CL-315: CCSP – Certified Cloud Security Professional Preparation Seminar

Course Overview:

TechNow’s CCSP Certification Preparation Seminar is an accelerated course designed to meet the high demands of the information security industry by preparing students for the industry standard Certified Cloud Security Professional exam. The exam covers (ISC)²’s 6 Domains from the Common Body of Knowledge, which encompass the whole of cloud security.

This course is an intense 5 day program. TechNow has a proven training and certification track record that you can depend on. CCSP test is 125 questions that typically require more comprehension than CISSP questions. The instructor takes time to walk through scenarios that assume comprehensive knowledge of enterprise infrastructures.

Attendees to CL-315: CCSP Certification Preparation Seminar will receive TechNow approved course materials and expert instruction.

The 6 domains of the CCSP CBK:

Architectural Concepts & Design Requirements
Cloud Data Security
Cloud Platform & Infrastructure Security
Cloud Application Security
Operations
Legal & Compliance

Duration: 5 days

Audience: Mid-level to advanced professionals involved with IT architecture, web and cloud security engineering, information security, governance, risk and compliance, and even IT auditing. CCSPs will be responsible for cloud security architecture, design, operations, and/or service orchestration.

DoD 8140: Not Mandated

Course Prerequisites: IT professional with 5 years of experience, 3 years of security experience, and at least 1 year of cloud security experience. GSEC, CISSP, CASP or equivalent experience in managing enterprise infrastructures. CCSP test is 125 questions that typically require more comprehension than CISSP questions. This course is for those who are already qualified at the enterprise level for IT infrastructures, have Cloud experience, and are looking for a Cloud Security certification.

Course Objectives:

Domain 1: Architectural Concepts and Design Requirements

Module 1: Understand cloud computing concepts
Module 2: Describe cloud reference architecture
Module 3: Understand security concepts relevant to cloud computing
Module 4: Understand design principles of secure cloud computing
Module 5: Identify trusted cloud services

Domain 2: Cloud Data Security

Module 1: Understand Cloud Data Life Cycle
Module 2: Design and Implement Cloud Data Storage Architectures
Module 3: Understand and implement Data Discovery and Classification Technologies
Module 4: Design and Implement Relevant Jurisdictional Data Protection for Personally Identifiable Information (PII)
Module 5: Design and implement Data Rights Management
Module 6: Plan and Implement Data Retention, Deletion, and Archival policies
Module 7: Design and Implement Auditability, Traceability, and Accountability of Data Events

Domain 3: Cloud Platform Infrastructure Security

Module 1: Comprehend Cloud Infrastructure Comp
Module 2: Analyze Risks Associated to Cloud Infrastructure
Module 3: Design and Plan Security Controls
Module 4: Plans Disaster Recovery & Business Continuity Management

Domain 4: Cloud Application Security

Module 1: Recognize Need for Training and Awareness in Application Security
Module 2: Understand Cloud Software Assurance and Validation
Module 3: Use Verified Secure Software
Module 4: Comprehend the Software Development Life Cycle (SDLC) Process
Module 5: Apply the Secure Software Development Life Cycle
Module 6: Comprehend the Specifics of Cloud Application Architecture
Module 7: Design Appropriate Identity and Access Management (IAM) Solutions

Domain 5: Operations

Module 1: Support the Planning Process for the Data Center Design
Module 2: Implement and Build Physical Infrastructure for Cloud Environment
Module 3: Run Physical Infrastructure for Cloud Environment
Module 4: Manage Physical Infrastructure for Cloud Environment
Module 5: Build Logical Infrastructure for Cloud Environment
Module 6: Run Logical Infrastructure for Cloud Environment
Module 7: Manage Logical Infrastructure for Cloud Environment
Module 8: Ensure Compliance with Regulations and Controls
Module 9: Conduct Risk Assessment to Logical and Physical Infrastructure
Module 10: Understand the Collection and Preservation of Digital Evidence
Module 11: Manage Communications with Relevant Parties

Domain 6: Legal and Compliance

Module 1: Understand Legal Requirements and Unique Risks Within the Cloud Environment
Module 2: Understand Privacy Issues, Including Jurisdictional Variances
Module 3: Understand Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
Module 4: Understand Implication of Cloud to Enterprise Risk Management
Module 5: Understand Outsourcing and Cloud Contract Design
Module 6: Execute Vendor Management

Dates/Locations:

No Events

RH-295: Linux System Administration II

Course Overview:

Linux System Administration II course is for experienced administrators ready for advanced administration topics. This course provides students with hands-on experience working with more complex and integrated administration concepts, and builds upon the Part 1 course. Students will be instructed in essential local Red Hat system administration skills including: Logical Volumes, Raid Management, and System Logging, SELinux and Virtual Machines. The Linux System Administration II course will get you started in understanding network administration topics, including monitoring, routing, Firewall with iptables, and servers such as NFS, SAMBA, DNS, SMTP, HTTP, DHCP, and Kickstart.

Attendees to RH-295: Linux System Administration II will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 days

Course Objectives:

Managing Logical Volumes and RAID
Network Routing, Filtering and Monitoring
Configuring File Sharing Across Platforms
Configuring Internet Services
Configuring Security
Configuring System Messaging
Using Name Services
Configuring Name Service Clients
Configuring Kickstart
Virtualization with KVM
Troubleshooting Boot Process

Prerequisites:

RH-245: Linux System Administration I or equivalent knowledge plus six months experience as a system administrator or one year or more administrating the Red Hat operating system.

Comments

Latest comments from students

Liked the class? Then let everyone know!

N-325: Implementing Cisco IOS Network Security (IINS)

Course Overview:

Implementing Cisco IOS Network Security (IINS) is an instructor-led course. This five-day course focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. TechNow students each get a Cisco Switch, Router, and an ASA. The in the classrom hardware hands-on component of this course is a priority. Using instructor-led discussions, extensive hands-on lab exercises, and supplemental materials, this course allows learners to understand common security concepts, and deploy basic security techniques utilizing a variety of popular security appliances within a “real-life” network infrastructure. TechNow is an Authorized VUE testing partner and this course concludes with the student taking the 210-260 IINS Cisco Certification Exam.

Duration: 5 days

Audience: Cisco Network Administrators. This course is an excellent precursor to Palo Alto Network Firewall Training

DoD 8140: Not Mandated

Course Prerequisites: CCNA

Course Objectives:

Describe common network security concepts
Secure routing and switching infrastructure
Deploy basic authentication, authorization and accounting services
Deploy basic firewalling services
Deploy basic site-to-site and remote access VPN services
Describe the use of more advanced security services such as intrusion protection, content security and identity management

Attendees to N-325: Implementing Cisco IOS Network Security will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-575: Open Source Network Security Monitoring

Course Overview:

TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

Dates/Locations:

No Events

Duration: 5 Days

Course Objective:

The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

Prerequisites:

Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

Course Outline:

Network Security Monitoring (NSM) Methodology
High Bandwidth Packet Capture Challenges
Installation of Security Onion
- Use Cases (analysis, lab, stand-alone, distributed)
- Resource Requirements
Configuration
- Setup Phase I – Network Configuration
- Setup Phase 2 – Service Configuration
- Evaluation Mode vs. Configuration Mode
- Verifying Services
Security Onion Architecture
- Configuration Files and Folders
- Network Interfaces
- Docker Environment
- Security Onion Containers
Overview of Security Onion Analyst Tools
- Kibana
- CapME
- CyberChef
- Squert
- Sguil
- NetworkMiner
Quick Review of Wireshark and Packet Analysis
- Display and Capture Filters
- Analyze and Statistics Menu Options
- Analysis for Signatures
Analyzing Alerts
- Replaying Traffic
- 3 Primary Interfaces:
  - Squert
  - Sguil
  - Kibana
- Pivoting Between Interfaces
- Pivoting to Full Packet Capture
Snort and Surricata
- Rule Syntax and Construction
- Implementing Custom Rules
- Implementing Whitelists and Blacklists
Hunting
- Using Kibana to Slice and Dice Logs
- Hunting Workflow with Kibana
Bro
- Introduction and Overview
  - Architecture, Commands
- Understanding and Examining Bro Logs
  - Using AWK, sort, uniq, and bro-cut
- Working with traces/PCAPs
- Bro Scripts Overview
  - Loading and Using Scripts
- Bro Frameworks Overview
  - Bro File Analysis Framework FAF
- Using Bro scripts to carve out more than files
RockNSM ( * If Applicable)
- Kafka
  - Installation and Configuration
  - Kafka Messaging
  - Brokers
  - Integration with Bro and FSF
- File Scanning Framework FSF
  - Custom YARA Signatures
  - JSON Trees
  - Sub-Object Recursion
  - Bro and Suricata Integration
Elastic Stack
- Adding new data sources in Logstash
- Enriching data with Logstash
- Automating with Elastalert
- Building new Kibana dashboards
Production Deployment
- Advanced Setup
- Master vs Sensor
- Node Types – Master, Forward, Heavy, Storage
- Command Line Setup with sosetup.conf
- Architectural Recommendations
- Sensor Placement
- Hardening
- Administration
- Maintenance
Tuning
- Using PulledPork to Disable Rules
- BPF’s to Filter Traffic
- Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-911: Cyber Threat Intelligence (CTI) Analysis and 800-172 Updates Seminar

Course Overview:

TN-575: Open Source Network Security Monitoring and TN-865: Wireshark Network Traffic and Security Analysis .

TechNow’s TN-911: Cyber Threat Intelligence (CTI) Analysis Seminar, is a one day seminar that covers the objectives of TechNow’s TN-905: Cyber Threat Intelligence Analysis five day course in a one day seminar format. Upon request, this seminar can be presented in multi-day format based upon the depth of knowledge required. The NIST PUB 800-172 security enhancement update to 800-171 regarding 03.11.1 Risk Assessment, introduces the security enhancements of a Threat Awareness Program, Threat Hunting, and Predictive Cyber Analytics. TN-911 distills the TN-905 CTI five day course and aligns it to assessing compliance with 800-172. For the seminar, selected course labs are converted to demos, and the important points and outcomes of topics are presented. The TN-911 CTI Seminar discusses the applicability of the 800-172 security enhancements to the organization being assessed, and how to think about the the appropriate strength of the controls related to the organizations criticality of the information and the risk involved for contracted work with the DoD.

TechNow’s TN-911: Cyber Threat Intelligence Analysis Seminar addresses significant changes that have been made to SP 800-172 in transitioning to Revision 3, regarding new enhanced security requirements based on (1) the latest threat intelligence and (2) empirical data from cyber-attacks. With the intent of addressing CUI that may be associated with a critical program or a high value asset.

Those programs and assets are potential targets for advanced persistent threat (APT). Cyber Threat Intelligence supports the required functions of NIST 800-172 of Penetration Resistant Architecture (PRA), Damage Limiting Operations (DLO) and Cyber Resiliency (CRS).

TechNow’s TN-911 addresses 800-172, 3.11 Risk Assessment, 03.11.01E Threat Awareness Program and 03.11.02E Threat Hunting, 03.11.03E Predictive Cyber Analytics.

TN-911 CTI Seminar directly discusses 3.11 topics:

03.11.01E Threat Awareness Program:

Share threat information, including threat events of 03.11.01E is specifically covered as:

Create Indicators of Compromise (IOCs) using STIX
Understand a solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis.
How to assess an environment to validate:
- Support for day-to-day operations to share structured threat information efficiently.
- Confirming the presence of curated, frequently updated feeds, and the automation of enrichment workflow
- Contextualization of intelligence with internal data to prioritize alerts and improve detection
- Updated threat hunting based upon inbound Threat Intelligence

03.11.02E Threat Hunting:

Introduction to Threat Hunting practices to effectively search for indicators of compromise and to detect, track, and disrupt threats that evade existing controls.

How to assess an environment to validate:
A formalized process is being followed for Threat Hunting
- Phases of trigger (incident or CTI), SIEM utilization, and response
Integration of machine learning to provide proactive, automated, and scalable Threat Hunting
Leveraging threat intelligence for proactive threat hunting by querying historical logs for indicators of compromise (IOCs) from feeds to identify:
Dormant threats
Advance Persistent Threats (APT)

03.11.03E Predictive Cyber Analytics

Introduction leveraging data, machine learning, and real-time analysis with automation to anticipate threats before they occur.

How to assess an environment to validate:
- Data aggregation from network logs, user activities, system logs, and external threat intelligence feeds into a centralized platform like a SIEM
Use of machine learning algorithms to identify patterns, uncover correlations, and spot anomalies in real-time
Integration with incident response workflows
Staff skill competency level and integration into Predictive Cyber Analytics to mitigate advanced adversarial techniques against machine learning such as:
- Attacks of Evasion, Poisoning, and Model Tampering
- Utilization of exercises or Red Teaming to validate practices and effectiveness of Predictive Cyber Analytics.

Attendees to TN-905: Cyber Threat Intelligence Analysis will receive TechNow approved course materials and expert instruction.

Seminar Duration: 1 day (more upon request)

Seminar Objectives:

Learn to comprehend and develop complex scenarios
Identify and create intelligence requirements through practices such as threat modeling
Utilize threat modeling to drive intelligence handling and practices
Breakdown tactical, operational, and strategic-level threat intelligence
Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
How to collect adversary information creating better value CTI
How to filter and qualify external sources, mitigating low integrity intelligence
Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
Breaking down threats mapped against their tradecraft to tweak IOCs
Establish structured analytical techniques to be successful in any security role
Learn and apply structured principles in support of CTI and how to communicate that to any security role.

Seminar Prerequisites:

Security+, or equivalent experience