TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

 

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

    • To provide management an overview of what it takes to stand up a SOC.

Prerequisites:

  • Students should have an understanding of the security field.

Course Outline:

  • What threats does my organization care about?
  • What does a threat look like?
  • What does a threat look like?
  • How to present the SOC internally.
  • Communication with Stakeholders and Executives
    • Leveraging and integrating existing security measures
  • People
    • Establishing a skill matrix and work roles for SOC members
    • Establishing a training path
    • Personnel background requirementsProcesses
  • Processes
    • Alignment to standards: NIST, PCI, HIPAA, etc.
    • Risk related decision trees
    • Playbooks
    • Threat Intelligence Integration
  • Technology – Tool Suites to Support:
    • Ethical Hacking
    • Network Security Monitoring and SIEM
    • Forensics
    • Dashboards
    • Analysis and Hunting
    • Incident Management and Ticketing

 

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

RH-295: Linux System Administration II

Course Overview:

Linux System Administration II course is for experienced administrators ready for advanced administration topics. This course provides students with hands-on experience working with more complex and integrated administration concepts, and builds upon the Part 1 course. Students will be instructed in essential  local Red Hat system administration skills including: Logical Volumes, Raid Management, and System Logging, SELinux and Virtual Machines.  The Linux System Administration II course will get you started in understanding network administration topics, including monitoring, routing, Firewall with iptables, and servers such as NFS, SAMBA, DNS, SMTP, HTTP, DHCP, and Kickstart.

Attendees to RH-295: Linux System Administration II will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Managing Logical Volumes and RAID
  • Network Routing, Filtering and Monitoring
  • Configuring File Sharing Across Platforms
  • Configuring Internet Services
  • Configuring Security
  • Configuring System Messaging
  • Using Name Services
  • Configuring Name Service Clients
  • Configuring Kickstart
  • Virtualization with KVM
  • Troubleshooting Boot Process

Prerequisites:

Comments

Latest comments from students

Liked the class?  Then let everyone know!

TN-989: Advanced Penetration Testing, Exploits, and Ethical Hacking Course

Course Overview:

This course engages students by providing in-depth knowledge of the most prominent and powerful attack vectors and an environment to perform these attacks in numerous hands-on scenarios. This course goes far beyond simple scanning for low-hanging fruit, and shows penetration testers how to model the abilities of an advanced attacker to find significant flaws in a target environment and demonstrate the business risk associated with these flaws.

A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of the attacks and the effectiveness.

Attendees to TN-989: Advanced Penetration Testing, Exploits, and Ethical Hacking course will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

  • Accessing the Network
  • Advanced Fuzzing Techniques
  • Advanced Stack Smashing
  • Attacking the Windows Domain – Enumeration
  • Attacking the Windows Domain – Restricted Desktops
  • Attacking the Windows Domain – The Attacks
  • Building a Metasploit Module
  • Crypto for Penetration Testers
  • Exploiting the Network
  • Fuzzing Introduction and Operation
  • Introduction to Memory and Dynamic Linux Memory
  • Introduction to Windows Exploitation
  • Manipulating the Network
  • Python and Scapy For Penetration Testers
  • Shellcode
  • Smashing the Stack
  • Windows Heap Overflow Introduction
  • Windows Overflows

Course Prerequisites:

  • GSEC or equivalent experience
  • UNIX, Windows, Networking, and Security Experience
  • This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students

User: ryanv

Instructor comments: Great.

Facilities comments: N/A. Hotel.

User: sean.hollinger

Instructor comments: Instructor is technically knowledgeable as he has been on every course I've taken with TechNow.

Facilities comments: adequate

Liked the class?  Then let everyone know!

TN-865: Wireshark Network Traffic and Security Analysis

Course Overview:

This course delivers the technical knowledge, insight, and hands-on training to receive in-depth knowledge on Wireshark® and TCP/IP communications analysis. You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will learn about the underlying theory of TCP/IP and the most used application protocols, so that you can intelligently examine network traffic for performance issues or possible Indicators of Compromise (IoC).

Duration: 5 Days

Audience:

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, and security analysts.

Course Prerequisites:

We recommend that attendees of this course have the following prerequisite:
• Network+

Dates/Locations: No Events

Course Outline:

DAY ONE

Course Set Up and Analyzer Testing

Network Analysis Overview
Wireshark Functionality Overview
Capturing Wired and Wireless Traffic
Define Global and Personal Preferences for Faster Analysis
Defined Time Values and Interpret Summaries
Interpret Basic Trace File Statistics to Identify Trends
Create and Apply Display Filters for Efficient Analysis

DAY TWO

Follow Streams and Reassemble Data
Use Wireshark’s Expert System to Identify Anomalies
TCP/IP Analysis Overview
Analyze Common TCP/IP Traffic Patterns

DAY THREE

Graph I/O Rates and TCP Trends
802.11 (WLAN) Analysis Fundamentals
Voice over IP (VoIP) Analysis Fundamentals
Network Forensics Fundamentals

DAY FOUR

Detect Scanning and Discovery Processes
Analyze Suspect Traffic

DAY FIVE

Use Command‐Line Tools

Next/Related Courses:

 

 

P-245: Programming with PERL

 

Course Overview:

This course teaches students how to use the powerful PERL programming language, focusing on hands-on labs to promote retention & challenge students to apply their skills to new situations. PERL is a flexible, easy to use language suitable for many tasks such as system administration, web applications & database integration. System administrators, web programmers & database administrators will benefit from mastering this powerful programming language. This course reviews & builds on the information presented in PL-115: Fundamentals of Computer Programming.

Attendees to P-245: Programming with PERL will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Course Duration: 5 days

Course Objectives:

  • Introduction
  • Scalar Data
  • Lists & Arrays
  • Subroutines
  • Input & Output
  • Hashes
  • In the World of Regular Expressions
  • Matching with Regular Expressions
  • Processing Text with Regular Expressions
  • More Control Structures
  • File Tests
  • Directory Operations
  • Strings & Sorting
  • Process Management
  • PERL Modules
  • Some Advanced PERL Techniques

Prerequisites:

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!