Security

Twenty years of experience in the area of information assurance ensures that you are benefiting from a very mature and successful security training program.  TechNow offers the full suite of security training courses to meet any DoD 8570 requirements.

Security Course Flow

Unix Course Flow

Here is our list of security related courses.

in   

TN-905: Cyber Threat Intelligence Analysis

 

Course Overview:

TechNow has worked worldwide enterprise infrastructures for over 30 years and has developed demos and labs to exemplify the techniques required to demonstrate technologies that effectively support CTI.  This course integrates well with our courses TN-575: Open Source Network Security Monitoring and TN-865: Wireshark Network Traffic and Security Analysis .

TechNow develops Cyber Ranges and makes them available for conferences in support of annual meetings for Cyber Threat Response Teams.  Developing scenarios and reacting to them appropriately is a big part of the value in understanding the contexts required to comprehend valuable CTI.   As with many advanced TechNow security courses, there is a large hands-on ratio.  This course helps Cyber Protection Teams (CPT), Defensive Cyber Operations (DCO), and Mission Defense Teams (MDT) to collect, analyze and apply targeted cyber intelligence to defensive operations in order to proactively act on and tune response to attacks by cyber adversaries.  CPT, DCO, and MDT can take preemptive action by utilizing CTI, understanding CTI tools, techniques and procedures (TTPs) needed to generate and consume timely and relevant intelligence to improve resilience and prevention.

This course focuses on the collection, classification, and exploitation of knowledge about adversaries and their TTPs. .  MDT puts us close the mission and helps define the internal context to be analyzed against the CTI.  TechNow pushes the student to truly understand how to think about and use CTI to make a difference.

Attendees to TN-905: Cyber Threat Intelligence Analysis will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

  • Learn to comprehend and develop complex scenarios
  • Identify and create intelligence requirements through practices such as threat modeling
  • Utilize threat modeling to drive intelligence handling and practices 
  • Breakdown tactical, operational, and strategic-level threat intelligence
  • Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
  • How to collect adversary information creating better value CTI
  • How to filter and qualify external sources, mitigating low integrity intelligence
  • Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
  • Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
  • Breaking down threats mapped against their tradecraft to tweak IOCs
  • Establish structured analytical techniques to be successful in any security role
  • Learn and apply structured principles in support of CTI and how to communicate that to any security role.

Course Prerequisites:

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

TN-979: Intrusion Analyst Course

Course Overview:

Intrusion Analyst is a hands-on course that covers intrusion detection in-depth. This includes concepts such as the use of Snort, network traffic analysis, and IDS signatures.

A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of packet and intrusion analysis.

Attendees to TN-979: Intrusion Analyst will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Advanced Snort Concepts
  • Analyst Toolkit
  • Domain Name System (DNS)
  • Examining Packet Crafting
  • Examining Packet Header Fields
  • Fragmentation
  • ICMP Theory
  • IDS Interoperability
  • IDS Patterns
  • IDS/IPS Management & Architecture Issues
  • Indications, Warnings & Traffic Correlation
  • IPv6
  • Microsoft Protocols
  • Network Traffic Analysis
  • NIDS Evasion, Instertion & Checksums
  • Snort Fundamentals & Configuration
  • Snort GUIs & Sensor Management
  • Snort Performance, Active Response & Tagging
  • Snort Rules
  • Stimulus Response
  • TCPdump Fundamentals
  • TCP/IP Fundamentals
  • Wireshark Fundamentals
  • Writing TCPdump Filters

Course Prerequisites:

  • GSEC or equivalent experience
  • UNIX, Windows, Networking, and Security Experience
  • This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students

User: Tosha

Instructor comments: Dave was an excellent instructor. He is very informative and knowledgeable in the course and the material. I have enjoyed the class and I would take another course with him as the instructor.

Facilities comments: Very nice and clean hotel.

User: buckey26

Instructor comments: Dave was one of the best instructors I have ever had for a tech course. He broke down everything to the point where you can understand it internally.

Liked the class?  Then let everyone know!

Welcome to TechNow!

Welcome to TechNow! The Leader in Information Security Training & Computer Training.

The world of information security and computer training is ever changing.  The techniques and systems continue to evolve and we must stay current and diligent.  To do this, you can count on TechNow®…the leader in cybersecurity training and computer system training.

TechNow® has been training the leaders in the computer community for many years.  We provide training for students in a number of areas.  Our cybersecurity trainings include popular courses like D0D 8140, Security , CISM, CISSP, CEH,CCNA, and more.  With over 34 years of experience, we’re able to provide you with unmatched training and certification programs.

TechNow also provides a variety of other popular trainings for the computer professional including Cisco, EC-Council, CompTIA, Unix/Linux and more.

.

Search Our Site

Upcoming Events

  • IT-113: IT Infrastructure Library (ITIL) v4 – Foundations Course
    • 08/04/2025 – 08/08/2025
    • San Antonio
  • PM-325: Project Management Professional (PMP) Exam Preparation
    • 08/04/2025 – 08/08/2025
    • San Antonio
  • N-305: CCNA Bootcamp
    • 08/11/2025 – 08/15/2025
    • San Antonio
  • PM-224: PMI Agile Certified Practitioner (PMI-ACP)® Prep Course
    • 08/11/2025 – 08/13/2025
    • San Antonio
  • TN-555: Certified Ethical Hacker v13 (CEH)
    • 08/11/2025 – 08/15/2025
    • San Antonio
  • all events

    • in   

    TN-575: Open Source Network Security Monitoring

     

    Course Overview:

    TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

    Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

    This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

    Dates/Locations:

    No Events

    Duration: 5 Days

    Course Objective:

    The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

    Prerequisites:

    Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

    Course Outline:

    • Network Security Monitoring (NSM) Methodology
    • High Bandwidth Packet Capture Challenges
    • Installation of Security Onion
      • Use Cases (analysis, lab, stand-alone, distributed)
      • Resource Requirements
    • Configuration
      • Setup Phase I – Network Configuration
      • Setup Phase 2 – Service Configuration
      • Evaluation Mode vs. Configuration Mode
      • Verifying Services
    • Security Onion Architecture
      • Configuration Files and Folders
      • Network Interfaces
      • Docker Environment
      • Security Onion Containers
    • Overview of Security Onion Analyst Tools
      • Kibana
      • CapME
      • CyberChef
      • Squert
      • Sguil
      • NetworkMiner
    • Quick Review of Wireshark and Packet Analysis
      • Display and Capture Filters
      • Analyze and Statistics Menu Options
      • Analysis for Signatures
    • Analyzing Alerts
      • Replaying Traffic
      • 3 Primary Interfaces:
        • Squert
        • Sguil
        • Kibana
      • Pivoting Between Interfaces
      • Pivoting to Full Packet Capture
    • Snort and Surricata
      • Rule Syntax and Construction
      • Implementing Custom Rules
      • Implementing Whitelists and Blacklists
    • Hunting
      • Using Kibana to Slice and Dice Logs
      • Hunting Workflow with Kibana
    • Bro
      • Introduction and Overview
        • Architecture, Commands
      • Understanding and Examining Bro Logs
        • Using AWK, sort, uniq, and bro-cut
      • Working with traces/PCAPs
      • Bro Scripts Overview
        • Loading and Using Scripts
      • Bro Frameworks Overview
        • Bro File Analysis Framework FAF
      • Using Bro scripts to carve out more than files
    • RockNSM ( * If Applicable)
      •  Kafka
        • Installation and Configuration
        • Kafka Messaging
        • Brokers
        • Integration with Bro and FSF
      • File Scanning Framework FSF
        • Custom YARA Signatures
        • JSON Trees
        • Sub-Object Recursion
        • Bro and Suricata Integration
    • Elastic Stack
      • Adding new data sources in Logstash
      • Enriching data with Logstash
      • Automating with Elastalert
      • Building new Kibana dashboards
    • Production Deployment
      • Advanced Setup
      • Master vs Sensor
      • Node Types – Master, Forward, Heavy, Storage
      • Command Line Setup with sosetup.conf
      • Architectural Recommendations
      • Sensor Placement
      • Hardening
      • Administration
      • Maintenance
    • Tuning
      • Using PulledPork to Disable Rules
      • BPF’s to Filter Traffic
      • Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

    Comments

    Latest comments from students

     

    Liked the class?  Then let everyone know!