OnDemand SME Support = Get Your Questions Answered! Get an iPad mini, Surface Go 2, of $300 Off Now

Orlando 2020 - Live Online

Virtual, US Eastern | Mon, Oct 12 - Sat, Oct 17, 2020

SEC301: Introduction to Cyber Security

Mon, October 12 - Fri, October 16, 2020

Associated Certification: GIAC Information Security Fundamentals (GISF)

To determine if the SANS SEC301 course is right for you, ask yourself five simple questions:

  • Are you new to cyber security and in need of an introduction to the fundamentals?
  • Are you bombarded with complex technical security terms that you don't understand?
  • Do you need to be conversant in basic security concepts, principles, and terms, but do not need "deep in the weeds" detail?
  • Have you decided to make a career change to take advantage of the job opportunities in cyber security and need formal training/certification?
  • Are you a manager who lays awake at night worrying that your company may be the next mega-breach headline story on the 6 o'clock news?

If you answer yes to any of these questions, the SEC301: Introduction to Cyber Security training course is for you. Jump-start your security knowledge by receiving insight and instruction from real-world security experts on critical introductory topics that are fundamental to cyber security.

This five-day comprehensive course covers everything from core terminology to the how computers and networks function, security policies, risk management, a new way of looking at passwords, cryptographic principles, network attacks & malware, wireless security, firewalls and many other security technologies, web & browser security, backups, virtual machines & cloud computing. All topics are covered at an easy to understand introductory level.

This course is for those who have very little knowledge of computers & technology with no prior knowledge of cyber security. The hands-on, step-by-step teaching approach enables you to grasp all the information presented, even if some of the topics are new to you. You'll learn real-world cyber security fundamentals to serve as the foundation of your career skills and knowledge for years to come.

Written by a cyber security professional with over 35 years of industry experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as getting you ready for your next training course. It also delivers on the SANS promise: "You can use the knowledge and skills you learn in SEC301 as soon as you return to work."

Course Syllabus

Keith Palmgren
Mon Oct 12th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET


Every good security practitioner and every good security program begins with the same mantra: learn the fundamentals. SEC301 starts by instilling familiarity with core security terms and principles. By the time you leave the classroom after the first day, you fully understand the Principle of Least Privilege and why it drives all security decisions. You know the Confidentiality, Integrity, and Availability (CIA) method of prioritizing your security program. You understand the fundamentals of risk management, security policy, and authentication/authorization/accountability (AAA).

  • Lab - Introducing the lab environment used throughout the course. We ensure that each student can access the lab environment. It is necessary to be able to disable any VPN software on your system to be able to access the environment in the classroom. We ensure that each student knows how to use the lab environment so that they are successful in completing labs throughout the course. We also introduce the quizzes that students can take on the SEC301.com website. That site also has videos of the course author performing each lab with full explanations of the steps, why you do them, what any output on the screen might mean, and so on.
  • NOTE: We do not give time in class for watching the videos or completing the quizzes. These are extra, outside of class activities. If you believe you may like to view the videos during class time (perhaps during a break), please bring ear-buds or headphones so that you do not distract other students with the audio.
  • Lab - Building Better Passwords: We'll use a tool that shows how long it takes to compromise various passwords via a brute force attack. The emphasis of the lab is how to help yourself, your users, your family, and your friends to choose better, stronger, and easier to use passwords.

CPE/CMU Credits: 6

Keith Palmgren
Tue Oct 13th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET


If you are going to secure a computer or a network, you must have at least a basic knowledge of how they work. Every attack uses something that exists for perfectly valid reasons and misuses it in invalid malicious ways. To work in cyber security, you have to understand the valid functions to understand the potential for invalid misuse.

The day begins with a discussion of how computers work. We cover the numbering system of decimal, binary, and hexadecimal - vital to understanding computers and networks. We also cover ASCII (the American Standard Code for Information Interchange). We also discuss what an operating system is. We talk about the terms kilobyte, megabyte, gigabyte, and terabyte and what those terms mean. We cover the difference between the hard drive and Random Access Memory (RAM). In short, how a computer works.

From there, we move to a discussion of how information moves from point A to point B across a network without using any technical terminology of any kind. This discussion includes both Internet and Local Area Network (LAN) examples. As we move on through the day, we slowly add the technical aspects of those explanations, including the terms and acronyms of networking. We discuss the origins of the Internet and why that origin matters to modern-day cyber security. We explain what a protocol is, and what both the OSI and TCP/IP stacks are and why they matter. You learn about standard network hardware such as a network interface card, a switch, and a router. We progress to topics such as IP addresses, network masks, default gateways, and routing. We explain, compare, and contrast the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) and why you might want to use one over the other. Eventually, we get to network protocols such as the Dynamic Host Control Protocol (DHCP), Domain Name System (DNS), and Network Address Translation (NAT).

While the above description sounds exceptionally technical, rest assured that we present the material in the most non-technical way possible. We cover each topic at a very high-level without getting into the nitty-gritty details.

  • Lab - Computer Number Conversions: Apply the knowledge you learned to convert decimal numbers to binary, binary numbers to hexadecimal, binary and hexadecimal numbers to decimal values, and so on.
  • Lab - Networking: Use a variety of built-in operating system commands to see your IP address, network mask, default gateway, ARP cache, DNS Cache, and see Network Address Translation in action. You will also perform simple network packet analysis with the Wireshark tool.

CPE/CMU Credits: 6

Keith Palmgren
Wed Oct 14th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET


Cryptography is one of the most complex issues faced by security practitioners. It is not a topic you can explain in passing; we spend a full day on it. You do not need a calculator for this day since we do not delve into the math behind crypto. We introduce you to cryptographic terms. We explain what steganography is. We then look at historical examples of cryptography. We do this because even the most advanced cryptographic systems today utilize methods of encrypting data that were used hundreds of years B.C. So we explain the historical examples that are very easy to understand to make it easier to understand modern cryptographic methods and principles.

We cover the "work factor" - the length of time necessary to break cryptography and why understanding this concept is so important. We cover some of the potential attacks against crypto and which ones are viable against modern cryptography and which attacks are nonviable. We cover hashing, symmetric & asymmetric cryptography and how each works. We then show real-world examples of how those cryptographic systems work. We cover the secure key exchange mechanism called Diffie-Hellman. We even briefly cover digital certificates and Public Key Infrastructure (PKI).

Once we have thoroughly explained how cryptography works, we end the day with a discussion of data encrypting protocols. Things that use cryptography to secure data on our networks and across the Internet. Here we cover email encryption, secure remote administration, secure file transfer, and three examples of Virtual Private Networks (VPNs).

Again, we do not spend our time on the mathematics behind cryptography, but instead, we are highly process focused. We explain the steps required to make crypto work, the order those steps must occur in, and which key you must use for each step.

  • Lab - Crypto by Hand: Apply the knowledge and skills you've learned to encrypt information using mono and poly alphabetic ciphers and gain a better understanding of triple encryption (as used by Triple DES).
  • Lab - Visual Crypto: Observe the encryption process that occurs by turning plaintext (what you can read) into ciphertext (what you cannot read) in real-time. Increase your understanding of what "randomness in ciphertext" truly means. See ciphertext turned back into plaintext. Find out what happens if you edit cyphertext and try to decrypt it. Learn what happens if you attempt to decrypt data with the wrong key. The lab provides visual proof of many definitive statements made by the instructor throughout the lecture.

CPE/CMU Credits: 6

Keith Palmgren
Thu Oct 15th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET


Our fourth day in the classroom begins our exploration of cyber security technologies. We begin with wireless network security (WiFi and Bluetooth), and mobile device security (i.e., mobile phones & tablets). We compare and contrast the security models of Apple's iPhone and Google's Android phones. We also discuss the almost total lack of security in the Internet of Things (IoT). We follow that with a look at some frequent attacks, including open-source intelligence gathering, social engineering, drive-by download attacks, watering hole attacks, buffer overflow attacks, Denial of Service (DoS), and other frequent attacks. We then move into a discussion of malware. What is a virus versus a worm or a trojan horse? What is ransomware, and what is cryptojacking. We then cover both anti-malware and host firewalls that try to counter these problems.

  • Lab - Configure a Wireless Access Point (A.K.A. Wireless Router). Students go through the steps of configuring a wireless access point from its default insecure state to a locked-down, far more secure state. Industry best practices dictate the final settings. Students can take these lab instructions home or to work and apply them with some necessary modifications given their device manufacturer.
  • Lab - Run the anti-malware scanner "Malwarebytes" on a virtual machine running within the lab environment. Discover active malware and remove it from the system. Also, discover Potentially Unwanted Programs (PUPs) that are, in reality, authorized software. Whitelist the PUPs, so they stop showing up in the scan results.

CPE/CMU Credits: 6

Keith Palmgren
Fri Oct 16th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET


The final day of our SEC301 journey continues the discussion of Cyber Security Technologies. The day begins by looking at several security technologies, including compartmentalization, firewalls, Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS), sniffers, content filters, sinkholes, ethical hacking, active defense, threat hunting and many more. We then take a solid look at Browser and Web security, and the difficulties of securing the web environment. For example, students understand why and how their browser connects to anywhere from 5 to 100+ different Internet locations each time they load a single web page. We end the day with a look at system security to include hardening operating systems, patching, virtual machines, cloud computing, and backup. We include solid real-world examples of how to implement these.

  • Lab - Firewall Configuration with Firewall Builder. Students utilize an open-source tool called "Firewall Builder" to create a simple yet fully functional firewall configuration. The lab not only explains how to build each of the rules but, more importantly, explains WHY you build each rule. The lab teaches not only the basics of configuring a firewall but also how to read and audit an existing firewall ruleset.

CPE/CMU Credits: 6

Additional Information

Important! Bring your own system configured according to these instructions!

We ask that you do 5 things to prepare prior to class start. This early preparation will allow you to get the most out of your training. One of those five steps is ensuring that you bring a properly configured system to class. This document details the required system hardware and software configuration for your class. You can also watch a series of short videos on these topics at the following web link https://sansurl.com/sans-setup-videos.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

SEC301 includes both lecture and hands-on labs. There are specific computer configuration requirements to perform hands-on labs. If you take SEC301 live in the classroom, you utilize a classroom network to connect to a lab server. If you take SEC301 online via OnDemand, you connect to the lab environment via the Internet. To accomplish this, you need the following:

  • A laptop running any version of Microsoft Windows or a Mac.
  • We do not recommend attempting to perform the labs with a tablet such as an iPad or Android. A Surface tablet can perform the labs, but smaller screens are problematic.
  • A Web Browser. We strongly recommend the Google Chrome browser, but Internet Explorer, Firefox, Opera, Safari, or any other modern browser works.
  • Have the ability to connect to a wireless (WiFi) network. (For live in-person classroom attendees.)
  • A network setting configured to obtain an IP address and DNS servers automatically. (For live in-person classroom attendees.)

NOTE: Administrative (or "Admin") permission is NOT required to perform any of the labs you do in class.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

The SEC301 Introduction to Information Security course is designed to address the needs of:

  • People who are new to information security and in need of an introduction to the fundamentals of security
  • Those who feel bombarded with complex technical security terms they don't understand but want to understand
  • Professionals who need to be conversant in basic security concepts, principles, and terms, but who don't need "deep in the weeds" detail
  • Those who have decided to make a career change to take advantage of the job opportunities in information security and need formal training/certification
  • Managers who worry their company may be the next mega-breach headline story on the 6 o'clock news
  • SEC301 does not have prerequisites.
  • SEC301 assumes only the most basic knowledge of computers.
  • SEC301 makes no assumptions regarding prior security knowledge.
Why Take This Course

Why choose a SANS course?

The SEC301 course lives up to its name: Introduction to Cyber Security. The course is for those who have very little or no background in Information Technology and who need to understand security concepts, principles, and terms. If you fall into that category, SEC301 serves your needs well.

Which course is right for you?

SANS recommends this course for those just starting in security.

Following SEC301, Introduction to Cyber Security, you may move on to the SEC401, Security Essentials course. You may also choose more of a management track and go to MGT512: Security Leadership Essentials For Managers. You might also choose to attend SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis. Perhaps LEG523: Law of Data Security and Investigations will better suit your interests. The SEC301 course prepares you for whatever path you may choose to follow in the cyber security world.

In this course, you receive the following:

  • Electronic Courseware for each day of training that includes the slides presented and notes to explain them plus an electronic lab workbook explaining the hands-on labs
  • Access to the SEC301.com website containing quizzes for each module, videos of the author performing each lab, and additional helpful materials
  • Five days worth of high-quality instruction and explanation
  • MP3 audio files of the complete course lecture
  • Communicate with confidence regarding information security topics, terms, and concepts
  • Understand and apply the Principles of Least Privilege
  • Understand and apply the Confidentiality, Integrity, and Availability (CIA) for prioritization of critical security resources
  • Build better passwords that are more secure while also being easier to remember and type
  • Grasp basic cryptographic principles, processes, procedures, and applications
  • Understand how a computer works
  • Understand computer network basics
  • Have a fundamental grasp of any number of technical acronyms: TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS, and the list goes on.
  • Utilize built-in Windows tools to see your network settings
  • Recognize and be able to discuss various security technologies, including anti-malware, firewalls, intrusion detection systems, sniffers, ethical hacking, active defense, and threat hunting.
  • Understand wireless technologies including WiFi, Bluetooth, mobile phones and the Internet of Things (IoT)
  • Explain a variety of frequent attacks such as social engineering, drive-by downloads, watering hole attacks, lateral movement, and other attacks
  • Understand different types of malware
  • Understand browser security and the privacy issues associated with web browsing
  • Explain system hardening
  • Discuss system patching
  • Understand virtual machines and cloud computing
  • Understand backups and create a backup plan for your personal life that virtually guarantees you never have to pay ransom to access your data

Author Statement

"If you want to be good at something, whether it be sports, music, science, math, or cyber security, you MUST have a solid grasp of the fundamentals. In fact, the better you understand the fundamentals, the better you become at a particular skillset. Without that foundation to build on, it is almost impossible to become a master at something. The Introduction to Cyber Security course is all about building those fundamentals and creating that foundation.

One of the things I enjoy most is seeing a student have that "ah-ha" moment. The moment when they suddenly understand a topic for the first time - often a topic they have wondered about for years. You can almost literally see the "light-bulb" of understanding appear over their heads. There are "ah-ha" moments at every turn and on every day of the SEC301: Introduction to Cyber Security course."

- Keith Palmgren