the most trusted source for computer security training, certification and research
select a course
Global Information Assurance Certification

Excellent conference I have a ton of stuff to bring back to my company and clients.
-John S. Macy, Network Design Associates

SECURITY 501

Advanced Security Essentials - Enterprise Defender

6 CPE Credits per day

Cyber Security Survival Course - Security Enterprise Defender

Cyber security continues to be a critical area for organizations and will continue to increase in importance as attacks become stealthier, have a greater financial impact to an organization, and cause reputational damage. While Security Essentials lays a solid foundation for the security practitioner, there is only so much that can be packed into a six-day course. Security 501 is a follow up to SEC401: SANS Security Essentials (with no overlap) and continues to focus on more technical areas that are needed to protect an organization. The core focus of the course is on:

  • Prevention - configuring a system or network correctly
  • Detection - identifying that a breach has occurred at the system or network level
  • Reaction - responding to an incident and moving to evidence collection/forensics

A key theme is that prevention is ideal, but detection is a must. We need to be able to ensure that we constantly improve our security to prevent as many attacks as possible. This prevention/protection occurs on two fronts - externally and internally. Attacks will continue to pose a threat to an organization as data becomes more portable and networks continue to be porous. Therefore a key focus needs to be on data protection, securing our critical information no matter whether it resides on a server, in a robust network architecture, or on a portable device.

Despite an organization's best effort at preventing attacks and protecting their critical data, some attacks will still be successful. Therefore we need to be able to detect attacks in a timely fashion. This is accomplished by understanding the traffic that is flowing on your networks and looking for indication of an attack. It also includes performing penetration testing and vulnerability analysis against an organization to identify problems and issues before a compromise occurs.

Finally, once an attack is detected we must react to it in a timely fashion and perform forensics. By understanding how the attacker broke in, this can be fed back into more effective and robust preventive and detective measures, completing the security lifecycle.

Author Statement

It is always a thrill after I finish teaching SEC401 to see students leave with a fire in their eyes and an excitement about them. They walked into class feeling overwhelmed that security is a lost cause, but now they leave class understanding what they need to do and have a focus and drive to do the right thing to secure their organizations. However the next question we receive on a constant basis is, what course should I take next? How do I continue my journey? Well, it depends on what your focus area is. Do you want to get more into perimeter protection, IDS, operating system security, etc? The challenge is that many students have positions that do not allow them to focus on one area — they need to understand all of the key areas across security. What students are telling us is that they want a Security Essentials part 2 or a 500-level continuation of Security Essentials covering the next level of technical knowledge. In Security 501, SANS has decided to give students just what they have been asking for, and I am beyond thrilled with the results. We have identified core foundation areas that compliment SEC401 with no overlap and continue to build a solid security foundation for network practitioners.

This is illustrated by one student who after a recent class ran up to me, gave me a big hug (he was a retired football player, so I did not argue), and said, "SANS is awesome. I have been frustrated in my job for over a year and had lost hope that you really could secure an organization and that anything I did made a difference. Just as my light of hope was burning out, I decided to take the Security Essentials course, figuring it was a lost cause. After this class the fire is burning brighter than it ever was. I feel like a kid again and cannot wait to go back to my company and make a difference. However, I think my boss is scared because I called him eight times throughout the week, telling him all of the great information and practical knowledge I learned."

After teaching thousands of students, I am confident you will have similar results and be just as excited. However, just for reference, hugs are optional.

- Eric Cole

SECURITY 501 :: Advanced Security Essentials - Enterprise Defender
SANS 2009 Orlando, FL March 02, 2009 - March 09, 2009
SANS Cyber Defense Initiative 2008 Washington, DC December 10, 2008 - December 16, 2008
SANS Security West 2009 Las Vegas, NV January 24, 2009 - February 01, 2009
SANS Toronto 2009 Toronto, ON May 05, 2009 - May 13, 2009