TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

 

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

    • To provide management an overview of what it takes to stand up a SOC.

Prerequisites:

  • Students should have an understanding of the security field.

Course Outline:

  • What threats does my organization care about?
  • What does a threat look like?
  • What does a threat look like?
  • How to present the SOC internally.
  • Communication with Stakeholders and Executives
    • Leveraging and integrating existing security measures
  • People
    • Establishing a skill matrix and work roles for SOC members
    • Establishing a training path
    • Personnel background requirementsProcesses
  • Processes
    • Alignment to standards: NIST, PCI, HIPAA, etc.
    • Risk related decision trees
    • Playbooks
    • Threat Intelligence Integration
  • Technology – Tool Suites to Support:
    • Ethical Hacking
    • Network Security Monitoring and SIEM
    • Forensics
    • Dashboards
    • Analysis and Hunting
    • Incident Management and Ticketing

 

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

TN-715: Systems Security Certified Practitioner (SSCP)

Course Overview:

Looking to move up in the information security field? If you have at least one year of security experience, you qualify for the Systems Security Certified Practitioner (SSCP) certification, which offers junior security professionals a way to validate their experience and demonstrate competence with (ISC²)®’s seven domains.

Attendees to TN-715: Systems Security Certified Practitioner (SSCP) will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Access Controls
  • Security Operations and Administration
  • Analysis and Monitoring
  • Cryptography
  • Networks and Telecommunications
  • Malicious Code/Malware
  • Risk, Response, and Recovery

Prerequisites:

  • One year security experience
  • Some knowledge of the (ISC²)®’s seven domains

Comments

Latest comments from students

User: boyleb15

Instructor comments: Instructor was very knowledgeable on most items covered during this course. There were some topics he did lack the answer to. Instructor would also get sidetracked easily

User: keginth

Instructor comments: he was phenomenal with test prep and knew the book well

Facilities comments: adequate

Like the class?  Then let everyone know!

N-415: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)

Course Overview:

The Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) course gives you the knowledge and skills needed to configure, troubleshoot, and manage enterprise wired and wireless networks. You’ll also learn to implement security principles, implement automation and programmability within an enterprise network, and how to overlay network design by using SD-Access and SD-WAN solutions.

Attendees to N-415: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) will receive TechNow approved course materials, expert instruction, and prepare you to take the 350-401 Implementing Cisco® Enterprise Network Core Technologies (ENCOR) exam.

Document Flow Chart iconsm

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Illustrate the hierarchical network design model and architecture using the access, distribution, and core layers
  • Compare and contrast the various hardware and software switching mechanisms and operation, while defining the Ternary Content Addressable Memory (TCAM) and Content Addressable Memory (CAM), along with process switching, fast switching, and Cisco Express Forwarding concepts
  • Troubleshoot Layer 2 connectivity using VLANs and trunking
  • Implementation of redundant switched networks using Spanning Tree Protocol
  • Troubleshooting link aggregation using Etherchannel
  • Describe the features, metrics, and path selection concepts of Enhanced Interior Gateway Routing Protocol (EIGRP)
  • Implementation and optimization of Open Shortest Path First (OSPF)v2 and OSPFv3, including adjacencies, packet types, and areas, summarization, and route filtering for IPv4 and IPv6
  • Implementing External Border Gateway Protocol (EBGP) interdomain routing, path selection, and single and dual-homed networking
  • Implementing network redundancy using protocols including Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)
  • Implementing internet connectivity within Enterprise using static and dynamic Network Address Translation (NAT)
  • Describe the virtualization technology of servers, switches, and the various network devices and components
  • Implementing overlay technologies such as Virtual Routing and Forwarding (VRF), Generic Routing Encapsulation (GRE), VPN, and Location Identifier Separation Protocol (LISP)
  • Describe the components and concepts of wireless networking including Radio Frequency (RF) and antenna characteristics, and define the specific wireless standards
  • Describe the various wireless deployment models available, include autonomous Access Point (AP) deployments and cloud-based designs within the centralized Cisco Wireless LAN Controller (WLC) architecture
  • Describe wireless roaming and location services
  • Describe how APs communicate with WLCs to obtain software, configurations, and centralized management
  • Configure and verify Extensible Authentication Protocol (EAP), WebAuth, and Pre-Shared Key (PSK) wireless client authentication on a WLC
  • Troubleshoot wireless client connectivity issues using various available tools
  • Troubleshooting Enterprise networks using services such as Network Time Protocol (NTP), Simple Network Management Protocol (SNMP), Cisco Internetwork Operating System (Cisco IOS®) IP Service Level Agreements (SLAs), NetFlow, and Cisco IOS Embedded Event Manager
  • Explain the use of available network analysis and troubleshooting tools, which include show and debug commands, as well as best practices in troubleshooting
  • Configure secure administrative access for Cisco IOS devices using the Command-Line Interface (CLI) access, Role-Based Access Control (RBAC), Access Control List (ACL), and Secure Shell (SSH), and explore device hardening concepts to secure devices from less secure applications, such as Telnet and HTTP
  • Implement scalable administration using Authentication, Authorization, and Accounting (AAA) and the local database, while exploring the features and benefits
  • Describe the enterprise network security architecture, including the purpose and function of VPNs, content security, logging, endpoint security, personal firewalls, and other security features
  • Explain the purpose, function, features, and workflow of Cisco DNA Center™ Assurance for Intent-Based Networking, for network visibility, proactive monitoring, and application experience
  • Describe the components and features of the Cisco SD-Access solution, including the nodes, fabric control plane, and data plane, while illustrating the purpose and function of the Virtual Extensible LAN (VXLAN) gateways
  • Define the components and features of Cisco SD-WAN solutions, including the orchestration plane, management plane, control plane, and data plane
  • Describe the concepts, purpose, and features of multicast protocols, including Internet Group Management Protocol (IGMP) v2/v3, Protocol-Independent Multicast (PIM) dense mode/sparse mode, and rendezvous points
  • Describe the concepts and features of Quality of Service (QoS), and describe the need within the enterprise network
  • Explain basic Python components and conditionals with script writing and analysis
  • Describe network programmability protocols such as Network Configuration Protocol (NETCONF) and RESTCONF
  • Describe APIs in Cisco DNA Center and vManage

Prerequisites:

  • CCNA certification
  • Implementation of Enterprise LAN networks
  • Basic understanding of Enterprise routing and wireless connectivity
  • Basic understanding of Python scripting

 

Comments

Latest comments from students

User: don.seguin

Instructor comments: Tim was a great.

Facilities comments: The classroom was great.

User: jrtrussell

Instructor comments: Awesome

Facilities comments: Great

Liked the class?  Then let everyone know!

L-295: Linux System Administration II

Course Overview:

In this course students will learn to configure the Linux kernel, install & configure modules, to install and configure non-default devices and automate installation with Kickstart. Students also utilize skills developed in L-245 to expand on file system configuration with spanning devices and RAID. This is the foremost server side Linux course in the industry covering all server side components such as DHCP, Samba, NIS, LDAP, inet, telnet ftp, dns, etc.  Expanding on security introduced in L-245: Linux System Administration I, TCP wrappers, firewalling with IP filters, SQUID, & ssh are covered.

Attendees to L-295: Linux System Administration II will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Custom installation of a Linux server
  • Linux device naming conventions & the boot process
  • Adding peripheral devices
  • Reconfiguring the kernel
  • Disk partitioning & formatting
  • Changing system run levels
  • Adding startup files for additional services
  • Adding & removing software packages
  • Disk & file system Administration
  • Terminals & modem configuration
  • Configuring NFS to support the client/server environment
  • Use the automounter
  • Server side components such as DHCP, Samba, NIS, LDAP, inet, telnet, ftp, DNS, etc.
  • Troubleshooting techniques
  • Advanced Linux installation

Prerequisites:

Comments

Latest comments from students

Liked the class?  Then let everyone know!

CL-218: Introduction to Cloud Infrastructure and Operations Bootcamp

 

Course Overview:

This bootcamp is a customized course for Cloud Essentials+ and Cloud+ that leverages 8 days to provide greater value than just the delivery of two separate courses. The 8 days of instruction prepare the student for the CCSP course.

TechNow has Identified overlap and uses time saved to:

  • Introduce hands-on skills (Open Source and AWS)
  • Go more in-depth on theory using hands-on to reinforce concepts
  • Do exam prep with practice questions

This course covers the knowledge and skills required to understand standard Cloud terminologies/methodologies, to implement, maintain, and deliver cloud technologies and infrastructures (e.g. server, network, storage, and virtualization technologies), and to understand aspects of IT security and use of industry best practices related to cloud implementations and the application of virtualization.

This bootcamp helps prepare students for 2 certifications, CompTIA Clouds Essentials+ and CompTIA Cloud+.  After this course students will also be prepared to continue their education by taking CL-315: CCSP – Certified Cloud Security Professional Preparation Seminar .

TechNow has worked worldwide enterprise infrastructures for over 20 years and has developed demos and labs to exemplify the techniques required to demonstrate cloud technologies and to effectively manage security in the cloud environment.

TechNow is a CompTIA partner and uses official CompTIA Cloud Essentials+ and CompTIA Cloud+ curriculum.

Attendees to CL-218: Introduction to Cloud Infrastructure and Operations Bootcamp will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 8 days

Course Objectives:

  • Learn the fundamental concepts of cloud computing
  • Learn the business aspects and impacts of cloud computing
  • Differentiate the types of cloud solutions and the adoptions measures for each
  • Identify the technical challenges and the mitigation measures involved in cloud computing
  • Identify the technical challenges and the mitigation measures involved in cloud computing
  • Identify the steps to successfully adopt cloud services
  • Identify the basic concepts of ITIL and describe how the ITIL framework is useful in the implementation of cloud computing in an organization
  • Identify the possible risks involved in cloud computing and the risk mitigation measures, and you will also identify the potential cost considerations for the implementation of cloud and its strategic benefits
  • Prepare to deploy cloud solutions
  • Deploy a pilot project
  • Test a pilot project deployment
  • Design a secure network for cloud deployment
  • Determine CPU and memory sizing for cloud deployments
  • Plan Identity and Access Management for cloud deployments
  • Analyze workload characteristics to ensure successful migration to the cloud
  • Secure systems to meet access requirements
  • Maintain cloud systems
  • Implement backup, restore, and business continuity measures
  • Analyze cloud systems for required performance
  • Analyze cloud systems for anomalies and growth forecasting
  • Troubleshoot deployment, capacity, automation, and orchestration issues
  • Troubleshoot connectivity issues
  • Troubleshoot security issues

Course Prerequisites:

  • Security+, Network+ or equivalent experience
  • Managing or administering at least one of UNIX, Windows, Databases, networking, or security

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!