online training course catalog
TRANSCRIPT
Also in this catalog: Pages
SANS Upcoming Live Events 9Cyber Defense 10 - 11Penetration Testing 12 - 13Digital Forensics 14 - 15Software Security 16Audit, Management, Legal 16
The SANS Institute is the most trusted training provider
for information security professionals around the world.
SANS provides live training (from small groups to multi-
course training events), online training (from self-paced
to instructor-led), certifi cation, education, and free
community resources.
This training guide and the enclosed IT Security
Training Roadmap will help you plan your education
and accelerate your career! The roadmap pullout contains
all of the course, certifi cation, and career information
you need to chart a course to success in Cyber Defense,
Penetration Testing, Digital Forensics and Incident
Response, or another information security fi eld.
You’ll fi nd the roadmap between pages 8 and 9.
SANS ONLINE
TRAINING
“I hold three GIAC certifi cations, have attended multiple classes, and nothing prepares me to do my job better than SANS Online Training.” —Rick Whitmore, University of Kansas
ONDEMANDE-learning Available Anytime, Anywhere, at Your Own Pace
Pages 2-3
vLIVELive Online Training from Your
Own Home or Offi cePages 4-5
SIMULCASTAttend a SANS Training Event
Without Leaving HomePage 6
SELFSTUDYSelf-Paced Training for the
Disciplined InfoSec StudentPage 7
1- www.sans.org -
Reasons to Choose SANS OnDemand
Four Months of Access to Comprehensive Online Training,
Virtual Labs and Quizzes
Access to Highly Qualifi ed Subject-Matter-Experts
Web-Based Training Accessible 24/7 from Your Desktop, Laptop,
iPad, or Android Tablet
Taught by SANS’ Top Instructors, Including Rob Lee,
Ed Skoudis and Steve Sims
No Travel or Time Away from the Offi ce
Includes Video Labs and Hands-On Exercises
Complete Set of Books and Course Media
Course Progress Reports
Over 30 Courses Available – Anytime, Anywhere
Supplemental Preparation Tool for the GIAC Exam
“I love the OnDemand option. With family and work schedules, OnDemand was the only way I could fi nish the course. I also really enjoyed listening to the class.”
FRED LEEZER, CARDINAL HEALTH
OnDemandTrain Anytime, Anywhere, At Your Own Pace
If you’re a self-motivated learner who prefers a � exible training schedule, then SANS OnDemand is the right learning platform for you. Choose from more than 30 courses, and take them whenever and wherever you want.
Each course gives you four months of access to our OnDemand computer-based training platform, which includes a mix of presentation slides, video demonstrations, quizzes, virtual labs,and audio of SANS’ top instructors teaching the material.
The SANS OnDemand Platform o� ers numerous features and bene� ts that make it the best cybersecurity training available. Here are twoof them:
Online Chat Support – SANS subject-matter experts are available for real-time assistance and can answer most questions no matter how complex.
Pause, rewind, and playback speed options – One unique feature of our online training platforms is the ability to control the pace of your learning. You have the ability to pause for a break, rewind to revisit previous content again and again, or adjust the speed of the presentation to speed up or slow down the pace of every lesson.
FOR MORE INFORMATION, CONTACT US:[email protected] (7267)sans.org/ondemand2
See the current SANS Online Training special off er atwww.sans.org/online-security-training/specialsto get started today.
sans.org/ondemand
OnDemand Courses
3- www.sans.org -
Course off erings are subject to change, please visit
www.sans.org/online-security-training for regularly updated information.
CYBER DEFENSE AND PENETRATION TESTING:
SEC301: Intro to Information Security
SEC401: Security Essentials Bootcamp Style
SEC501: Advanced Security Essentials - Enterprise Defender
SEC503: Intrusion Detection In-Depth
SEC504: Hacker Tools, Techniques, Exploits and Incident Handling
SEC505: Securing Windows and PowerShell Automation
SEC506: Securing Linux/Unix
SEC511: Continuous Monitoring and Security Operations
SEC542: Web App Penetration Testing and Ethical Hacking
SEC560: Network Penetration Testing and Ethical Hacking
SEC566: Implementing and Auditing the Critical Security Controls - In-Depth
SEC575: Mobile Device Security and Ethical Hacking
SEC579: Virtualization and Private Cloud Security
SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
DIGITAL FORENSICS & INCIDENT RESPONSE:
FOR408: Windows Forensic Analysis
FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
FOR518: Mac Forensic Analysis
FOR572: Advanced Network Forensics and Analysis
FOR578: Cyber Threat Intelligence
FOR585: Advanced Smartphone Forensics
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
SECURITY MANAGEMENT:
MGT414: SANS Training Program for CISSP® Certifi cation
MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™
MGT514: IT Security Strategic Planning, Policy and Leadership
SOFTWARE SECURITY:
DEV522: Defending Web Applications Security Essentials
DEV541: Secure Coding in Java/JEE: Developing Defensible Applications
DEV544: Secure Coding in .NET: Developing Defensible Applications
IT AUDIT:
AUD507: Auditing and Monitoring Networks, Perimeters and Systems
LEGAL SECURITY:
LEG523: Law of Data Security and Investigations
INDUSTRIAL CONTROL SYSTEMS:
ICS410: ICS/SCADA Security Essentials
ICS515: ICS Active Defense and Incident Response
“Overall, I am much happier with the Web-based live training as there is (a) no travel required, (b) no travel budget required, and (c) some‘soak time’ between modules (as well as time tocomplete the exercises before the next session).It’s still a bit of a fi re hose to drink from, butI would heartily recommend this format.”
—BILL STACKPOLE, ROCHESTER INSTITUTE OF TECHNOLOGY
Reasons to Choose SANS vLive
Live Evening Courses Taken
from the Convenience of Your
Home or Offi ce
Access to Highly Qualifi ed
Subject-Matter-Experts
Six Months of Online
Course Access
Meet Twice per Week
for Six Weeks
Course Content Authored
by Instructors
Labs, Hands-On Exercises
and Archived Lectures
Complete Set of Books
and Course Media
NEW IMAGE HERE
4
vLiveLive Online Training from Your Own Home or Offi ce
vLive courses from SANS Institute are taken via online classrooms that typically meet two evenings per week for six weeks and are taught by SANS’ top instructors. They feature challenging labs and exercises that develop skills, help reinforce concepts, and are supported by subject-matter-experts.
Simply log in at the scheduled times and join your instructor and classmates in an interactive virtual classroom. Don’t worry if you can’t attend every live session; classes are recorded and you can review the class archives for six months.
Taking a vLive course and being a part of an interactive virtual classroom o� ers you numerous advantages. You’ll not only be able to interact with your peers and have access to SANS subject-matter-experts, just as importantly you’ll bene� t from direct, real-time interaction with our world-class instructors throughout your course.
sans.org/vlive
See the current SANS Online Training special off er atwww.sans.org/online-security-training/specialsto get started today.
FOR MORE INFORMATION, CONTACT US:[email protected] (7267)sans.org/vlive
NEW IMAGE HERE
See the current SANS Online Training special off er at www.sans.org/online-security-training/specialsto get started today.
- www.sans.org - 5
Course off erings are subject to change, please visit
www.sans.org/online-security-training for regularly
updated information.
2016 COURSE SCHEDULE:
Nov 1, 2016 - Dec 8, 2016: SEC504: Hacker Tools, Techniques, Exploits and Incident Handling
Nov 7, 2016 - Dec 14, 2016: MGT414: SANS Training Program for CISSP® Certifi cation
Nov 8, 2016 - Dec 15, 2016: FOR572: Advanced Network Forensics and Analysis
Dec 5, 2016 - Jan 25, 2017: SEC542: Web App Penetration Testing and Ethical Hacking
Dec 6, 2016 - Jan 26, 2017: SEC560: Network Penetration Testing and Ethical Hacking
Dec 13, 2016 - Feb 2, 2017: SEC401: Security Essentials Bootcamp Style
2017 COURSE SCHEDULE: The following courses will be available throughout 2017
(go to www.sans.org/vlive/courses for an up-to-date schedule):
SEC301: Intro to Information Security
SEC401: Security Essentials Bootcamp Style
SEC501: Advanced Security Essentials - Enterprise Defender
SEC503: Intrusion Detection In-Depth
SEC504: Hacker Tools, Techniques, Exploits and Incident Handling
SEC511: Continuous Monitoring and Security Operations
SEC542: Web App Penetration Testing and Ethical Hacking
SEC560: Network Penetration Testing and Ethical Hacking
FOR408: Windows Forensic Analysis
FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
FOR572: Advanced Network Forensics and Analysis
FOR578: Cyber Threat Intelligence
FOR585: Advanced Smartphone Forensics
FOR610: Reverse-Engineering Malware: Malware Analysis
Tools and Techniques
MGT414: SANS Training Program for CISSP® Certifi cation
MGT512: SANS Security Leadership Essentials for Managers
with Knowledge Compression™
vLive Courses
“I’m at home taking the online Simulcast class but I feel like I’m there in the room. I don’t feel isolated at all. I just have access to my comforts while taking the class.”
— Deona Vastine, State of California
sans.org/simulcast
Reasons to Choose SANS Simulcast
Live Daytime Courses Taken
from the Convenience of
Your Home or Offi ce
Four Months of Online
Course Access
Complete a Course in One Week
Course Content Authored
by Instructors
Labs, Hands-On Exercises
and Archived Lectures
Highly Qualifi ed Subject-
Matter-Expert Support
Complete Set of Books
and Course Media
No Travel Required
SimulcastAttend a SANS Training Event Without Leaving Home
Simulcast training from the SANS Institute gives you the opportunity to attend a one-week live training event from your own home or o� ce via virtual classroom technology. Complete a SANS course quickly from anywhere in the world while still learning from top SANS instructors and a classroom of peers.
There are many reasons why SANS students love taking their courses through the Simulcast Platform. Through Simulcast, you receive a real-time live stream of your instructor, and real time interaction with the moderator, peers, and the Subject-Matter-Experts. It is a great SANS learning experience without the travel time and costs, and Simulcast students have the same learning outcomes as other training modalities, indicating that Simulcast students retain the knowledge learned as if they were actually in the classroom.
6
Live from SANS Pen Test HackFest 2016Nov 4 - 9, 2016: SEC560: Network Penetration Testing
and Ethical Hacking
Live from SANS Cyber Defense Initiative 2016Dec 12 - 17, 2016: FOR408: Windows Forensic AnalysisDec 12 - 17, 2016: SEC504: Hacker Tools, Techniques,
Exploits and Incident HandlingDec 12 - 17, 2016: SEC511: Continuous Monitoring and
Security OperationsDec 12 - 17, 2016: FOR508: Advanced Digital Forensics,
Incident Response, and Threat Hunting
Additional Simulcast courses will be available from these 2017 events:
SANS 2017Orlando, FL - April 7-14, 2017www.sans.org/event/sans-2017
SANS Security West 2017San Diego, CA - May 11-18, 2017 https://www.sans.org/event/sans-security-west-2017
SANS Rocky MountainDenver, CO - Jun 12-17, 2017https://www.sans.org/event/rocky-mountain-2017
SANSFIREWashington, D.C. - Jul 24-29, 2017
There will be numerous additional Simulcast opportunities throughout 2017 – please check www.sans.org/simulcast/courses for an up-to-date schedule of Simulcast courses.
Host a Private Simulcast for Your Organization
SANS has the ability to stream a private Simulcast to meet the needs of your organization’s distributed workforce. A SANS instructor will teach a course to your live employee audience and remote students will attend the exact same session as your live students in real-time via Simulcast technology in a virtual classroom. Remote students participate in labs, ask questions through the moderator and interact with Subject Matter Experts via the Simulcast interface.All students also receive 4 months of access to the recorded archives.
For more information about SANS Private Simulcast training opportunities, visit www.sans.org/simulcast/private-training or contact us at [email protected]
The SANS Voucher Program allows an organization to manage its training budget from a single SANS Account and centrally administer its training. Based on the amount of the training investment, an organization could be eligible to receive bonus funds. The investment and bonus funds can be used to register for any SANS course, including all OnDemand, Simulcast, or vLive courses, and for GIAC certi� cation attempts and exams.
If your organization already has a SANS Voucher account, contact your administrator today and start your course tomorrow!
For more information about the SANS Voucher Program, visit www.sans.org/vouchers.
Please Note: Due to the pre-negotiated discounts off ered by SANS Voucher Programs, they cannot be combined with any other promotions.
SANS Voucher Program
SelfStudySelfStudy is self-paced training for themotivated and disciplined InfoSec student.
Most SANS Cyber Defense, Penetration Testing, Digital Forensics and Incident Response, Industrial Control Systems, Developer, Audit and Legal courses are available for completion via SANS SelfStudy. For more information, visit www.sans.org/selfstudy.
7- www.sans.org -
SANS Voucher Program$
for Your Organization
SelfStudySelfStudy is self-paced training for theSelfStudy is self-paced training for themotivated and disciplined InfoSec student.
Most SANS Cyber Defense, Penetration Testing, Digital Forensics and Incident Response, Industrial Control Systems, Developer, Audit and Legal courses are available for completion via SANS SelfStudy. For more information, visit
8
GIAC30 cybersecurity certifi cations are available,
in cyber defense, penetration testing, digital
forensics, ICS/SCADA and more.
www.giac.org
SANS Technology InstituteAccredited graduate programs and
graduate certifi cates in information security
completed via SANS training.
www.sans.edu
Securing The HumanEmployee security awareness program
applicable to every organization.
securingthehuman.sans.org
Internet Storm CenterMoment-by-moment intrusion detection news
for the world’s cyber defense community.
isc.sans.edu
NetWarsA suite of live and online, hands-on,
interactive scenario challenges to help
you master a wide range of skills.
www.sans.org/netwars
DFIR NetWars An incident simulator packed with a vast
amount of forensic, malware analysis, threat
hunting, and incident response challenges
designed to help students gain profi ciency
without the risk associated when working
real-life incidents.
www.sans.org/netwars/dfi r-tournament
SANS Institute is the largest provider of information security training and education in the world. Since 1989, SANS has trained more than 140,000 cybersecurity professionals and delivered free news, research and resources to thousands more.
SANS programs and services also include
private training options, free webcasts and
blogs, the CyberTalent applicant assessment
program, and the VetSuccess and Women’s
Academy talent pool programs.
Learn more about SANS Institute at:
www.sans.org
ABOUT SANS
SANS Live and Online TrainingMore than 55 information
security courses are taught
around the world and online
by an unparalleled faculty
of industry leaders.
www.sans.org
E X P E R I E N C E
T O U R N A M E N T
Upcoming Live Events
Live Simulcast Courses Available
9
SANS Cyber Defense Initiative 2016Washington, DC • December 10-17, 2016www.sans.org/event/cyber-defense-initiative-2016
SANS 2017Orlando, FL • April 7-14, 2017www.sans.org/event/sans-2017
SANS Security West 2017San Diego, CA • May 11-18, 2017http://www.sans.org/event/sans-security-west-2017
SANSFIREWashington, DC • July 24-29, 2017
Live Simulcast Courses Available
Live Simulcast Courses Available
39 Courses,NetWars & More!
38 Courses,NetWars & More!
Twitter: @SANSInstitute
LinkedIn: SANS Institute
Blogs: www.sans.org/security-resources/blogs
Webcasts: www.sans.org/webcasts
Internet Storm Center: isc.sans.edu
SANS Reading Room: www.sans.org/reading-room+
Where to fi nd the SANS Institute:
36 Courses,NetWars & More!
Live Simulcast Courses Available
30+ Specialized certifi cations are available now, learn more at www.giac.org
“GIAC defi nes a higher level of mastery and skill that
is required in order to earn the credential. GIAC really
stands out among other security certifi cations.”
—Josh Ringer, Benfi s Health System
PROVE YOUR SKILLS STAY COMPETITIVE GET GIAC CERTIFIED!
It seems that wherever you turn, organizations are being broken into and the fundamental question that everyone wants answered is “Why?” Why do some organizations get broken into and others not? Our Cyber Defense curriculum mission is to teach you what needs to be done to keep an organization secure.
The Critical Security Controls outlined below will enable you to identify risk, determine highest priorities, focus in on the areas that really matter, and measure progress against established baselines to improve your overall security posture.
10
Cyber Defense
AN OODA LOOP PATCHING
Overview of Threat CategoriesTo help through the process of cataloging any threats to information systems, four categories or families of threats have been identi� ed. Those categories are as follows:
PHYSICAL THREATS
Includes: Threats to the con� dentiality, integrity, or availability of information systems that are physical in nature. These threats generally describe actions that could lead to the theft, harm, or destruction of information systems.
RESOURCE THREATS
Includes: Threats to the con� dentiality, integrity, or availability of information systems that are the result of a lack of resources required by the information system. These threats often cause failures of information systems through a disruption of resources required for operations.
PERSONNEL THREATS
Includes: Threats to the con� dentiality, integrity, or availability of information systems that are the result of failures or actions performed by an organization’s personnel. These threats can be the result of deliberate or accidental actions that cause harm to information systems.
TECHNICAL THREATS
Includes: Threats to the con� dentiality, integrity, or availability of information systems that are technical in nature. These threats are most often considered when identifying threats and constitute the technical actions performed by a threat actor that can cause harm to an information system.
Critical Security ControlsThe Center for Internet Security (CIS) Critical Security Controls Version 6.1
CSC 1: Inventory of Authorized and Unauthorized Devices
CSC 2: Inventory of Authorized and Unauthorized Software
CSC 3: Secure Con� gurations for Hardware and Software on Mobile
Devices, Laptops, Workstations, and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Controlled Use of Administrative Privileges
CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs
CSC 7: Email and Web Browser Protections
CSC 8: Malware Defenses
CSC 9: Limitation and Control of Network Ports, Protocols, and Services
CSC 10: Data Recovery Capability
CSC 11: Secure Con� gurations for Network Devices such as Firewalls,
Routers, and Switches
CSC 12: Boundary Defense
CSC 13: Data Protection
CSC 14: Controlled Access Based on the Need to Know
CSC 15: Wireless Access Control
CSC 16: Account Monitoring and Control
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 18: Application Software Security
CSC 19: Incident Response and Management
CSC 20: Penetration Tests and Red Team Exercises
V6.1
OBSERVETrack security bulletins,
advisories
DECIDEPrioritize remediation
strategy
ACTRollout, Monitor,
Manage “breakage”
ORIENTAccess applicability,
operational issues, risk
SEC301: Intro to Information Security This introductory course is the fastest way to get up to speed in information security. The entry-level course includes a broad spectrum of security topics and real-life examples, and can be used to prepare for GISF Certifi cation. sans.org/SEC301
SEC401: Security Essentials Bootcamp StyleIn this course, students learn the language and underlying theory of computer and information security. Since all jobs today require an understanding of security, this course will help you understand how security applies to your job. In addition, students will gain the essential and latest knowledge and skills required for eff ective management of security systems and processes. sans.org/SEC401
SEC501: Advanced Security Essentials – Enterprise DefenderA key theme of this course is that prevention is ideal, but detection is a must. Security professionals must know how to constantly advance security eff orts in order to prevent as many attacks as possible. This prevention needs to occur both externally and internally via portable, network and server environments.sans.org/SEC501
SEC503: Intrusion Detection In-DepthThe purpose of this course is to acquaint students with the core knowledge, tools and techniques necessary to defend networks. Spanning a wide variety of topics, from foundational materials such as TCP/IP to detecting an intrusion, this training will provide students with in-depth knowledge on intrusion detection.sans.org/SEC503
SEC505: Securing Windows and PowerShell AutomationIn SEC505 students learn to defend against pass-the-hash attacks, administrator account compromise, and the lateral movement of hackers inside the network by implementing the Critical Security Controls and PowerShell in a Windows environment. sans.org/SEC505
SEC506: Securing Linux/UnixExperience in-depth coverage of Linux and Unix security issues and examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems. Specifi c confi guration guidance and practical, real-world examples, tips, and tricks are provided to help students remove vulnerabilities.sans.org/SEC506
SEC511: Continuous Monitoring and Security OperationsThe Defensible Security Architecture and Network Security Monitoring/Continuous Diagnostics and Mitigation/Continuous Security Monitoring taught in this course will best position your organization or Security Operations Center to analyze threats and detect anomalies that could indicate cybercriminal behavior.sans.org/SEC511
SEC566: Implementing and Auditing the Critical Security Controls – In-DepthAs threats evolve, an organization’s security should as well. To enable your organization to stay on top of this ever-changing scenario, SANS designed this course to train students how to implement the Twenty Critical Security Controls – a prioritized, risk-based approach to security that was designed by a master group of private and public sector experts from around the world.sans.org/SEC566
SEC579: Virtualization and Private Cloud SecurityLearn best practices for confi guring and designing virtual security controls and infrastructure, and determine how your vulnerability assessment and forensic processes can be updated to more accurately detect and manage risks in virtual and cloud environments. sans.org/SEC579
ON
DEM
AND
vLIV
E
SIM
ULCAST
SELF
STUDY
GIAC
11
cyber-defense.sans.org
CYBER DEFENSECURRICULUM:
Course Descriptions
Penetration TestingWhat Makes SANS Penetration Testing Courses Special?In SANS penetration testing courses, you will learn in-depth, hands-on skills associated with the most powerful and common attacks today. For penetration testers, vulnerability assessment personnel, and Red Teamers,you’ll be able to apply your skills in your very next project, providing even more technical depth and business value. For cyber defenders, you’ll gain key insights into o� ensive tactics that will help you signi� cantly improve your organization’s defenses. And, for forensic analysts, incident handlers, and Blue Teamers, SANS penetration testing courses will transform your understanding of your adversary’s methods and help you anticipate and counter the attacker’s next move.
What Is High-Value Penetration Testing and Why Is It Important?A high-value penetration test has several aspects:• It models the activities of real-world attackers…• To � nd vulnerabilities in target systems…• And exploits them under controlled circumstances…• Applying technical excellence to determine and document risk and potential business impact…• In a professional, safe fashion according to a carefully designed scope and rules of engagement…• With the goal of helping an organization prioritize. These skills will help every cyber security
professional in their work of securing their organization.
Penetration Testing Resourcespen-testing.sans.org/resources
Twitter@SANSPenTest
Blogpen-testing.sans.org/blog
LinkedInlinkedin.com/company/sans-pentest
SPOTLIGHT ON SANS FACULTY FELLOW ED SKOUDIS
“Successful penetration testers don’t just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in-depth, and conduct their test in a careful, professional manner. Our courses explain the inner workings of numerous tools and their use in eff ective network penetration test and ethical hacking projects.” - Ed Skoudis
12
SEC504: Hacker Tools, Techniques, Exploits and Incident HandlingModern attack techniques and their associated defenses are covered in this course, so that o� ense can inform defense to improve the state of security in your organization by preparing you to handle incidents caused by the latest threats. sans.org/SEC504
SEC542: Web App Penetration Testing and Ethical HackingThrough detailed, hands-on exercises, this intermediate to advanced level course will provide you with the skills needed to perform web app vulnerability discovery and exploitation for your organization. sans.org/SEC542
SEC560: Network Penetration Testing and Ethical HackingIn-depth pen testing skills learned in SEC560 prepare you to conduct professional-grade pen tests, end-to-end, including scoping, recon, scanning, exploitation, and post-exploitation. sans.org/SEC560
SEC575: Mobile Device Security and Ethical HackingSecure design, deployment, operation and pen testing of mobile devices and their associated infrastructures are the topics of this course. Top-notch lessons on device analysis, app exploitation, mobile device management and wireless infrastructures are included. sans.org/SEC575
SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation TechniquesIn this course you will experience intense web app and web services exploitation, diving deep into the mechanics of web app infrastructures and protocols to � nd and � xsubtle yet hugely damaging � aws before the hackers do. sans.org/SEC642
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical HackingThis course is designed to take your skills to a whole new level, with in-depthinformation and techniques about targeting network infrastructures, fuzzing to � ndvulnerabilities, exploiting crypto problems, writing and customizing exploits forWindows and Linux, and more. sans.org/SEC5660
ON
DEM
AND
vLIV
E
SIM
ULCAST
SELF
STUDY
GIAC
ICS410: ICS/SCADA Security Essentials—SANS has joined forces with industry leaders to equip security professionals and control system engineers with the cybersecurity skills they need to defend national critical infrastructure. This course provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging threats. sans.org/ICS410
INDUSTRIAL CONTROL SYSTEMS CURRICULUM:
ICS515: ICS Active Defense and Incident Response—This course will help you deconstruct ICS cyber attacks, leverage an active defense to identify and counter threats in your ICS, and use incident response procedures to maintain the safety and reliability of operations. The course will empower students to understand their networked industrial control system environment, monitor it for threats, perform incident response against identi� ed threats, and learn from interactions with the adversary to enhance network security. This process of monitoring, responding to, and learning from threats internal to the network is known as active defense. sans.org/ICS515 13
PENETRATION TESTING CURRICULUM:
pen-testing.sans.org
Course Descriptions
ics.sans.org
14
“I am a huge SANS fan, this is my second course
and I plan on taking as many as I can fi t into the
company’s training budget for future years.”
- Kurt Manke, Organic Valley
With today’s ever-changing technologies and environments, it is inevitable that every organization will deal with cybercrime. Over 60% of all breach victims learn of a compromise from third-party noti� cations, not from internal security teams. In most cases, adversaries have been rummaging through your network undetected for months or even years. Adversaries are no longer compromising one or two systems in enterprises; they are compromising hundreds. Organizations of all sizes are in need of personnel that can master incident response techniques that can properly identify compromised systems, provide e� ective containment of the breach, and ultimately rapidly remediate the incident. Likewise, Government & Law Enforcement Organizations are in need of skilled personnel to perform media exploitation and recover key evidence available on adversary systems & devices.
To help solve these challenges, organizations are relying on digital forensic professionals and cybercrime teams to piece together a comprehensive account of what happened. Whether your job requires you to generate accurate intelligence to detect current & future intrusions in your company’s network, or decrypt and analyze a suspect’s digital device that contains key evidence to solve your case, our DFIR courses are built under the premise that digital forensics, incident response, media exploitation and threat hunting teams are the keys to successfully identify evidence, mitigate a possible threat and provide comprehensive account of an incident.
• Hunting for the adversary before and during an incident across your enterprise• In-depth digital forensics knowledge of the Microsoft Windows and Apple OSX operating systems• Examining portable smartphone and mobile devices to look for malware and digital forensic artifacts• Incorporating network forensics into your investigations, providing better � ndings, and getting the
job done faster• Leaving no stone unturned by incorporating memory forensics during your investigations• Understanding the capabilities of malware to derive threat intelligence, respond to information
security incidents, and fortify defenses• Identifying, extracting, prioritizing, and leveraging cyber threat intelligence from advanced
persistent threat (APT) intrusions• Recognizing that a properly trained incident responder could be the only defense an organization
has during a compromise. As a forensics investigator, you need to know what you’re up against, and you need to have the most up-to-date knowledge of how to detect and � ght it—that is what SANS DFIR classes will teach you.
ON
DEM
AND
vLIV
E
SIM
ULCAST
SELF
STUDY
GIAC
FOR408: Windows Forensic AnalysisThis course focuses on building in-depth digital forensics knowledge of the Microsoft Windows operating systems. You can’t protect what you don’t know about, and understanding forensic capabilities and artifacts is a core component of information security. Learn to recover, analyze, and authenticate forensic data on Windows systems. sans.org/FOR408
FOR508: Advanced Digital Forensics, Incident Response, and Threat HuntingThis in-depth incident response and threat hunting course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivism. sans.org/FOR508
FOR518: Mac Forensic AnalysisMac Forensic Analysis aims to form a well-rounded investigator by introducing Mac forensics into a Windows-based forensics world. This course focuses on topics such as the HFS+ � le system, Mac speci� c data � les, tracking user activity, system con� guration, analysis and correlation of Mac logs, Mac applications, and Mac exclusive technologies. sans.org/FOR518
FOR526: Memory Forensics In-DepthThis is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases. In today’s forensics cases, it is just as critical to understand memory structures as it is to understand disk and registry structures. Having in-depth knowledge of Windows memory internals allows the examiner to access target data speci� c to the needs of the case at hand. sans.org/FOR526
FOR572: Advanced Network Forensics and AnalysisThere is simply no incident response action that doesn’t include a communications component any more - whether you conduct threat hunting operations or post-mortem incident response, understanding how systems have communicated is critical to success. Network data and artifacts is the key to success. sans.org/FOR572
FOR578: Cyber Threat IntelligenceDuring a targeted attack, an organization needs a top-notch threat hunting or incident response team armed with threat intelligence to understand how adversaries operate and to counter the threat. This course will train you and your team in the tactical, operational, and strategic cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more e� ective, and organizations more aware of the evolving threat landscape. sans.org/FOR578
FOR585: Advanced Smartphone ForensicsIt is almost impossible today to conduct a digital forensic investigation that does not include a smartphone or mobile device. The smartphone may be the only source of digital evidence tracing an individual’s movements and motives, and can provide the who, what, when, where, why, and how behind a case. This course teaches real-life, hands-on skills that help handle investigations involving even the most complex smartphones currently available. sans.org/FOR585
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and TechniquesUnderstanding the capabilities of malware is critical to an organization’s ability to derive threat intelligence, respond to information security incidents, and fortify defenses. This popular course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools useful for turning malware inside-out. sans.org/FOR610
15
DIGITAL FORENSICS &INCIDENT RESPONSE CURRICULUM
Course Descriptions
digital-forensics.sans.org
MGT414: SANS Training Program for CISSP® Certifi cationThis course is designed to prepare you to pass the current CISSP® Certi� cation Exam. It is an accelerated review course that assumes the student has a basic understanding of networks and operating systems and focuses solely on the eight domains of knowledge as determined by (ISC)2. sans.org/MGT414
MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™ This completely updated course is designed to empower advancing managers who want to get up to speed quickly on information security issues and terminology. You won’t just learn about security, you will learn how to manage security. sans.org/MGT512
MGT514: IT Security Strategic Planning, Policy and LeadershipThis course teaches security professionals how to navigate the ever-growing world of security by developing strategic plans, creating e� ective information security policy, and developing management and leadership skills. sans.org/MGT514
LEG523: Law of Data Security and InvestigationsThis course will teach you the law of business, contracts, fraud, crime, IT security, IT liability and IT policy – all with a focus on electronically stored and transmitted records. The course also teaches investigators how to prepare credible, defensible reports, whether for cyber crimes, forensics, incident response, human resources or other investigations. sans.org/LEG523
Management Curriculum:
Legal Curriculum:
Audit Curriculum:
ON
DEM
AND
vLIV
E
SIM
ULCAST
SELF
STUDY
GIAC
DEV522: Defending Web Applications Security EssentialsThis is the course to take to learn how to defend web applications. Traditional network defenses, such as � rewalls, fail to secure web applications. The quantity and importance of data entrusted to web applications is growing, and defenders need to learn how to secure that data. sans.org/DEV522
DEV541: Secure Coding in Java/JEE: Developing Defensible ApplicationsThis course teaches students how to build secure Java applications and gain the knowledge and skills to keep a website from getting hacked, counter a wide range of application attacks, prevent critical security vulnerabilities that can lead to data loss, and understand the mindset of attackers. Learn foundational defensive techniques, cutting-edge protection, and Java EE security features you can use in your applications as soon as you return to work. sans.org/DEV541
DEV544: Secure Coding in .NET: Developing Defensible ApplicationsThis course will help students leverage built-in and custom defensive technologies to integrate security into their applications. Students will examine actual code, work with real tools, build applications, and gain con� dence in the resources they need to improve the security of .NET applications. sans.org/DEV544
AUD507: Auditing and Monitoring Networks, Perimeters and SystemsThis course is organized to provide a risk-driven method for tackling the enormous task of designing an enterprise security-validation program. After covering a variety of high-level audit issues and general audit best practices, the students will have the opportunity to dive deep into the technical how-to for determining the key controls that can be used to provide a level of assurance to an organization. sans.org/AUD507
16
software-security.sans.org
Software Security Curriculum
Course Descriptions
Course Pricing
Course prices are subject to change. Visit www.sans.org/online-security-training for regularly updated information.
iPad Pro and Microsoft Surface Pro 4 are only available to individuals in the United States or Canada. The $500 discount is available globally. This offer expires January 18,
2017, and payment must be received by this expiration date to participate in the offer. Allow up to 4 weeks for iPad Pro or Microsoft Surface Pro 4 delivery. Canada customers
are responsible for paying any applicable duties, taxes or customs fees. This offer cannot be combined with any other offer or discount, including SANS Voucher Program.
This offer does not apply when courses are incorporated into certain larger SANS-related special programs, including the graduate program of the SANS Technology Institute.
SANS course offerings are subject to change at any time, please refer back to SANS.org for up-to-date course information. SANS shall not be held liable for students who elect
marketing promotions or discounts that are not consistent with their employer’s Standards of Conduct and/or procurement standards. SANS reserves the right to substitute
this offer for an alternative product, service or cash award of approximately equivalent retail value. iPad Pro is a trademark of Apple Inc., registered in the U.S. and other
countries. Microsoft Surface Pro 4 is a registered trademark of Microsoft.
LIMITED TIME OFFEREnds January 18!
iPAD PRO or $500 OFF SPECIAL OFFER DETAILS:
The SANS Online Training iPad Pro or $500 off offer is a fantastic opportunity to make the most of your training budget while getting an exciting new training tool with your course!
More than 30 OnDemand and vLive online courses that are eligible for this offer can be completed from your own computer. Train from anywhere, anytime! Use your remaining training budget to complete cutting-edge information security courses AND receive an iPad Pro!
All of SANS’ Online Training features the same expert instructors, courseware and exercises as live training.
This limited time offer is easy to redeem, and your iPad Pro will be shipped soon after your registration payment is received.
Redeem this offer in three simple steps:1. Visit www.sans.org/online-security-training/specials2. Select an eligible OnDemand or vLive online course3. Use your chosen discount code during checkout to receive either:
• To receive A Silver iPad Pro: MACA17_Silver• To receive A Gold iPad Pro: MACA17_Gold• To receive A Space Gray iPad Pro: MACA17_Gray• To Receive A Microsoft Surface Pro 4: PCA17• To Receive A $500 Course Discount: 500A17
For more detailed information about our Online Training formats, see pages 2-7.
Cyber Defense and Penetration Testing:
SEC301: Intro to Information Security $5,130
SEC401: Security Essentials Bootcamp Style $5,910
SEC501: Advanced Security Essentials - Enterprise Defender $5,910
SEC503: Intrusion Detection In-Depth $5,910
SEC504: Hacker Tools. Techniques, Exploits and Incident Handling $5,910
SEC505: Securing Windows with PowerShell and the Critical Security Controls $5,820
SEC506: Securing Linux/Unix $5,910
SEC511: Continuous Monitoring and Security Operations $5,910
SEC542: Web App Penetration Testing and Ethical Hacking $5.910
SEC560: Network Penetration Testing and Ethical Hacking $5,910
SEC566: Implementing and Auditing the Critical Security Controls - In-Depth $5,130
SEC575: Mobile Device Security and Ethical Hacking $5,910
SEC579: Virtualization and Private Cloud Security $5,910
SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques $5,910
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking $5,910
Digital Forensics & Incident Response:
FOR408: Windows Forensic Analysis $5,910
FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting $5,910
FOR518: Mac Forensic Analysis $5,910
FOR526: Memory Forensics In-Depth $5,910
FOR572: Advanced Network Forensics and Analysis $5,910
FOR578: Cyber Threat Intelligence $5,910
FOR585: Advanced Smartphone Forensics $5,910
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques $5,910
Security Management:
MGT414: SANS Training Program for CISSP® Certification $5,240
MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™ $5,530
MGT514: IT Security Strategic Planning, Policy and Leadership $5,130
Software Security:
DEV522: Defending Web Applications Security Essentials $5,820
DEV541: Secure Coding in Java/JEE: Developing Defensible Applications $4,640
DEV544: Secure Coding in .NET: Developing Defensible Applications $4,640
IT Audit:
AUD507: Auditing & Monitoring Networks, Perimeters and Systems $5,820
Legal Security:
LEG523: Law of Data Security and Investigations $5,130
Industrial Control Systems:
ICS410: ICS/SCADA Security Essentials $5,450
ICS515: ICS/SCADA Advanced Course $5,710
17
IT SecurityTraining Roadmap
The IT Security Training Roadmap inside is a representation of the studies needed to
advance your career in seven paths of information security. Use this guide to plan
your personal growth in the industry.
Discover a Path to Success with SANS
The Most Trusted Name in Computer Security Education, Certifi cation and Research
ENTER
OnDemand
| OnDemand www.sans.org/ondemand
vLive| vLive www.sans.org/vlive
Simulcast
| Simulcast www.sans.org/simulcast
SelfStudy| SelfStudy www.sans.org/selfstudy
Online Training Formats
OnDemand is a custom-made, comprehensive e-learning platform that allows you to complete SANS Institute training from anywhere in the world, at any time. More than 30 pre-recorded SANS courses are packaged and accessible for four months with OnDemand enrollment. Using the course presentation slides, audio from lectures, video demonstrations, quizzes and labs, along with support from live Subject-Matter Experts, the OnDemand learning experience will help you master a subject in all of its depth and complexity.
vLive is a live evening classroom course format that gives you the structure and interaction of a live course, along with the fl exibility and repetition of an online course. Weekly meetings and six months of access to all course recordings and materials allow vLive students to have the best of both live and online training.
Simulcast allows students who cannot travel to a live SANS event to experience the one-week live course via remote access. Students log in to the online classroom and experience an interactive and hands-on learning program, without traveling. All of the course books and materials are also provided.
SelfStudy online training provides students with SANS course books, exercises, lecture MP3s, and quizzes for a self-paced learning experience.
OnDemand Bundles—It’s also possible to add the features of OnDemand to a live course. If you plan to attend a one-week course at one of SANS’ many live events, consider adding an OnDemand Bundle to get extended access to the course archives, the custom e-learning platform to manage your progress and continuous support from Subject-Matter Experts.www.sans.org/ondemand/bundles
OnSite Simulcast courses can also be arranged to meet your organization’s custom or private training needs. Visit www.sans.org/onsite for more information.
Available Course OptionsOnDemand vLive Simulcast SelfStudy
Taught by an Unparalleled Faculty of Information Security Leaders Custom Courseware Written for SANS, Including Books, CDs and Exercises E-Learning Platform Available for 4 Months Live Evening Meetings for 5 or 6 Weeks Live Daytime One-Week Courses Integrated Quizzes to Reinforce Learning Subject-Matter Expert Support Real-Time Access to Instructors MP3 Archives of Instructor Lectures 4 Mo. 6 Mo. 4 Mo. 4 Mo.
Virtual Lab Access 4 Mo. 6 Mo. 4 Mo. 4 Mo.
Archived Live Course Recordings 6 Mo. 4 Mo.
Online Voucher Credits May Be Applied to Course Fees No Travel Cost Minimal Impact on YourNormal Routine Flexible & Eff ective SANS Training from Your Own Computer
Prove Your Skills | Stay Competitive | Get GIAC Certifi ed!
“GIAC is the only certifi cation that proves you have hands-on technical skills” - Christina Ford, Department of Commerce
More than 30 Specialized certifi cations are available now. Learn more at www.giac.org
Watch the quick video comparison of SANS’ Online Training formats at www.sans.org/online-security-training
Compare the Features of All 4 Online Training Formats:
Learn more go to http://www.sans.org/20coolestcareers
Information Security Crime Investigator/Forensics Expert
Job DescriptionThis expert analyzes how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised. Investigating traces left by complex attacks re-quires a forensic expert who is not only profi cient in the latest forensic, response, and reverse engineering skills, but is astute in the latest exploit methodologies.
Why It’s CoolIn the private world, the security guy just cleans up the mess to try and keep the ship afl oat, but when criminals strike, the crime investigator gets to see that the bad guys go to jail. Want to see the face of your enemy... behind bars? It’s a thrill like no other - being pitted against the mind of the criminal and having to re-construct his lawless path.
Recommended SANS CoursesFOR408: Computer Forensic Investigations - Windows In-DepthFOR508: Advanced Computer Forensic Analysis and Incident Response
CISO/ISO or Director of Security
Job DescriptionToday’s Chief Information Security Offi cers are no longer defi ned the way they used to be. While still technologists, today’s CISO/ISO’s must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, fi nancial constraints and technological adoption.
Why It’s CoolDirectors of Security are the ones who decide where to build the “watch towers”, how many rangers are stationed in the park, where fi res can be safely built, and what the greater rules of engagement are. Their experience gives them a high-level and vital view of the risks involved in doing business, and they are trusted to focus on business goals and remove threats to achieving those goals.
Recommended SANS CoursesMGMT414: SANS Training Program for CISSP® Certifi cationMGMT515: SANS Security Leadership Essentials for Managers with Knowledge Compression™MGMT525: IT Project Management, Eff ective Communication, and PMP® Exam Prep
The 4 Coolest Jobs in Information Security
SOC (Security Operations Center) Analyst
Job DescriptionThe SOC Analyst is responsible for assessing and monitoring the organization’s computer network and information systems to en-sure that they are properly defending against attacks. The Ana-lyst’s role includes proactively defending an organization, fi xing vulnerabilities before they are exploited by an adversary AND reactively detecting attacks, determining how the adversaries break in, and defending the organization to contain and control the amount of damage that is caused.
Why It’s CoolThe SOC is typically the fi rst line of defense and responsible for keeping an organization’s most critical assets protected and se-cure. Being on the front line, watching attacks and being able to react in real time is one of the most exciting areas of cyber secu-rity. Catching attacks in progress and correcting vulnerabilities make a real diff erence in protecting an organization
Recommended SANS CoursesSEC401: Security Essentials Bootcamp StyleSEC501: Advanced Security Essentials - Enterprise DefenderSEC502: Perimeter Protection In-DepthSEC503: Intrusion Detection In-DepthSEC511: Continuous Monitoring and Security Operations
System, Network, Web Pen Tester
Job DescriptionThis expert fi nds security vulnerabilities in target systems, net-works, and applications in order to help enterprises improve their security. By identifying which fl aws can be exploited to cause busi-ness risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources.
Why It’s CoolThere is nothing like fi nding the magic back door that everyone says isn’t there! The power to understand how systems can be pen-etrated and misused is something less than one percent of people in the entire security industry know, let alone the average citizen.
Recommended SANS CoursesSEC504: Hacker Tools, Techniques, Exploits & Incident HandlingSEC542: Web App Penetration Testing and Ethical HackingSEC560: Network Penetration Testing and Ethical HackingSEC575: Mobile Device Security and Ethical HackingSEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses SANS Core NetWars
MANAGEMENT
BeginnersSEC301 NOTE:
If you have experience in the fi eld, please consider starting with our more
advanced course – SEC401.
Many of these courses are also
off ered at live events! Visit www.sans.org
for a complete listing of SANS events.
M A N A G E M E N T C U R R I C U L U M
I T A U D I T C U R R I C U L U M
Specialized
L E G A L C U R R I C U L U M
I N D U S T R I A L C O N T R O L S Y S T E M S
C U R R I C U L U M
S A N S I T S E C U R I T Y T R A I N I N G A N D Y O U R C A R E E R R O A D M A P
SEC301Intro to Information
Security
System AdministrationSEC401
Security Essentials Bootcamp Style
SEC579Virtualization
and Private Cloud Security
SEC506Securing
Linux/Unix
SEC505Securing Windows
and PowerShell Automation
Network SecuritySEC401
Security Essentials Bootcamp Style
SEC566Implementing &
Auditing the Critical Security Controls –
In-Depth
Incident Handling
SEC401Security Essentials Bootcamp Style
FOR508Advanced Computer Forensic Analysis & Incident Response
SEC504Hacker
Tools,Techniques, Exploits, and
Incident Handling
MGT414SANS Training
Program for CISSP® Certifi cation
MGT514IT Security
Strategic Planning, Policy and Leadership
SEC401Security Essentials Bootcamp Style
LEG523Law of Data Security and Investigations
MGT305Technical
Communication and Presentation Skills for Security
Professionals
MGT535Incident
Response Team Management
MGT415A Practical Introduction to Cyber Security Risk
Management
D E V E L O P E R C U R R I C U L U M
Core
Secure Coding
SpecializedSEC542
Web App Pen Testing and
Ethical Hacking
SEC642Advanced Web App
Pen Testing and Ethical Hacking
DEV544Secure Coding in .NET: Developing
Defensible Applications
DEV522Defending Web
Applications Security Essentials
DEV541Secure Coding in
Java/JEE: Developing Defensible
Applications
MGT512SANS Security
Leadership Essentials For Managers with
Knowledge Compression™
SEC301Intro to
Information Security
SEC401Security Essentials
Bootcamp Style
SEC566Implementing &
Auditing the Critical Security
Controls – In-Depth
AUD507Auditing Networks,
Perimeters, and Systems
SelfStudy
Simulcast
vlive
OnDemand
SelfStudy
OnDemand vLive Simulcast
Intrusion AnalysisSEC401
Security Essentials Bootcamp Style
FOR508Advanced Computer Forensic Analysis & Incident Response
SEC502Perimeter Protection In-Depth
SEC503Intrusion Detection In-Depth
SEC511Continuous
Monitoring & Security Operations
S E C U R I T Y C U R R I C U L U M
Penetration Testing
SEC642Advanced Web App
Pen Testing and Ethical Hacking
SEC560Network Pen Testing and
Ethical Hacking
SEC542Web App Pen Testing and
Ethical Hacking
SEC617Wireless Ethical
Hacking, Pen Testing & Defenses
SEC575Mobile Device Security and
Ethical Hacking
SEC504Hacker Tools,
Techniques,Exploits, & Incident Handling
SEC401Security Essentials Bootcamp Style
SEC660Advanced Pen
Testing, ExploitWriting, and
Ethical Hacking
SEC501Advanced Security
Essentials – Enterprise Defender
F O R E N S I C S C U R R I C U L U M
Core
Specialized
In-Depth
FOR408Windows Forensic
Analysis
FOR508Advanced Digital
Forensics and Incident Response
FOR526Memory Forensics
In-Depth
FOR610Reverse-Engineering
Malware: Malware Analysis Tools and
Techniques
SEC504Hacker Tools,
Techniques, Exploits, and Incident Handling
FOR585Advanced
Smartphone Forensics
SEC501Advanced Security
Essentials – Enterprise Defender
SEC501Advanced Security
Essentials – Enterprise Defender
SEC501Advanced Security
Essentials – Enterprise Defender
FOR518Mac Forensic Analysis
ICS410ICS/SCADA
Security Essentials
ICS515ICS Active Defense
and Incident Response
FOR572Advanced
Network Forensics and Analysis
FOR578Cyber Threat Intelligence