homepage
Menu
Open menu

SEC501: Advanced Security Essentials - Enterprise Defender™

GIAC Certified Enterprise Defender (GCED)
GIAC Certified Enterprise Defender (GCED)
Register Now Course Preview
  • In Person (6 days)
  • Online
38 CPEs

Cyber reskilling and upskilling are significant concerns for enterprises both large and small. Technologists must have a broad range of knowledge and certain basic skills in multiple areas. Every member of a security team, increasingly extended into Information Technology and DevOps, must prepare to ensure that any system, software, or infrastructure that is coded, built, and deployed is resilient to attack. Team members must have the knowledge necessary to identify the adversaries in their midst, which requires knowledge of the adversaries' tactics, techniques, and procedures, as well as familiarity with real-world tools that reveal their activities within the enterprise. Adversaries must be contained when uncovered-controlling their lateral movement and limiting the extent of their infiltration minimizes the risks of disclosure, alteration, and destruction of mission-critical enterprise data. Critically, having all hands on deck is key to eradicating the adversary, remediating compromised systems, and recovering lost assets. Prevent. Detect. Respond.

Course Authors:
Ross Bergman
Ross Bergman
Principal Instructor
Dave Shackleford
Dave Shackleford
Senior Instructor
What You Will LearnSyllabusCertificationPrerequisitesLaptop RequirementsAuthor StatementReviewsTraining & Pricing

What You Will Learn

The experience of continuous adversary activity, of increasing magnitude, leading to frequent attacks, and the inevitable compromise which too often results in data loss and leakage. Enterprises must have cross-trained professionals fully prepared to contribute meaningfully to CERT/CSIRT activities when required. Experienced technologists who are exploring cyber career pathways and looking for hands-on practical experience with cutting-edge tools of the trade will find what they need in SEC501: Advanced Security Essentials-Enterprise Defender. It is the only SANS course that provides training across cybersecurity sub-disciplines in the tools and techniques used daily to defend the enterprise. Full-day course topics cover defending network architecture, penetration testing, security operations, DFIR/CERT/CSIRT, and malware analysis. Twenty five labs, conducted in-class, provide hands-on experience with real-world tools (e.g., Cisco routers, Covenant, Metasploit, Nessus, Nmap, Procmon, Snort, SOF-ELK, TShark, Wireshark, etc.) in each of these areas, demonstrating:

  • active defense
  • attacks against network devices (and defenses)
  • digital artifact collection
  • forensic data recovery
  • interactive behavioral analysis of malware
  • intrusion detection and Snort signature creation
  • log aggregation and correlation
  • manual code reversing
  • network forensics
  • network scanning and enumeration
  • packet and protocol analysis
  • password cracking
  • super timeline analysis
  • system exploitation and post-expolitation pivoting
  • vulnerability assessment
  • web application scanning and attacks

and more.

In SEC501: Advanced Security Essentials-Enterprise Defender you will

  • Delve into the secrets of how Ransomware operates and what it needs to function, then find the data needed to defeat it by deceiving it into believing you have met its demands.
  • Launch real-time attacks against network devices by compromising authentication, redundancy, routing protocols, and encrypted credentials, then hardening devices against these same attacks and validating that they fail.
  • Discover and compromise systems, enumerate accounts, steal credentials, and discover, identify, attack, compromise, and pivot to other systems on the target network using exploitation tools and frameworks exactly as your adversary would do.
  • Detect vulnerabilities with sniffers, scanners, and proxies, giving you the opportunity to remediate the weaknesses in your systems before the attack begins.
  • Directly consume threat intelligence, identifying signatures of nascent attacks in packets captured from your network and creating and testing new rules for your Network Intrusion Detection System.

Business Takeaways

This course will help your organization:

  • Reskill and upskill technologists to substantially contribute to enterprise cybersecurity
  • Improve the effectiveness, efficiency, and success of cybersecurity initiatives
  • Build defensible networks that minimize the impact of attacks
  • Identify exposure points to ultimately prioritize and fix the vulnerabilities, increasing the organization's overall security
  • Detect the adversary, on premise and in the cloud, via monitoring and analysis of network activity, and correlation of activity across systems
  • Understand attack methods against systems, network devices, web applications

You Will Learn

  • Core components to build a defensible network infrastructure and properly secure your routers, switches, and other network infrastructure
  • Formal methods to perform vulnerability assessment and penetration testing to find weaknesses on your enterprise network
  • Analysis methods to detect advanced attacks against your network and indicators of compromise on deployed systems, including the forensically sound collection of artifacts and what you can learn from them
  • How to respond to an incident using a six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
  • Approaches to analyzing malware, ranging from fully automated techniques to the manual analysis of static properties, interactive behavior, and code reversing

You Will Be Able To

  • Identify network security threats against infrastructure and build defensible networks that minimize the impact of attacks via analysis of network device configurations and simulated attacks
  • Decode and analyze packets using various tools to identify anomalies and improve network defenses
  • Understand how the adversary compromises systems and how to respond to attacks using a six-step incident handling process
  • Perform penetration testing against an enterprise to determine vulnerabilities and points of compromise
  • Understand and utilize active defense techniques
  • Collect forensic artifacts detailing prior system activity, carve out deleted data from storage devices, analyze super timelines, and conduct network forensic analysis
  • Use various tools to identify and analyze malware across your enterprise

What You Will Receive

  • MP3 audio files of the complete course lecture
  • Course media with the course virtual machines

SEC501 Features 25 Labs That Will Show You How To

  • Build a defensible network architecture by auditing router configurations, launching successful attacks against them, hardening devices to withstand those same attacks, and using active defense tools to detect an attack and generate an alert
  • Perform detailed analysis of traffic using various sniffers and protocol analyzers, and automate attack detection by creating and testing new rules for detection systems
  • Identify and track attacks and anomalies in network packets using multiple technologies
  • Use SIEM for visualization and correlation of multi-system activity to identify and verify a data breach
  • Use various tools such as vulnerability scanning and network discovery to assess systems and web applications for known vulnerabilities, and exploit those vulnerabilities using penetration testing frameworks and toolsets
  • Collect digital artifacts and recover deleted data using digital forensic techniques, and analyze a supertimeline created from these artifacts to determine the vector of initial compromise
  • Apply network forensic analysis to contain a Ransomware outbreak, differentiating between systems only downloading the malware, and those which executed the malware
  • Find, identify, analyze, and clean up malware such as Ransomware using a variety of techniques, including monitoring the malware as it executes and manually reversing its code to discover its secrets

Here's What Students Say about SEC501

"This is the best technical training course I have ever taken. SEC501 exposed me to many valuable concepts and tools but also gave me a solid introduction to those tools so that I can continue to study and improve on my own." - Curt Smith, Hildago Medical Services

"SEC501 offers a great explanation of Net Defense best practices that often get overlooked." - Kirk G., U.S. Navy

"For an intensive and in-depth course, I found SEC501 to be extremely educational yet fun and entertaining." - Hisham Al-Muhareb, Saudi Aramco

Syllabus (38 CPEs)

Download PDF
  • Overview

    Proper design and configuration of network devices protects both the components being configured and the rest of the enterprise that depends on those devices to defend other components from attacks. In other words, a good house needs a good foundation!

    In this course section we will discuss published security benchmarks, vendor guidance to secure various products, and regulatory requirements and how they impact defending infrastructure against specific attacks. To illustrate these points, we will look in detail at securing and defending a router infrastructure against a number of device- and network-based attacks. Securing private and public cloud infrastructure against common attacks will also be discussed.

    Exercises
    • Initial Router Configuration and Audit
    • Securing AAA
    • Securing Redundancy Protocols
    • Log Infrastructure in Defense
    • Defending Routing Protocols
    • Final Router Hardening Steps/Audit

    Topics
    • Security Standards and Audit
    • Authentication, Authorization, and Accounting
    • Defending Network Infrastructure
    • Name Resolution Attacks and Defense
    • Securing and Defending Private and Public Cloud Infrastructure
  • Overview

    Security is all about understanding, mitigating, and controlling the risk to an enterprise's critical assets. An enterprise must understand the changing threat landscape and have the capacity to compare it against its own vulnerabilities that could be exploited to compromise the environment. This course section will present the variety of tests that can be run against an enterprise, and show how to perform effective penetration tests to better understand the security posture for network services, operating systems, and applications. In addition, we will talk about social engineering and open-source intelligence activities to better emulate increasingly prevalent threats to users.

    Finding basic vulnerabilities is easy but not necessarily effective if these are not the vulnerabilities attackers exploit to break into a system. Advanced penetration testing involves understanding the variety of systems and applications on a network and how they can be compromised by an attacker. Students will learn to scope and plan their test projects, perform external and internal network penetration testing and web application testing, and pivot through the environment like real-world attackers. And while penetration testing is critical to identify an enterprise's exposure points, students will also learn how to prioritize and fix these vulnerabilities to increase the enterprise's overall security.

    Exercises
    • Network Scanning Fundamentals
    • Scanning with Nessus
    • Exploitation and Metasploit Basics
    • Post-Exploitation and Pivoting
    • Basic Web App Scans and Attacks
    Topics
    • Penetration Testing Scoping and Rules of Engagement
    • Open-Source Intelligence
    • Social Engineering
    • Network Mapping and Scanning Techniques
    • Enterprise Vulnerability Scanning
    • Network Exploitation Tools and Techniques
    • Post-Exploitation and Pivoting
    • Web Application Exploitation Tools and Techniques
    • Reporting and Debriefing
  • Overview

    Traffic analysis and intrusion detection used to be treated as a separate discipline within many enterprises. Today, prevention, detection, and response must be closely knit, so that once an attack is detected, defensive measures can be adapted and proactive forensics implemented so the enterprise can continue to operate. This course section will start with a brief introduction to network security monitoring, followed by a refresher on network protocols, with an emphasis on fields to look for as security professionals. We will use tools such as tcpdump and Wireshark to analyze packet traces and look for indicators of attacks. We will also use a variety of detection and analysis tools as well as explore Snort as a Network Intrusion Detection System and examine rule signatures in-depth., Students will also conduct network forensics, and make use of the SOF-ELK platform to demonstrate the power of Security Information and Event Management tools.

    Exercises
    • Analyzing PCAPs with tcpdump
    • Attack Analysis with Wireshark
    • Snort Basics
    • Detecting Malicious Activity with Security Onion
    • Security Analytics with SOF-ELK
    Topics
    • Network Security Monitoring
    • Advanced Packet Analysis
    • Network Intrusion Detection/Prevention
    • Writing Signatures for Detection
    • Network Forensics and More
    • Event Management Introduction
    • Continuous Monitoring
    • Logging and Event Collection and Analysis
    • SIEM and Analytics
  • Overview

    Enterprises rely on their CERT/CSIRT to find, scope, contain, and eradicate evil from their networks. Incident investigators employ DFIR practices to determine what happened: DFIR teams conduct investigations to find evidence of compromise, remediate the environment, and provide data to generate local threat intelligence for operations teams in order to continuously improve detection. While traditionally seen as a finite process, incident response is now viewed as ongoing, with DFIR professionals searching for evidence of an attacker that has existed in the environment without detection by applying new threat intelligence to existing evidence. This is the crux of the concept known as "threat hunting."

    This section begins with a discussion of Active Defense approaches in some detail, then presents the core concepts of DFIR. We will explore some of the hundreds of artifacts that can give forensic investigators specific insight about what occurred during an incident. Students will learn how incident response currently operates, after years of evolving, in order to address the dynamic procedures used by attackers to conduct their operations. We will also look at how to integrate DFIR practices into a continuous security operations program. Next, a cyclical, six-step incident response process is presented. Each step will be examined in detail, including practical examples of how to apply it. Finally, students will learn about the artifacts that can best be used to determine the extent of suspicious activity within a given environment and how to migrate techniques to a large data set for enterprise-level analysis.

    Exercises
    • Active Defense: Honeyports
    • Data Recovery with FTK Imager and Photorec
    • Discovering Artifacts
    • Ransomware Timeline Analysis of Ransomware
    • Ransomware Network Analysis of Ransomware
    Topics
    • Active Defense
    • DFIR Core Concepts: Digital Forensics
    • DFIR Core Concepts: Incident Response
    • Modern Digital Forensics & Incident Response
    • Widening the Net: Scaling and Scoping
  • Overview

    Malicious software is responsible for many incidents in almost every type of enterprise. Types of malware vary widely, from Ransomware and Rootkits to Crypto Currency Miners and Worms. In this course section, we will define each of the most popular types of malware and walk through multiple examples. The four primary phases of malware analysis will be covered: Fully Automated Analysis, Static Properties Analysis, Interactive Behavior Analysis, and Manual Code Reversing. Students will complete various in-depth labs requiring them to fully dissect a live Ransomware specimen from static analysis through code analysis. They will also gain hands-on experience with manipulating the malware through behavior analysis techniques, and in decrypting files encrypted by Ransomware by extracting the keys through reverse engineering. All steps are well defined and tested to ensure that the process to achieve these goals is actionable and digestible.

    Exercises
    • Static Properties Analysis of Ransomware
    • Interactive Behavior Analysis of Ransomware - Part I
    • Interactive Behavior Analysis of Ransomware - Part II
    • Manual Code Reversing of Ransomware
    Topics
    • Introduction to Malware Analysis
    • Malware Analysis Stages: Fully Automated and Static Properties Analysis
    • Malware Analysis Stages: Interactive Behavior Analysis
    • Malware Analysis Stages: Manual Code Reversing
  • Overview

    This final course section will serve as a real-world challenge for students by requiring them to work in teams, use the skills they have learned throughout the course, think outside the box, and solve a range of problems from simple to complex. A web server scoring system and Capture-the-Flag engine will be provided to score students as they submit flags to score points. More difficult challenges will be worth more points. In this defensive exercise, challenges include packet analysis, malware analysis, and other challenges related to the course material.

GIAC Certified Enterprise Defender

The GIAC Certified Enterprise Defender (GCED) certification builds on the security skills measured by the GIAC Security Essentials certification. It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. GCED certification holders have validated knowledge and abilities in the areas of defensive network infrastructure, packet analysis, penetration testing, incident handling and malware removal.

  • Network and cloud-based defensive infrastructure
  • Penetration testing; Digital forensics; Incident response
  • Network monitoring, forensics, and logging
  • Packet analysis; Intrusion analysis; Malware analysis
More Certification Details

Prerequisites

While not required, it is recommended that students take SANS's SEC401: Security Essentials: Network, Endpoint, and Cloud course or have the skills taught in that class.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY SEC501 SYSTEM HARDWARE REQUIREMENTS
  • CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.
  • CRITICAL: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.
  • BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.
  • 16GB of RAM or more is required.
  • 125GB of free storage space or more is required.
  • At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.
  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.
MANDATORY SEC501 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS
  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
  • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Any filtering of egress traffic may prevent accomplishing the labs in the course. Firewalls should be disabled or you must have the administrative privileges to disable them.
  • Download and install VMware Workstation Pro 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ (for Windows 11 hosts), or VMWare Fusion Pro 12.2+ (for macOS hosts) prior to the start of the class. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website. This course requires a "Pro" version of VMware software. The "Player" versions are not sufficient.
  • On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure that VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your course materials.
  • Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.

Your course media are delivered via download. The media files for class can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Do not wait until the night before class to start downloading these files.

Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on course labs.

If you have additional questions about the laptop specifications, please contact support.

Author Statement

"My introduction to cybersecurity began in the early 1990s as a neuroscience Ph.D. student on the day after our lab was the victim of a cyber attack. That's when I discovered that our UNIX workstations had known vulnerabilities for which patches had to be downloaded and installed. Entirely self-taught, I learned to patch and rebuild kernels and compile, deploy, configure, and use tools like Tripwire, SATAN, and TCP Wrappers. Later, as a full-time enterprise administrator, I learned about switches, routers, and firewalls; RSA SecurID, IPSec VPN, and proxy gateways; hardening Windows endpoints; automating the auditing of Active Directory and the dynamic population of security groups; administering Nexpose; and wrangling IPTables. My own multifaceted technology background makes me particularly enthusiastic about being the lead author for SEC501. The course reflects my own experience as a jack of all trades and provides the perfect opportunity to share that excitement with you!"

- Ross Bergman

Ways to Learn

  • OnDemand

Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.

Register Now
  • Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

View Available Dates & Time Zones
  • In Person (6 days)

Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings.

View Available Dates & Locations

Who Should Attend SEC501?

  • Experienced technologists seeking cyber reskilling and upskilling
  • CERT / CSIRT members requiring broad experience across multiple sub-disciplines of cybersecurity
  • Professionals with experience in technical areas such as Information Security, Information Technology, and Software Engineering, familiar with the fundamental knowledge presented in SANS's SEC401: Security Essentials: Network, Endpoint, and Cloud course, who want advanced training and hands-on experience with industry tools
  • Security Operations Center engineers and analysts seeking advanced knowledge beyond the packets, logs, and alerts
  • Jack-of-all-trades, multiple-hat-wearing security professionals who work in enterprises where they are responsible for not just one or two aspects of security, but for all of them, and who want to enhance their knowledge and expertise across a variety of areas
  • Anyone who seeks in-depth technical knowledge about implementing comprehensive security solutions

NICE Framework Work Roles:

  • Network Operations Specialist (OPM 441)
  • Cyber Instructor (OPM 712)
  • Cyber Defense Analyst (OPM 511)
  • Cyber Defense Infrastructure Support Specialist (OPM 521)
See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter

Related Programs

DoDD 8140
DoDD 8140 (IAT Level III)
See how this and other SANS Courses and GIAC Certifications align with the Department of Defense Directive 8140.
Masters Program
Masters Program
This course and certification can be applied to a master's degree program at the SANS Technology Institute.

Reviews

SEC501 offers a great explanation of Net Defense best practices that often get overlooked.
Kirk G.
US Military
I would recommend SEC501 as a strong foundation to any security practitioner role. It is broad but assumes a reasonable level of technical proficiency that is refreshing.
Karl King
Vodafone UK
The disciplines/skills taught in SEC501 were exactly what my career and team needed to mature our SOC. Bryce Galbraith was an amazing, extremely knowledgeable instructor who kept all of the material interesting and fun,
John Barrow
Caesars Entertainment Corporation
This is the best technical training course I have ever taken. SEC501 exposed me to many valuable concepts and tools but also gave me a solid introduction to those tools so that I can continue to study and improve on my own.
Curt Smith
Hildago Medical Services
A must for cyber security professionals!
Gary Oakley
BMPC
    Africa/Abidjan
    Africa/Accra
    Africa/Addis Ababa
    Africa/Algiers
    Africa/Asmara
    Africa/Asmera
    Africa/Bamako
    Africa/Bangui
    Africa/Banjul
    Africa/Bissau
    Africa/Blantyre
    Africa/Brazzaville
    Africa/Bujumbura
    Africa/Cairo
    Africa/Casablanca
    Africa/Ceuta
    Africa/Conakry
    Africa/Dakar
    Africa/Dar es Salaam
    Africa/Djibouti
    Africa/Douala
    Africa/El Aaiun
    Africa/Freetown
    Africa/Gaborone
    Africa/Harare
    Africa/Johannesburg
    Africa/Juba
    Africa/Kampala
    Africa/Khartoum
    Africa/Kigali
    Africa/Kinshasa
    Africa/Lagos
    Africa/Libreville
    Africa/Lome
    Africa/Luanda
    Africa/Lubumbashi
    Africa/Lusaka
    Africa/Malabo
    Africa/Maputo
    Africa/Maseru
    Africa/Mbabane
    Africa/Mogadishu
    Africa/Monrovia
    Africa/Nairobi
    Africa/Ndjamena
    Africa/Niamey
    Africa/Nouakchott
    Africa/Ouagadougou
    Africa/Porto-Novo
    Africa/Sao Tome
    Africa/Timbuktu
    Africa/Tripoli
    Africa/Tunis
    Africa/Windhoek
    America/Adak
    America/Anchorage
    America/Anguilla
    America/Antigua
    America/Araguaina
    America/Argentina/Buenos Aires
    America/Argentina/Catamarca
    America/Argentina/ComodRivadavia
    America/Argentina/Cordoba
    America/Argentina/Jujuy
    America/Argentina/La Rioja
    America/Argentina/Mendoza
    America/Argentina/Rio Gallegos
    America/Argentina/Salta
    America/Argentina/San Juan
    America/Argentina/San Luis
    America/Argentina/Tucuman
    America/Argentina/Ushuaia
    America/Aruba
    America/Asuncion
    America/Atikokan
    America/Atka
    America/Bahia
    America/Bahia Banderas
    America/Barbados
    America/Belem
    America/Belize
    America/Blanc-Sablon
    America/Boa Vista
    America/Bogota
    America/Boise
    America/Buenos Aires
    America/Cambridge Bay
    America/Campo Grande
    America/Cancun
    America/Caracas
    America/Catamarca
    America/Cayenne
    America/Cayman
    America/Chicago
    America/Chihuahua
    America/Ciudad Juarez
    America/Coral Harbour
    America/Cordoba
    America/Costa Rica
    America/Creston
    America/Cuiaba
    America/Curacao
    America/Danmarkshavn
    America/Dawson
    America/Dawson Creek
    America/Denver
    America/Detroit
    America/Dominica
    America/Edmonton
    America/Eirunepe
    America/El Salvador
    America/Ensenada
    America/Fort Nelson
    America/Fort Wayne
    America/Fortaleza
    America/Glace Bay
    America/Godthab
    America/Goose Bay
    America/Grand Turk
    America/Grenada
    America/Guadeloupe
    America/Guatemala
    America/Guayaquil
    America/Guyana
    America/Halifax
    America/Havana
    America/Hermosillo
    America/Indiana/Indianapolis
    America/Indiana/Knox
    America/Indiana/Marengo
    America/Indiana/Petersburg
    America/Indiana/Tell City
    America/Indiana/Vevay
    America/Indiana/Vincennes
    America/Indiana/Winamac
    America/Indianapolis
    America/Inuvik
    America/Iqaluit
    America/Jamaica
    America/Jujuy
    America/Juneau
    America/Kentucky/Louisville
    America/Kentucky/Monticello
    America/Knox IN
    America/Kralendijk
    America/La Paz
    America/Lima
    America/Los Angeles
    America/Louisville
    America/Lower Princes
    America/Maceio
    America/Managua
    America/Manaus
    America/Marigot
    America/Martinique
    America/Matamoros
    America/Mazatlan
    America/Mendoza
    America/Menominee
    America/Merida
    America/Metlakatla
    America/Mexico City
    America/Miquelon
    America/Moncton
    America/Monterrey
    America/Montevideo
    America/Montreal
    America/Montserrat
    America/Nassau
    America/New York
    America/Nipigon
    America/Nome
    America/Noronha
    America/North Dakota/Beulah
    America/North Dakota/Center
    America/North Dakota/New Salem
    America/Nuuk
    America/Ojinaga
    America/Panama
    America/Pangnirtung
    America/Paramaribo
    America/Phoenix
    America/Port-au-Prince
    America/Port of Spain
    America/Porto Acre
    America/Porto Velho
    America/Puerto Rico
    America/Punta Arenas
    America/Rainy River
    America/Rankin Inlet
    America/Recife
    America/Regina
    America/Resolute
    America/Rio Branco
    America/Rosario
    America/Santa Isabel
    America/Santarem
    America/Santiago
    America/Santo Domingo
    America/Sao Paulo
    America/Scoresbysund
    America/Shiprock
    America/Sitka
    America/St Barthelemy
    America/St Johns
    America/St Kitts
    America/St Lucia
    America/St Thomas
    America/St Vincent
    America/Swift Current
    America/Tegucigalpa
    America/Thule
    America/Thunder Bay
    America/Tijuana
    America/Toronto
    America/Tortola
    America/Vancouver
    America/Virgin
    America/Whitehorse
    America/Winnipeg
    America/Yakutat
    America/Yellowknife
    Antarctica/Casey
    Antarctica/Davis
    Antarctica/DumontDUrville
    Antarctica/Macquarie
    Antarctica/Mawson
    Antarctica/McMurdo
    Antarctica/Palmer
    Antarctica/Rothera
    Antarctica/South Pole
    Antarctica/Syowa
    Antarctica/Troll
    Antarctica/Vostok
    Arctic/Longyearbyen
    Asia/Aden
    Asia/Almaty
    Asia/Amman
    Asia/Anadyr
    Asia/Aqtau
    Asia/Aqtobe
    Asia/Ashgabat
    Asia/Ashkhabad
    Asia/Atyrau
    Asia/Baghdad
    Asia/Bahrain
    Asia/Baku
    Asia/Bangkok
    Asia/Barnaul
    Asia/Beirut
    Asia/Bishkek
    Asia/Brunei
    Asia/Calcutta
    Asia/Chita
    Asia/Choibalsan
    Asia/Chongqing
    Asia/Chungking
    Asia/Colombo
    Asia/Dacca
    Asia/Damascus
    Asia/Dhaka
    Asia/Dili
    Asia/Dubai
    Asia/Dushanbe
    Asia/Famagusta
    Asia/Gaza
    Asia/Harbin
    Asia/Hebron
    Asia/Ho Chi Minh
    Asia/Hong Kong
    Asia/Hovd
    Asia/Irkutsk
    Asia/Istanbul
    Asia/Jakarta
    Asia/Jayapura
    Asia/Jerusalem
    Asia/Kabul
    Asia/Kamchatka
    Asia/Karachi
    Asia/Kashgar
    Asia/Kathmandu
    Asia/Katmandu
    Asia/Khandyga
    Asia/Kolkata
    Asia/Krasnoyarsk
    Asia/Kuala Lumpur
    Asia/Kuching
    Asia/Kuwait
    Asia/Macao
    Asia/Macau
    Asia/Magadan
    Asia/Makassar
    Asia/Manila
    Asia/Muscat
    Asia/Nicosia
    Asia/Novokuznetsk
    Asia/Novosibirsk
    Asia/Omsk
    Asia/Oral
    Asia/Phnom Penh
    Asia/Pontianak
    Asia/Pyongyang
    Asia/Qatar
    Asia/Qostanay
    Asia/Qyzylorda
    Asia/Rangoon
    Asia/Riyadh
    Asia/Saigon
    Asia/Sakhalin
    Asia/Samarkand
    Asia/Seoul
    Asia/Shanghai
    Asia/Singapore
    Asia/Srednekolymsk
    Asia/Taipei
    Asia/Tashkent
    Asia/Tbilisi
    Asia/Tehran
    Asia/Tel Aviv
    Asia/Thimbu
    Asia/Thimphu
    Asia/Tokyo
    Asia/Tomsk
    Asia/Ujung Pandang
    Asia/Ulaanbaatar
    Asia/Ulan Bator
    Asia/Urumqi
    Asia/Ust-Nera
    Asia/Vientiane
    Asia/Vladivostok
    Asia/Yakutsk
    Asia/Yangon
    Asia/Yekaterinburg
    Asia/Yerevan
    Atlantic/Azores
    Atlantic/Bermuda
    Atlantic/Canary
    Atlantic/Cape Verde
    Atlantic/Faeroe
    Atlantic/Faroe
    Atlantic/Jan Mayen
    Atlantic/Madeira
    Atlantic/Reykjavik
    Atlantic/South Georgia
    Atlantic/St Helena
    Atlantic/Stanley
    Australia/ACT
    Australia/Adelaide
    Australia/Brisbane
    Australia/Broken Hill
    Australia/Canberra
    Australia/Currie
    Australia/Darwin
    Australia/Eucla
    Australia/Hobart
    Australia/LHI
    Australia/Lindeman
    Australia/Lord Howe
    Australia/Melbourne
    Australia/NSW
    Australia/North
    Australia/Perth
    Australia/Queensland
    Australia/South
    Australia/Sydney
    Australia/Tasmania
    Australia/Victoria
    Australia/West
    Australia/Yancowinna
    Brazil/Acre
    Brazil/DeNoronha
    Brazil/East
    Brazil/West
    CET
    CST6CDT
    Canada/Atlantic
    Canada/Central
    Canada/Eastern
    Canada/Mountain
    Canada/Newfoundland
    Canada/Pacific
    Canada/Saskatchewan
    Canada/Yukon
    Chile/Continental
    Chile/EasterIsland
    Cuba
    EET
    EST
    EST5EDT
    Egypt
    Eire
    Etc/GMT
    Etc/GMT+0
    Etc/GMT+1
    Etc/GMT+10
    Etc/GMT+11
    Etc/GMT+12
    Etc/GMT+2
    Etc/GMT+3
    Etc/GMT+4
    Etc/GMT+5
    Etc/GMT+6
    Etc/GMT+7
    Etc/GMT+8
    Etc/GMT+9
    Etc/GMT-0
    Etc/GMT-1
    Etc/GMT-10
    Etc/GMT-11
    Etc/GMT-12
    Etc/GMT-13
    Etc/GMT-14
    Etc/GMT-2
    Etc/GMT-3
    Etc/GMT-4
    Etc/GMT-5
    Etc/GMT-6
    Etc/GMT-7
    Etc/GMT-8
    Etc/GMT-9
    Etc/GMT0
    Etc/Greenwich
    Etc/UCT
    Etc/UTC
    Etc/Universal
    Etc/Zulu
    Europe/Amsterdam
    Europe/Andorra
    Europe/Astrakhan
    Europe/Athens
    Europe/Belfast
    Europe/Belgrade
    Europe/Berlin
    Europe/Bratislava
    Europe/Brussels
    Europe/Bucharest
    Europe/Budapest
    Europe/Busingen
    Europe/Chisinau
    Europe/Copenhagen
    Europe/Dublin
    Europe/Gibraltar
    Europe/Guernsey
    Europe/Helsinki
    Europe/Isle of Man
    Europe/Istanbul
    Europe/Jersey
    Europe/Kaliningrad
    Europe/Kiev
    Europe/Kirov
    Europe/Kyiv
    Europe/Lisbon
    Europe/Ljubljana
    Europe/London
    Europe/Luxembourg
    Europe/Madrid
    Europe/Malta
    Europe/Mariehamn
    Europe/Minsk
    Europe/Monaco
    Europe/Moscow
    Europe/Nicosia
    Europe/Oslo
    Europe/Paris
    Europe/Podgorica
    Europe/Prague
    Europe/Riga
    Europe/Rome
    Europe/Samara
    Europe/San Marino
    Europe/Sarajevo
    Europe/Saratov
    Europe/Simferopol
    Europe/Skopje
    Europe/Sofia
    Europe/Stockholm
    Europe/Tallinn
    Europe/Tirane
    Europe/Tiraspol
    Europe/Ulyanovsk
    Europe/Uzhgorod
    Europe/Vaduz
    Europe/Vatican
    Europe/Vienna
    Europe/Vilnius
    Europe/Volgograd
    Europe/Warsaw
    Europe/Zagreb
    Europe/Zaporozhye
    Europe/Zurich
    GB
    GB-Eire
    GMT
    GMT+0
    GMT-0
    GMT0
    Greenwich
    HST
    Hongkong
    Iceland
    Indian/Antananarivo
    Indian/Chagos
    Indian/Christmas
    Indian/Cocos
    Indian/Comoro
    Indian/Kerguelen
    Indian/Mahe
    Indian/Maldives
    Indian/Mauritius
    Indian/Mayotte
    Indian/Reunion
    Iran
    Israel
    Jamaica
    Japan
    Kwajalein
    Libya
    MET
    MST
    MST7MDT
    Mexico/BajaNorte
    Mexico/BajaSur
    Mexico/General
    NZ
    NZ-CHAT
    Navajo
    PRC
    PST8PDT
    Pacific/Apia
    Pacific/Auckland
    Pacific/Bougainville
    Pacific/Chatham
    Pacific/Chuuk
    Pacific/Easter
    Pacific/Efate
    Pacific/Enderbury
    Pacific/Fakaofo
    Pacific/Fiji
    Pacific/Funafuti
    Pacific/Galapagos
    Pacific/Gambier
    Pacific/Guadalcanal
    Pacific/Guam
    Pacific/Honolulu
    Pacific/Johnston
    Pacific/Kanton
    Pacific/Kiritimati
    Pacific/Kosrae
    Pacific/Kwajalein
    Pacific/Majuro
    Pacific/Marquesas
    Pacific/Midway
    Pacific/Nauru
    Pacific/Niue
    Pacific/Norfolk
    Pacific/Noumea
    Pacific/Pago Pago
    Pacific/Palau
    Pacific/Pitcairn
    Pacific/Pohnpei
    Pacific/Ponape
    Pacific/Port Moresby
    Pacific/Rarotonga
    Pacific/Saipan
    Pacific/Samoa
    Pacific/Tahiti
    Pacific/Tarawa
    Pacific/Tongatapu
    Pacific/Truk
    Pacific/Wake
    Pacific/Wallis
    Pacific/Yap
    Poland
    Portugal
    ROC
    ROK
    Singapore
    Turkey
    UCT
    US/Alaska
    US/Aleutian
    US/Arizona
    US/Central
    US/East-Indiana
    US/Eastern
    US/Hawaii
    US/Indiana-Starke
    US/Michigan
    US/Mountain
    US/Pacific
    US/Samoa
    UTC
    Universal
    W-SU
    WET
    Zulu
    Filters:
    Training Formats
          Location
          Dates

          Register for SEC501

          Learn about Group Pricing

          Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.

          Loading...