SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
Reinforce critical cybersecurity skills to secure industrial control systems and operational technology against emerging threats while maintaining operational resilience in industrial environments.
The real-world, practical examples, paired with an instructor who clearly knew the subject matter inside and out, made this course invaluable.
Operational Technology (OT) environments face a growing wave of sophisticated cyber threats, yet many organizations rely on IT-centric security measures ill-suited to the distinct challenges of Industrial Control Systems (ICS) and SCADA systems. The absence of specialized knowledge and practical expertise in ICS/OT cybersecurity leaves critical infrastructure exposed, increasing the risk of operational disruptions, financial losses, and safety incidents.
This course builds on foundational ICS cybersecurity principles to provide industrial cybersecurity professionals with the advanced skills necessary to secure OT environments effectively. By focusing on the unique demands of industrial systems, the SCADA security training course equips both IT and OT cybersecurity professionals to address emerging threats, ensuring the safety, security, and resilience of critical infrastructure with minimal operational impact. This course is also a key preparation path for individuals pursuing the GICSP certification (Global Industrial Cyber Security Professional), a leading ICS cyber security certification that validates real-world, cross-disciplinary expertise in securing industrial systems.
Justin Searle has redefined industrial cybersecurity by leading the development of NIST IR 7628, a cornerstone in smart grid security, and creating open-source tools like ControlThings that have become essential for ICS/IIoT assessments.
Read more about Justin SearleExplore the course syllabus below to view the full range of topics covered in ICS410: ICS/SCADA Security Essentials.
Develop a common understanding of ICS cybersecurity with emphasis on cyber-to-physical operations. Students receive programmable logic controller (PLC) devices to keep, allowing practical exploration of the cyber-physical interface. This section covers essential terminology, architectures, methodologies, and devices used across different industrial sectors.
Learn defensive approaches by understanding adversarial tactics against ICS environments. Examine attack vectors specific to industrial systems, particularly at Purdue Levels 0 and 1. Investigate technologies and communications that distinguish control systems from IT networks, with hands-on experience capturing fieldbus traffic from PLCs.
Analyze network communication protocols and examine network captures of control protocols traversing Ethernet and TCP/IP networks. Learn segmentation methods and traffic flow control for industrial networks. Explore cryptographic concepts for protecting communications and sensitive data, plus wireless technologies used in control systems.
Explore essential server and workstation operating systems for ICS environments. Perform network forensics to track attackers from phishing to HMI breach. Examine technologies at Purdue Levels 2 and 3, including HMI and historian systems. Learn to create baselines and secure Windows-based workstations and servers in industrial environments.
Explore system hardening for Linux-based industrial systems, examining log management and audit approaches. Learn about common applications used across multiple industrial sectors. Study governance models and industry-specific regulations for critical infrastructure protection, focusing on risk assessment, disaster recovery, and contingency planning.
Apply knowledge gained throughout the course in a capture-the-flag exercise based on incident response. Identify indicators of compromise, determine appropriate containment actions, and adapt to changing adversary tactics as they progress through an ICS/OT network. Leave with industry-specific resources and be well prepared to pursue the GICSP.
Ensures systems and software security from development to maintenance by analyzing and improving security across all lifecycle phases.
Explore learning pathDelivers technical support to users, helping them resolve issues with client hardware/software according to organizational service processes.
Explore learning pathAssesses systems and networks to ensure compliance with policies and identify vulnerabilities in support of secure and resilient operations.
Explore learning pathDesigns and evaluates information system security throughout the software lifecycle to ensure confidentiality, integrity, and availability.
Explore learning pathOversees program, system, or enclave cybersecurity, ensuring protection from cyber threats and compliance with organizational standards.
Explore learning pathManages organization’s COMSEC resources to ensure secure handling of communications materials as required by national and agency policies.
Explore learning pathConducts independent assessments of IT system security controls to evaluate their overall effectiveness in protecting mission-critical systems.
Explore learning pathDevelops business and IT process architectures, creating baseline and target architectures to meet mission or enterprise goals.
Explore learning pathMonitors cyber defense tools like IDS and logs to analyze network events, identifying and mitigating potential threats to security environments.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
As an individual who is new to the ICS/OT, with 5 years in Cybersecurity and 25 years in IT, this course has been a game changer for me.
ICS410 provides an unparalleled educational experience with impeccably organized content. Its integration of case studies bridges the gap between theory and practical application.
This was my first SANS training and I'm impressed. Content was at the right level, good explanation, room for [the instructor] to add their examples, and enough time for questions.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources