TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

Prerequisites:

Students should have an understanding of the security field.

Course Outline:

What threats does my organization care about?
What does a threat look like?
What does a threat look like?
How to present the SOC internally.
Communication with Stakeholders and Executives
People
- Establishing a skill matrix and work roles for SOC members
- Establishing a training path
- Personnel background requirementsProcesses
Processes
- Alignment to standards: NIST, PCI, HIPAA, etc.
- Risk related decision trees
- Playbooks
- Threat Intelligence Integration
Technology – Tool Suites to Support:
- Ethical Hacking
- Network Security Monitoring and SIEM
- Forensics
- Dashboards
- Analysis and Hunting
- Incident Management and Ticketing

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-565: Nessus Vulnerability & Compliance Auditing

Course Overview:

This course provides security professionals with the skills and knowledge to perform vulnerability and compliance scanning of supported operating systems, devices, and applications. Students will construct custom scan policies for topology discovery, network vulnerability detection, credentialed patch audits, and compliance benchmarks, and discuss the underlying technologies utilized by the Nessus scanner.

This course provides students with the necessary information to prepare for the Tenable Certified Nessus Auditor (TCNA) exam.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

Introduction to Nessus and Vulnerability Scanning
Nessus Installation and Administration
Basic Nessus Scan Operation
Nessus Scan Configuration and Policy Creation
Vulnerability Analysis and Reporting with Nessus
Advanced Scan Configuration and Policy Creation
Introduction to Compliance and Auditing
Nessus Auditing Features
Windows System Auditing
Unix System Auditing
Cisco IOS Auditing
Nessus Database Auditing
Nessus Content Auditing
Auditing to Industry Guidelines
Auditing to Federal Guidelines

Prerequisites:

Students should possess a basic understanding of TCP/IP networking, operating systems security, and common client/server applications.

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-5425: Networking with Windows Server 2016

Course Overview:

Course two of a three course series to obtain a Server 2016 MCSA certification. This 5-day course provides the fundamental networking skills required to deploy and support Windows Server 2016 in most organizations. It covers IP fundamentals, remote access technologies, and more advanced content including Software Defined Networking.

The course leads directly to preparing for the(MCSA):Windows Server 2016 exam “70-741: Installation, Storage, and Compute with Windows Server 2016”. It also maps to Microsoft’s course 20741A, and is part of the Server 2016 MCSA certification.

Attendees to TN-5425: Networking with Window Server 2016 will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

Plan and implement an IPv4 network
Implement Dynamic Host Configuration Protocol (DHCP)
Implement IPv6
Implement Domain Name System (DNS)
Implement and manage IP address management (IPAM)
Plan for remote access
Implement DirectAccess
Implement virtual private networks (VPNs)
Implement networking for branch offices
Configure advanced networking features
Implement Software Defined Networking

Prerequisites:

A basic understanding of networking fundamentals
Experience working with Windows Server 2008 or Windows Server 2012
Experience working in a Windows Server infrastructure enterprise environment
Knowledge of the Open Systems Interconnection (OSI) model
Understanding of core networking topologies and architectures such as local area networks (LANs), wide area networks (WANs) and wireless networking
Basic knowledge of the TCP/IP protocol stack, addressing and name resolution
Experience with and knowledge of Hyper-V and virtualization
Hands-on experience working with the Windows client operating systems such as Windows 8.1 or Windows 10

Liked the class? Then let everyone know!

RH-355: RHCSA Rapid Track Course

Course Overview:

The RHCSA Rapid Track Course is designed for experienced Linux® system administrators who want to expand their technical skill sets and become accredited with the Red Hat® Certified System Administration (RHCSA) certification. To successfully navigate this course, students should have experience with the Linux command line—including the necessary skills to execute common commands, such as cp, grep, sort, mkdir, tar, mkfs, ssh, and dnf—and be familiar with accessing man pages for help. At the completion of the course, students will be adequately prepared to take the RHCSA exam (EX200) .

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

Introduce Linux and the Red Hat Enterprise Linux ecosystem.
Run commands and view shell environments.
Manage, organize, and secure files.
Manage users, groups and user security policies.
Control and monitor systemd services.
Configure remote access using the web console and SSH.
Configure network interfaces and settings.
Manage software using DNF
Access security files, file systems, and networks
Execute shell scripting and automation techniques
Manage storage devices, logical volumes, and file systems
Manage security and system access
Control the boot process and system services
Running containers

Prerequisites:

Experience in the field system administration.

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-999: Reverse Engineering Malware Course

Course Overview:

This course is designed for professionals that are expected to do malware analysis. A skills focus enables the student to better absorb the subject matter and perform successfully on the job. This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics Reverse Engineering Malware.

Attendees to TN-999: Reverse Engineering Malware will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

Toolkit and Lab Assembly
Malware Code and Behavioral Analysis Fundamentals
Malicious Static and Dynamic Code Analysis
Collecting/Probing System and Network Activities
Analysis of Malicious Document Files
Analyzing Protected Executables
Analyzing Web-Based Malware
DLL Construction and API Hooking
Common Windows Malware Characteristics in x86 Assembly
Unpacking Protected Malware
In-Depth Analysis of Malicious Browser Scripts, Flash Programs and Office
In-Depth Analysis of Malicious Executables
Windows x86 Assembly Code Concepts for Revers-Engineering Memory Forensics for Rootkit Analysis

Prerequisites:

Strong understanding of core systems and network concepts
Exposure to programming and assembly concepts
Comfortable with command line access

Comments

Latest comments from students

User: marcus.osullivan

Instructor comments: Good stuff. I like the beginning half where there was help from an additional instructor to facilitate fixing computer errors that inevitably popped up.

Facilities comments: The baby deer were neat! I like the resort.