SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
SEC401: Security Essentials - Network, Endpoint, and Cloud
SEC401Cyber Defense
- 6 Days (Instructor-Led)
- 46 Hours (Self-Paced)
Course created by:
Bryan Simon
Course created by:Bryan Simon
- GIAC Security Essentials (GSEC)
- 46 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- 20 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Gain essential cybersecurity skills to quickly detect, respond to, and remediate threats. Learn how to protect critical information and technology assets, whether on-premises or in the cloud.
Featured Quote
Overall, my learning experience was vital, and I see practical steps and methods that I can use when I start back work. This course changed my perspective on Cyber Security and I’m thankful for the opportunity to be around leaders in the industry.
Course Overview
Information security is about focusing your defenses on the areas that matter most, particularly as they relate to the unique needs of your organization. In SEC401: Security Essentials - Network, Endpoint, and Cloud, you'll learn foundational knowledge in information security, focusing on network, endpoint, and cloud defenses tailored to organizational needs. The course covers detecting and responding to threats to secure systems effectively and minimize impact.
The SEC401 course teaches you the most effective steps to prevent attacks and detect adversaries, equipping you with actionable techniques you can immediately apply in your workplace. Through practical tips and insights, you'll be better prepared to win the ongoing battle against a broad range of cyber adversaries who seek to infiltrate your environment.
What You'll Learn
- Develop a security program focused on detection, response, and prevention
- Prioritize and address critical security concerns effectively
- Strengthen defenses against ransomware and implement robust authentication (IAM, MFA)
- Design networks using VLANs, NAC, and Zero Trust principles
- Secure multi-cloud environments with best practices
- Apply a strong vulnerability management strategy using tools like tcpdump and Wireshark
- Leverage command-line tools, scripting, and network mapping for enhanced monitoring and risk management
Business Takeaways
- How to address high-priority security concerns
- Leverage security strengths and differences among the top cloud providers
- Build a network visibility map to help validate attack surface
- Reduce an organization's attack surface through hardening and configuration management
Meet Your Author
Bryan Simon
Senior InstructorBryan Simon, a SANS Senior Instructor and author of SEC401, has been involved in cybersecurity since 1991. He’s the president of Xploit Security Inc., and has taught cybersecurity students from organizations like the FBI, NATO, and UN.
Read more about Bryan SimonCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC401: Security Essentials - Network, Endpoint, and Cloud.
Section 1 Network Security and Cloud Essentials
This section covers the need for a defensible network architecture, emphasizing timely threat detection, sensitive data protection, and understanding protocol vulnerabilities. It also explores cloud security, AI, and adversarial tactics, equipping students with foundational knowledge in network, cloud, AI, and wireless security.
Topics covered
- Defensible Network Architecture
- Protocols and Packet Analysis
- Virtualization, Cloud, and AI Essentials
- Securing Wireless Networks
Labs
- Tcpdump
- Wireshark
- AWS VPC Flow Logs
Section 2Defense in Depth
This section addresses large-scale threats and defense-in-depth strategies, focusing on IAM, authentication, and password security as key components of cloud security. It covers frameworks like CIS, NIST, and MITRE ATT&CK® for network and data protection, and explores mobile device security, including BYOD and MDM.
Topics covered
- Defense-in-depth
- IAM, Authentication, and Password Security
- Security Frameworks
- Data Loss Prevention
- Mobile Device Security
Labs
- Password Auditing
- Data Loss Prevention
- Mobile Device Backup Recovery
Section 3Vulnerability Management and Response
This section covers identifying vulnerabilities and establishing a vulnerability assessment program, with a focus on modern attack methods and web application security. It also addresses detecting post-compromise actions through effective logging, followed by guidance on incident response planning.
Topics covered
- Vulnerability Assessments
- Penetration Testing
- Attacks and Malicious Software
- Web Application Security
- Security Operations and Log Management
Labs
- Network Discovery
- Binary File Analysis and Characterization
- Web App Exploitation
- SIEM Log Analysis
Section 4Data Security Technologies
This section explores cryptography as a key security tool, covering essential concepts to protect organizational assets. It then examines prevention and detection technologies, like firewalls, intrusion prevention, and detection systems, focusing on their application at both network and endpoint levels.
Topics covered
- Cryptography
- Cryptography Algorithms and Deployment
- Applying Cryptography
- Network Security Devices
- Endpoint Security
Labs
- Hashing and Cryptographic Validation
- Encryption and Decryption
- Intrusion Detection and Network Security Monitoring with Snort3 and Zeek
Section 5Windows and Azure Security
This section covers the essentials of Windows security, addressing modern complexities like Active Directory, PKI, BitLocker, and endpoint security. It provides tools for streamlining and automating security tasks across both on-premises and Azure environments, equipping you with a strong foundation in Windows security, automation, and auditing.
Topics covered
- Windows Security Infrastructure
- Windows as a Service
- Windows Access Controls
- Enforcing Security Configurations
- Microsoft Cloud Computing
Labs
- Windows Process Exploration
- Windows Filesystem Permissions
- Applying Windows System Security Policies
- Using PowerShell for Speed and Scale
Section 6Containers, Linux, and Mac Security
This section provides practical guidance on securing Linux systems, catering to both beginners and advanced administrators. It covers Linux security fundamentals, including containerization for cloud computing, and concludes with a review of macOS security, clarifying its capabilities and limitations within a UNIX-based environment.
Topics covered
- Linux Fundamentals
- Containerized Security
- Linux Security Enhancements and Infrastructure
- macOS Security
Labs
- Linux Permissions
- Linux Containers
- Linux Logging and Auditing
Things You Need To Know
Relevant Job Roles
Data Analysis (OPM 422)
NICE: Implementation and OperationResponsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.
Explore learning pathDatabase Administrator (DCWF 421)
DoD 8140: Cyber ITManages and maintains databases or data systems for efficient storage, querying, and access to organizational data assets and records.
Explore learning pathTechnical Support Specialist (DCWF 411)
DoD 8140: Cyber ITDelivers technical support to users, helping them resolve issues with client hardware/software according to organizational service processes.
Explore learning pathSystems Administration (OPM 451)
NICE: Implementation and OperationResponsible for setting up and maintaining a system or specific components of a system in adherence with organizational security policies and procedures. Includes hardware and software installation, configuration, and updates; user account management; backup and recovery management; and security control implementation.
Explore learning pathSystems Developer (DCWF 632)
DoD 8140: Cyber ITOversees full lifecycle of information systems from design through evaluation, ensuring alignment with functional and operational goals.
Explore learning pathTechnology Portfolio Management (OPM 804)
NICE: Oversight and GovernanceResponsible for managing a portfolio of technology investments that align with the overall needs of mission and enterprise priorities.
Explore learning pathCybersecurity Curriculum Development (OPM 711)
NICE: Oversight and GovernanceResponsible for developing, planning, coordinating, and evaluating cybersecurity awareness, training, or education content, methods, and techniques based on instructional needs and requirements.
Explore learning pathCybersecurity Architect
European Cybersecurity Skills FrameworkPlans and designs security-by-design solutions (infrastructures, systems, assets, software, hardware and services) and cybersecurity controls.
Explore learning pathNetwork Operations (OPM 441)
NICE: Implementation and OperationResponsible for planning, implementing, and operating network services and systems, including hardware and virtual environments.
Explore learning pathNetwork Operations Specialist (DCWF 441)
DoD 8140: Cyber ITImplements and maintains network services, including hardware and virtual systems, ensuring operational support for infrastructure platforms.
Explore learning pathSystems Security Analysis (OPM 461)
NICE: Implementation and OperationResponsible for developing and analyzing the integration, testing, operations, and maintenance of systems security. Prepares, performs, and manages the security aspects of implementing and operating a system.
Explore learning pathSystem Administrator (DCWF 451)
DoD 8140: Cyber ITInstalls, configures, maintains systems and hardware, and administers user accounts, ensuring system reliability and operational support.
Explore learning pathCybersecurity Educator
European Cybersecurity Skills FrameworkImproves cybersecurity knowledge, skills and competencies of humans.
Explore learning pathSystem Testing and Evaluation Specialist (DCWF 671)
DoD 8140: Cyber ITPlans and executes system tests, analyzing results to verify compliance with technical and operational requirements and expectations.
Explore learning pathEnterprise Architect (DCWF 651)
DoD 8140: Cyber ITDevelops business and IT process architectures, creating baseline and target architectures to meet mission or enterprise goals.
Explore learning pathDatabase Administration (OPM 421)
NICE: Implementation and OperationResponsible for administering databases and data management systems that allow for the secure storage, query, protection, and utilization of data.
Explore learning pathInfrastructure Support (OPM 521)
NICE: Protection and DefenseResponsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.
Explore learning pathIT Project Manager (DCWF 802)
DoD 8140: Cyber EnablersLeads IT project management to deliver services or products, ensuring milestones, budgets, and mission alignment are successfully achieved.
Explore learning pathSystems Requirements Planner (DCWF 641)
DoD 8140: Cyber ITTranslates functional needs into technical solutions by consulting with customers and developing system architectures and requirements.
Explore learning pathDefensive Cybersecurity (OPM 511)
NICE: Protection and DefenseResponsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceRegistration Options
- Location & instructor
Virtual (OnDemand)
Instructed by Bryan SimonDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesRegistration Options - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Nick MitropoulosDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxesRegistration Options - Location & instructor
Anaheim, CA, US & Virtual (live)
Instructed by Tim GarciaDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesRegistration Options - Location & instructor
London, GB & Virtual (live)
Instructed by Ian ReynoldsDate & TimeFetching schedule..View event detailsCourse price£7,160 GBP*Prices exclude applicable taxes | EUR price available during checkoutRegistration Options - Location & instructor
San Antonio, TX, US & Virtual (live)
Instructed by Tim GarciaDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Boston, MA, US & Virtual (live)
Instructed by Ted DemopoulosDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Virginia Beach, VA, US & Virtual (live)
Instructed by Ross BergmanDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Ian ReynoldsDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxes
Showing 8 of 35
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3SEC401 gives you a fantastic knowledge base to build on, and I would say it's essential for anyone working in cybersecurity.
- Slide 2 of 3Excellent material for security professionals wanting a deeper level of knowledge on how to implement security policies, procedures, and defensive mechanisms in an organization.
- Slide 3 of 3SEC401 has been an excellent experience all around. It is content-heavy and rich, and regardless of your technical ability and experience, you will leave with a far better understanding of many aspects of cybersecurity.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources