers with Knowledge Compression™ MGMT525: IT Project Management, Effective Communication, and PMP® Exam Prep



4 Mo.

Online Voucher Credits May Be Applied to Course Fees

Why It’s Cool Directors of Security are the ones who decide where to build the “watch towers”, how many rangers are stationed in the park, where fires can be safely built, and what the greater rules of engagement are. Their experience gives them a high-level and vital view of the risks involved in doing business, and they are trusted to focus on business goals and remove threats to achieving those goals.

 

MP3 Archives of Instructor Lectures Archived Live Course Recordings

Job Description Today’s Chief Information Security Officers are no longer defined the way they used to be. While still technologists, today’s CISO/ ISO’s must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, financial constraints and technological adoption. 

 



Watch the quick video comparison of SANS’ Online Training formats at www.sans.org/online-security-training

SOC (Security Operations Center) Analyst Job Description The SOC Analyst is responsible for assessing and monitoring the organization’s computer network and information systems to ensure that they are properly defending against attacks. The Analyst’s role includes proactively defending an organization, fixing vulnerabilities before they are exploited by an adversary AND reactively detecting attacks, determining how the adversaries break in, and defending the organization to contain and control the amount of damage that is caused. Why It’s Cool The SOC is typically the first line of defense and responsible for keeping an organization’s most critical assets protected and secure. Being on the front line, watching attacks and being able to react in real time is one of the most exciting areas of cyber security. Catching attacks in progress and correcting vulnerabilities make a real difference in protecting an organization

Prove Your Skills | Stay Competitive | Get GIAC Certified! “GIAC is the only certification that proves you have hands-on technical skills” - Christina Ford, Department of Commerce More than 30 Specialized certifications are available now. Learn more at www.giac.org

MANAGEMENT

CISO/ISO or Director of Security

Job Description This expert analyzes how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised. Investigating traces left by complex attacks requires a forensic expert who is not only proficient in the latest forensic, response, and reverse engineering skills, but is astute in the latest exploit methodologies. Why It’s Cool In the private world, the security guy just cleans up the mess to try and keep the ship afloat, but when criminals strike, the crime investigator gets to see that the bad guys go to jail. Want to see the face of your enemy... behind bars? It’s a thrill like no other - being pitted against the mind of the criminal and having to reconstruct his lawless path.

Live Daytime One-Week Courses Integrated Quizzes to Reinforce Learning

Information Security Crime Investigator/Forensics Expert

Recommended SANS Courses SEC401: Security Essentials Bootcamp Style SEC501: Advanced Security Essentials - Enterprise Defender SEC502: Perimeter Protection In-Depth SEC503: Intrusion Detection In-Depth SEC511: Continuous Monitoring and Security Operations

Online Training Formats OnDemand

IT Security Training Roadmap The IT Security Training Roadmap inside is a representation of the studies needed to advance your career in seven paths of information security. Use this guide to plan your personal growth in the industry.

System, Network, Web Pen Tester Job Description This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources.

ENTER

Learn more go to http://www.sans.org/20coolestcareers

www.sans.org/ondemand

OnDemand is a custom-made, comprehensive e-learning platform that allows you to complete SANS Institute training from anywhere in the world, at any time. More than 30 pre-recorded SANS courses are packaged and accessible for four months with OnDemand enrollment. Using the course presentation slides, audio from lectures, video demonstrations, quizzes and labs, along with support from live Subject-Matter Experts, the OnDemand learning experience will help you master a subject in all of its depth and complexity.

vLive

| vLive

www.sans.org/vlive

vLive is a live evening classroom course format that gives you the structure and interaction of a live course, along with the flexibility and repetition of an online course. Weekly meetings and six months of access to all course recordings and materials allow vLive students to have the best of both live and online training.

Simulcast

| Simulcast

www.sans.org/simulcast

Simulcast allows students who cannot travel to a live SANS event to experience the one-week live course via remote access. Students log in to the online classroom and experience an interactive and hands-on learning program, without traveling. All of the course books and materials are also provided.

SelfStudy

| SelfStudy

www.sans.org/selfstudy

SelfStudy online training provides students with SANS course books, exercises, lecture MP3s, and quizzes for a self-paced learning experience.

Why It’s Cool There is nothing like finding the magic back door that everyone says isn’t there! The power to understand how systems can be penetrated and misused is something less than one percent of people in the entire security industry know, let alone the average citizen. Recommended SANS Courses SEC504: Hacker Tools, Techniques, Exploits & Incident Handling SEC542: Web App Penetration Testing and Ethical Hacking SEC560: Network Penetration Testing and Ethical Hacking SEC575: Mobile Device Security and Ethical Hacking SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses SANS Core NetWars

| OnDemand

Discover a Path to Success with SANS The Most Trusted Name in Computer Security Education, Certification and Research

OnDemand Bundles—It’s also possible to add the features of OnDemand to a live course. If you plan to attend a one-week course at one of SANS’ many live events, consider adding an OnDemand Bundle to get extended access to the course archives, the custom e-learning platform to manage your progress and continuous support from Subject-Matter Experts. www.sans.org/ondemand/bundles OnSite Simulcast courses can also be arranged to meet your organization’s custom or private training needs. Visit www.sans.org/onsite for more information.

S A N S

I T

S E C U R I T Y

S E C U R I T Y

Y O U R D

C

Penetration Testing

SEC401

SEC301 NOTE: If you have experience in the field, please consider starting with our more advanced course – SEC401.

A N D

C U R R I C U L U M

Network Security

Beginners

T R A I N I N G

E U

V R

E R

L O P E R I C U L U M

Security Essentials Bootcamp Style

Advanced Security Essentials – Enterprise Defender

SEC301

Intro to Information Security

DEV522

R

E R

N S I C S I C U L U M

FOR408

M A N A G E M E N T C U R R I C U L U M SEC301

SEC504

Hacker Tools, Techniques, Exploits, and Incident Handling

SEC401

Intro to Information Security

Security Essentials Bootcamp Style

I T A U D I T C U R R I C U L U M SEC566

Implementing & Auditing the Critical Security Controls – In-Depth

SEC504

SEC566

Hacker Tools, Techniques,Exploits, & Incident Handling

Implementing & Auditing the Critical Security Controls – In-Depth

DEV541

SEC560

Network Pen Testing and Ethical Hacking

System Administration

SEC542

Web App Pen Testing and Ethical Hacking

SEC575

Mobile Device Security and Ethical Hacking

Secure Coding in Java/JEE: Developing Defensible Applications

MGT512

In-Depth FOR610

FOR508

DEV544

Secure Coding in .NET: Developing Defensible Applications

Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Advanced Digital Forensics and Incident Response

SANS Security Leadership Essentials For Managers with Knowledge Compression™

AUD507

Auditing Networks, Perimeters, and Systems

SEC401

OnDemand

Security Essentials Bootcamp Style

FOR572

SEC660

SEC501

SEC505

Advanced Security Essentials – Enterprise Defender

SEC579

Securing Windows and PowerShell Automation

Virtualization and Private Cloud Security

Advanced Pen Testing, Exploit Writing, and Ethical Hacking

SEC506

Securing Linux/Unix

SEC642

Advanced Web App Pen Testing and Ethical Hacking

SEC617

Wireless Ethical Hacking, Pen Testing & Defenses

FOR578

Advanced Network Forensics and Analysis

Cyber Threat Intelligence

Specialized SEC542

Web App Pen Testing and Ethical Hacking

Specialized MGT414

SANS Training Program for CISSP® Certification

SEC642

Advanced Web App Pen Testing and Ethical Hacking

MGT514

IT Security Strategic Planning, Policy and Leadership

Specialized FOR518

Simulcast

Mac Forensic Analysis

Incident Handling

Intrusion Analysis

SelfStudy

FOR526

Security Essentials Bootcamp Style

Security Essentials Bootcamp Style

SEC501

SEC501

Advanced Security Essentials – Enterprise Defender

SEC502

Perimeter Protection In-Depth

SEC503

Intrusion Detection In-Depth

FOR508

Advanced Computer Forensic Analysis & Incident Response

SEC511

Continuous Monitoring & Security Operations

Advanced Security Essentials – Enterprise Defender

FOR508

Advanced Computer Forensic Analysis & Incident Response

L E G A L C U R R I C U L U M

MGT305

SEC401

SEC401

Many of these courses are also offered at live events! Visit www.sans.org for a complete listing of SANS events.

U

R

Windows Forensic Analysis

Secure Coding

vlive

C

O

Core

Defending Web Applications Security Essentials

SEC501

F

R O A D M A P

Core

SEC401

Security Essentials Bootcamp Style

C A R E E R

SEC504

Hacker Tools,Techniques, Exploits, and Incident Handling

I N D U S T R I C O N T R O S Y S T E M C U R R I C U L

A L L S U M

FOR585

Memory Forensics In-Depth

Advanced Smartphone Forensics

Technical Communication and Presentation Skills for Security Professionals

MGT535

ICS410

ICS/SCADA Security Essentials

Incident Response Team Management

ICS515

ICS Active Defense and Incident Response

SEC401

Security Essentials Bootcamp Style

OnDemand

SelfStudy

vLive

Simulcast

MGT415

A Practical Introduction to Cyber Security Risk Management

LEG523

Law of Data Security and Investigations