TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

Prerequisites:

Students should have an understanding of the security field.

Course Outline:

What threats does my organization care about?
What does a threat look like?
What does a threat look like?
How to present the SOC internally.
Communication with Stakeholders and Executives
People
- Establishing a skill matrix and work roles for SOC members
- Establishing a training path
- Personnel background requirementsProcesses
Processes
- Alignment to standards: NIST, PCI, HIPAA, etc.
- Risk related decision trees
- Playbooks
- Threat Intelligence Integration
Technology – Tool Suites to Support:
- Ethical Hacking
- Network Security Monitoring and SIEM
- Forensics
- Dashboards
- Analysis and Hunting
- Incident Management and Ticketing

Comments

Latest comments from students

Liked the class? Then let everyone know!

Trademark Recognition

(ISC)², CBK, and CISSP are registered marks of the International Information Systems Security Certification Consortium in the United States and other countries.

Access, Excel, Hyper-V, Outlook, Microsoft, SharePoint, Silverlight, SQL Server, Visual Basic, Win32, Windows, Windows PowerShell and Windows Server are registered trademarks of Microsoft Corporation.

Adobe, Acrobat, Flash and Photoshop are registered trademarks of Adobe Systems Incorporated in the United States and/or other countries

Amazon Web Services is a trademark of Amazon.com, Inc.

Android is a trademark of Google Inc.

APMG-International Change Management, The APMG-International Change Management and Swirl Device logo, APMG-International AgilePM and The APMG-International AgilePM and Swirl Device logo are trademarks of The APM Group Limited.

Certified Ethical Hacker (CEH) is a registered trademark of EC-Council.

Cisco is a registered trademark of Cisco Systems Inc.

CMMI® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.

IIBA®, the IIBA® logo, BABOK® and Business Analysis Body of Knowledge® are registered trademarks owned by International Institute of Business Analysis. These trademarks are used with express permission of International Institute of Business Analysis.

CAPM, Certified Associate in Project Management (CAPM), PMP, Project Management Professional (PMP), PMI-ACP, PMI Agile Certified Practitioner (PMI-ACP), PMBOK, and the R.E.P. Logo are marks of Project Management Institute, Inc.

CBAP® and CCBA® are registered certification marks owned by International Institute of Business Analysis. These trademarks are used with express permission of International Institute of Business Analysis.

Certified Business Analysis Professional, Certification of Competency in Business Analysis, Endorsed Education Provider, EEP and the EEP logo are trademarks owned by International Institute of Business Analysis. These trademarks are used with express permission of International Institute of Business Analysis.

COBIT is a trademark of ISACA, registered in the U.S. and other countries.

CompTIA A+ and CompTIA Network+ are registered trademarks of the Computing Technology Industry Association, Inc.

CompTIA CASP and CompTIA Cloud Essentials are trademarks of the Computing Technology Industry Association, Inc.

GIAC and associated certifications: GSEC, GPEN, GXPN, GCFW, GCUX, GCWN, GCIA, GREM are registered trademarks of the SANS Institute

Hadoop is a registered trademark of the Apache Software Foundation.

Hibernate is a registered trademark and servicemark of Red Hat, Inc.

iPad, iPhone, Mac and Mac OS are trademarks of Apple Inc., registered in the U.S. and other countries.

ITIL®, PRINCE2® and MSP® are registered trademarks of AXELOS Limited.

JavaScript, JavaServer, JavaServer Pages, Enterprise JavaBeans, MySQL and PL/SQL are trademarks of Oracle Corporation.

Linux is a registered trademark of Linus Torvalds.

Java and Oracle are registered trademarks of Oracle Corporation.

Palo Alto Networks, PAN-OS, App-ID, Content-ID, Url-ID, GlobalProtect, Wildfire, and Panorama are trademarks of Palo Alto Networks, Inc.

"Python" is a registered trademark of the Python Software Foundation, used by Learning Tree International with permission from the Foundation.

Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other countries.

SANS and associated certifications: GSEC, GPEN, GXPN, GCFW, GCUX, GCWN, GCIA, GREM are registered trademarks of the SANS Institute

SAP Crystal Reports is the registered trademark of SAP AG in Germany and in several other countries.

Scrum Alliance REP^SM is a service mark of Scrum Alliance, Inc. Any unauthorized use is strictly prohibited.

TechNow® is a registered trademark of TechNow Incorporated.

The Swirl logo™ is a trademark of AXELOS Limited.

Transact-SQL is a trademark of Sybase, Inc.

UNIX is a registered trademark of The Open Group.

VMware is a registered trademark of VMware, Inc. in the United States and/or other jurisdictions.

XML is a trademark of MIT, INRIA or Keio on behalf of the World Wide Web Consortium.

L-395: Accelerated Linux Administration and Utilities

Course Overview:

This course is extremely fast paced and for students that have already had UNIX or Linux training, or have not worked with Linux in several months or years. This is NOT a course for students new to Linux and assumes the student requires a refresher before progressing through high end security courses that require dexterity on Linux. RedHat and Ubuntu, VMware Virtual Machines, and BackTrack are used for the instruction of this course. The student will acquire the skills to easily navigate the advanced VMware training environment and will be able to create scripts to manipulate and manage Linux. The ulimate goals of the skills of this course is to provide the student the ability to automate through scripting BackTrack tools for offensive security, forensics, and defense.

Attendees to L-395: Accelerated Linux Administration and Utilities will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

Day 1 and 2: Unix Review and Unix Utilities

Linux File System Archictecure and In-Depth discussion of Hard and Soft Links
Linux File, Directory, and Permissions Management
Linux archives using tar and zip
Interacting with BASH
Review of Common Linux commands
Sorting files by line or field
Regular Expressions (meta character) with grep commands to locate specific lines in files
Grep, egrep extended metacharacters, combinations-lab advanced combinations- lab Sed
Basic commands- Lab, Advanced commands- Lab, Advanced scripting -Lab
Miscellaneous commands Tr, sort, cut, past, pr -Lab
Performing non-interactive editing tasks with the sed command
Writing simple sed scripts to perform complex editing tasks
Using awk variables & arrays to sort data
Employing awk programs to manipulate numeric & textual data
Performing formatted printing in awk
Writing simple awk programs to write reports from data files
Using built-in awk functions & defining new functions
Write awk programs that make decisions based on numeric or string comparisons (branches & loops)

Day 3 – Intro to Programming / Shell Scripting

Shell Review
Shell Interpretation of Quotes & Backslash
The Bash Shell
Shell's combined with UNIX utilities
Programming Basics
Data Constructs
Programming Looping
Your Environment
More on Parameters

Day 4 and 5 – Security Fundamentals, Linux Administration

System Configuration / Kernel overview
System Maintenance / Disk and file admin
Using utilities for process control, locating files & automating maintenance tasks
System Startup / Boot Process – LILO & GRUB Configuration
Managing the Linux file system
Customization of setup files
Run Levels
Network Services / Configuration
User Management Monitoring, accessing & restricting root system access
Administration Tools
Process Control
Client side components of NFS, Samba, NTP, NIS
Server side components such as DHCP, Samba, NIS, LDAP, inet, telnet, ftp, DNS, etc.

Prerequisites:

Prior UNIX/Linux experience or training

Comments

Latest comments from students

User: mikenaya

Instructor comments: As usual, Dave was excellent and the content was very relevant to our line of work.

Facilities comments: The hotel facilities met our basic needs but it was awkward having a bathroom so close. I can't wait for the new facility to open.

User: fquinene

Instructor comments: Instructor was super knowledgeable and helped me tie in a lot of information from other OS and processes.

Facilities comments: Facility was fine

Liked the class? Then let everyone know!

DO-375: Automation with Ansible and Ansible Tower

Course Overview:

Through hands-on labs, you will learn to automate system administration tasks on managed hosts with Ansible, learn how to write Ansible playbooks to standardize task execution, and manage encryption for Ansible with Ansible Vault. This course will also teach you how to deploy and use Red Hat® Ansible Tower to centrally manage existing Ansible projects, playbooks, and roles; perform basic maintenance and administration of the Ansible Tower installation; and configure users and teams and use them to control access to systems, projects, and other resources through role-based access controls. You will learn to use Ansible Tower’s visual dashboard to launch, control, and monitor Ansible jobs; use the Ansible Tower application programming interface (API) to launch jobs from existing templates; automatically schedule Ansible jobs; and dynamically update host inventories.

Course Objectives:

Install and troubleshoot Ansible on central nodes and managed hosts
Automate administration tasks with Ansible playbooks and ad hoc commands
Write effective Ansible playbooks
Protect sensitive data used by tasks with Ansible Vault.
Install and configure Ansible Tower for enterprise Ansible management
Use Ansible Tower to control access to inventories and machine credentials by users and teams
Create job templates in Ansible Tower to standardize playbook execution.
Centrally launch playbooks and monitor and review job results with Ansible Tower

Course Outline:

Introduce Ansible
Deploy Ansible
Implement playbooks
Manage variables and inclusions
Implement task control
Implement Jinja2 templates
Implement roles
Configure complex playbooks
Implement Ansible Vault
Troubleshoot Ansible
Install Ansible Tower and describe Ansible Tower’s architecture
Create users and teams for role-based access control
Create and manage inventories and credentials
Manage projects for provisioning with Ansible Tower
Construct advanced job workflows
Update inventories dynamically and compare inventory members
Maintenance and administration of Ansible Tower

Dates/Locations:

No Events

Duration: 5 Days

Prerequisites:

Become a Red Hat Certified System Administrator, or demonstrate equivalent experience

Target Audience:

This course is designed for Linux system administrators, cloud administrators, and network administrators needing to automate configuration management, application deployment, and intraservice orchestration at an enterprise scale.

TN-5415: Installation, Storage, and Compute with Windows Server 2016

Course Overview:

Course one of a three course series to obtain a Server 2016 MCSA certification. This five-day course is designed primarily for IT professionals who have some experience with Windows Server. It is designed for professionals who will be responsible for managing storage and compute by using Windows Server 2016, and who need to understand the scenarios, requirements, and storage and compute options that are available and applicable to Windows Server 2016.

The course leads directly to preparing for the(MCSA):Windows Server 2016 exam “70-740: Installation, Storage, and Compute with Windows Server 2016”. It also maps to Microsoft’s course 20740A, and is part of the Server 2016 MCSA certification.

Attendees to TN-5415: Installation, Storage, and Compute with Window Server 2016 will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

Prepare and install Nano Server, a Server Core installation, and plan a server upgrade and migration strategy
Describe the various storage options, including partition table formats, basic and dynamic disks, file systems, virtual hard disks, and drive hardware, and explain how to manage disks and volumes
Describe enterprise storage solutions, and select the appropriate solution for a given situation
Implement and manage Storage Spaces and Data Deduplication
Install and configure, and manage Windows and Hyper-V containers
Describe the high availability and disaster recovery technologies in Windows Server 2016
Plan, create, and manage a failover cluster
Implement failover clustering for Hyper-V virtual machines
Configure a Network Load Balancing (NLB) cluster, and plan for an NLB implementation
Create and manage deployment images
Manage, monitor, and maintain virtual machine installations

Prerequisites:

A basic understanding of networking fundamentals
An awareness and understanding of security best practices
An understanding of basic AD DS concepts
Basic knowledge of server hardware
Experience supporting and configuring Windows client operating systems such as Windows 10

Liked the class? Then let everyone know!