Last day to save $500 off interactive Live Online courses taught by industry experts during SANS 2021!

SANSFIRE 2020 - Live Online

Virtual, US Eastern | Sat, Jun 13 - Sat, Jun 20, 2020

SEC401: Security Essentials Bootcamp Style

Mon, June 15 - Sat, June 20, 2020

Associated Certification: GIAC Security Essentials (GSEC)

This course will show you the most effective steps to prevent attacks and detect adversaries with actionable techniques that can be used as soon as you get back to work. You'll learn tips and tricks designed to help you win the battle against the wide range of cyber adversaries that want to harm your environment.

Is SEC401: Security Essentials Bootcamp Style the right course for you?

STOP and ask yourself the following questions:

  • Do you fully understand why some organizations become compromised and others do not?
  • If there were compromised systems on your network, are you confident that you would be able to find them?
  • Do you know the effectiveness of each security device and are you certain that they are all configured correctly?
  • Are proper security metrics set up and communicated to your executives to drive security decisions?

SEC401 provides you with the information security knowledge needed to help you answer these questions for your environment, delivered in a bootcamp-style format reinforced with hands-on labs.

You will learn:

  • To develop effective security metrics that provide a focused playbook that the IT department can implement, auditors can validate, and executives can understand
  • To analyze the risk to your environment in order to drive the creation of a security roadmap that focuses on the right areas of security
  • Practical tips and tricks that focus on addressing high-priority security problems within your organization and doing the right things that lead to security solutions that work
  • Why some organizations win and why some lose when it comes to security and, most importantly, how to be on the winning side
  • The core areas of security and how to create a security program that is anchored on a PREVENT-DETECT-RESPOND strategy.


SEC401: Security Essentials Bootcamp Style is focused on providing you the essential information security skills and techniques you need to protect and secure your organization's critical information assets and business systems. The course will show you how to prevent your organization's security problems from becoming headline news in the Wall Street Journal!


With the rise in advanced persistent threats, it is almost inevitable that organizations will be targeted. Whether the attacker is successful in penetrating an organization's network depends on the effectiveness of the organization's defense. Defending against attacks is an ongoing challenge, with new threats emerging all of the time, including the next generation of threats. Organizations need to understand what really works in cybersecurity. What has worked, and will always work, is taking a risk-based approach to cyber defense. Before your organization spends a dollar of its IT budget or allocates any resources or time to anything in the name of cybersecurity, three questions must be answered:

  1. What is the risk?
  2. Is it the highest priority risk?
  3. What is the most cost-effective way to reduce the risk?

Security is all about making sure you focus on the right areas of defense. In SEC401 you will learn the language and underlying theory of computer and information security. You will gain the essential and effective security knowledge you will need if you are given the responsibility to secure systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will learn up-to-the-minute skills that you can put into practice immediately upon returning to work; and (2) You will be taught by the best security professionals in the industry.

Assessment Available

Test your security knowledge with our free SANS Security Essentials Assessment Test.


This course prepares you for the GSEC certification that meets the requirement of the DoD 8570 IAT Level 2.

Notice: Note: (Live Classroom Students Only):

Please plan to arrive 30 minutes early on Day 1 for lab preparation and set-up.

Course Content Overlap Notice:

Please note that some course material for SEC401 and MGT512 may overlap. SANS recommends SEC401 for those interested in a more technical course of study, and MGT512 for those primarily interested in a leadership-oriented but less technical learning experience.

Course Syllabus

Bryan Simon
Mon Jun 15th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 7:00 PM ET


A key way that attackers gain access to a company's resources is through a network connected to the Internet. A company wants to try to prevent as many attacks as possible, but in cases where it cannot prevent an attack, it must detect it in a timely manner. Therefore, it is critical to be able to create and identify the goals of building a defensible network architecture. It is just as important to understand the architecture of the system, types of designs, communication flows, and how to protect against attacks using devices such as routers and firewalls. These essentials and more will be covered during the first section of this course in order to provide a firm foundation for the remaining sections of this training.

In any organization large or small, all data are not created equal. Some data are routine and incidental while other data can be very sensitive, and loss of those data can cause irreparable harm to an organization.

It is essential to understand attacks, the vulnerability behind those attacks, and how to prioritize the information and steps to secure the systems. To achieve this, you need to gain familiarity with the protocols and techniques used to monitor, stop, and even perform attacks against systems.

By the end of this section, you will understand Defensible Network Architecture, Networking and Protocols, Network Device Security, Virtualization and Cloud Security, and Wireless Network Security.

CPE/CMU Credits: 8


SEC401.1: Outline: Network Security Essentials

  • Defensible Network Architecture
  • Networking and Protocols
  • Network Device Security
  • Virtualization and Cloud Security
  • Wireless Network Security

Module 1: Defensible Network Architecture

In order to properly secure and defend a network, you must first have a clear and strong understanding of both the logical and physical components of network architecture.

  • Network Architecture
  • Attacks Against Network Devices
  • Network Topologies
  • Network Design

Module 2: Networking and Protocols

A solid understanding of the interworking of networks enables you to more effectively recognize, analyze, and respond to the latest (perhaps unpublished) attacks. This module introduces the core areas of computer networks and protocols.

  • Network Protocols Overview
  • Layer 3 Protocols
    • Internet Protocol
    • Internet Control Message Protocol
  • Layer 4 Protocols
    • Transmission Control Protocol
    • User Datagram Protocol
  • Tcpdump

Module 3: Network Device Security

In order to implement proper security, you have to understand the various components on a network. In this module, we will look at how the various components work and methods to properly secure them.

  • Network Devices
  • Device Security

Module 4: Virtualization and Cloud Security

In this module, we will examine what virtualization is, the security benefits and risks of a virtualized environment, and the differences in virtualization architecture. Because cloud is architected on virtualization, the module concludes with a focus on cloud services and security.

  • Virtualization
  • Virtualization Security
  • Virtualized Architectures
  • Cloud Overview
  • Cloud Security

Module 5: Securing Wireless Networks

In this module, we will explain the differences between the various types of wireless communication technologies available today, the insecurities present in those communications, and approaches to mitigation to reduce the risk of those insecurities to a more acceptable level of risk.

  • The Pervasiveness of "Wireless" Communications
  • Traditional Wireless: IEEE 802.11 and Its Continual Evolution
  • Personal Area Networks
  • 5G Cellular (Mobile) Communication
  • The Internet of Things

Bryan Simon
Tue Jun 16th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 7:00 PM ET


To secure an enterprise network, you must understand the general principles of network security. On day 2, we look at the "big picture" threats to our systems and how to defend against them. We will learn that protections need to be layered leveraging a principle called defense-in-depth, and then explain the principles that will serve us well in protecting our systems.

The section starts with information assurance foundations. We look at security threats and how they have impacted confidentiality, integrity, and availability. We then move onto the creation of sound security policies and password management. We discuss how to use the Center for Internet Security controls to help prioritize our risk reduction activities and gather metrics as we construct our security roadmap. The section continues by looking at attack strategies and how the offense operates. Because so many of our applications and so much of our data can be accessed with no more than an Internet connection, a (mobile) device, and a web browser, we end the section by focusing on securing web communications.

CPE/CMU Credits: 8


SEC401.2: Outline: Defense-in-Depth and Attacks

  • Defense-in-Depth
  • Access Control and Password Management
  • Security Policy
  • Center for Internet Security Controls
  • Malicious Code and Exploit Mitigation
  • Securing Web Communications

Module 6: Defense-in-Depth

In this module, we look at threats to our systems and take a "big picture" look at how to defend against them. We will learn that protections need to be layered, a principle called defense-in-depth, and explain some principles that will serve you well in protecting your systems.

  • Defense-in-Depth Overview
    • Risk = Threats x Vulnerabilities
    • Confidentiality, Integrity, and Availability Triad
  • Strategies for Defense-in-Depth
  • Core Security Strategies

Module 7: Access Control and Password Management

This module discusses the principles of access control. Access control models vary in their approaches to security, and we explore their underlying principles, strengths, and weaknesses. The module includes a brief discussion on authentication and authorization protocols and control. We also spend considerable time discussing the most common type of access control: the password. We delve into password files, storage, and protection.

  • Access Control
    • Data Classification
    • Managing Access
    • Controlling Access
  • Password Management
    • Password Management Technologies
    • How Password Assessment Works
  • Introduction to John the Ripper and Its Various Components
  • Cracking Passwords with John the Ripper, and Cain and Abel

Module 8: Security Policy

In this module, we will learn how to assess a policy by establishing a baseline framework to work within, and by establishing a mission statement that defines our policies. We'll examine how to assess and repair critical policies one at a time.

  • Security Policies
    • Need for Policies
    • Policy Framework
    • Enforcement
  • Issue-specific Policy Examples
    • Non-disclosure Agreements
    • Copyright

Module 9: Center for Internet Security (CIS) Controls

In implementing security, it is important to have a framework with proper metrics. As is often said, you cannot manage what you cannot measure. The CIS controls were created to help organizations prioritize the most critical risks they face. In addition to a framework, the CIS controls also provide details to help organizations put together an effective plan for implementation of the controls they need.

  • Overview of the CIS Controls
  • Sample CIS Control

Module 10: Malicious Code and Exploit Mitigation

During this module we will take a look at the Marriott breach (a breach that compromised millions of people globally), as well as ransomware attacks that continue to cripple hundreds of thousands of systems across different industries. We'll describe these attacks in detail, discussing not only the conditions that made them possible, but also some strategies that can be used to help manage the risks associated with such attacks.

  • High-Profile Breaches
  • Ransomware
  • Defensive Strategies
  • Common Types of Attacks

Module 11: Securing Web Communications

In this module, we look at some of the most important things to know to design and deploy secure web applications. We start with an explanation of the basics of web communications. We cover HTTP, HTML, forms, server, and client-side programming, cookies, authentication, and maintaining state. We then look at how to identify and fix vulnerabilities in web applications.

  • Web Applications
  • Secure Web Applications
  • Web Application Vulnerabilities

Bryan Simon
Wed Jun 17th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 7:00 PM ET


In Section 3, the focus is on the various types of prevention technologies that can be used to stop an adversary from gaining access to our organization (e.g., firewalls, intrusion prevention systems), the various types of detection technologies that can detect the presence of an adversary on our networks (e.g., intrusion detection systems, log management, security incident and event monitoring), and the accumulation of all available network information to assist us in the creation of a solid foundation for network security (e.g., network mapping, vulnerability scanning, penetration testing). Additionally, we will discuss the use of active defense techniques intended to increase both the resources required by the adversary to compromise our network, and the amount of time available to us to detect the adversarial presence before significant damage can occur.

CPE/CMU Credits: 8


SEC401.3: Outline: Threat Management

  • Vulnerability Scanning and Penetration Testing
  • Network Security Devices
  • Endpoint Security
  • Security Incident and Event Monitoring/Log Management
  • Active Defense

Module 12: Vulnerability Scanning and Penetration Testing

This module covers the tools, technology, and techniques used for reconnaissance (including gathering information, mapping networks, scanning for vulnerabilities, and applying mapping and scanning technology).

  • Vulnerability Management Overview
  • Network Scanning
  • Penetration Testing

Module 13: Network Security Devices

This module will look at the three main categories of network security devices: Firewalls, Network Intrusion Detection Systems (NIDS), and Network Intrusion Prevention Systems (NIPS). Together, they provide a complement of prevention and detection capabilities.

  • Firewalls
    • Overview
    • Types of Firewalls
    • Configuration and Deployment
  • NIDS
    • Types of NIDS
    • Snort as a NIDS
  • NIPS

    • Methods of Deployment

Module 14: Endpoint Security

In this module, we will examine some of the key components, strategies, and solutions for implementing security from an endpoint perspective. This includes general approaches to endpoint security, strategies for baselining activity, and solutions like Host-based IDS (HIDS) and Host-based IPS (HIPS).

  • Endpoint Security Overview
  • Endpoint Security Solutions
  • HIDS Overview
  • HIPS Overview

Module 15: Security Information and Event Monitoring (SIEM)/Log Management

In this module, we cover the essential components of logging and how to properly manage it within our organization.

  • Logging Overview
  • Setting Up and Configuring Logging
  • SIEM/Log Analysis Basics
  • Key Logging Activity

Module 16: Active Defense

In this module, we will explain what active defense is and how it can be best leveraged. We will examine new methods of approaching security to help make our defensive solutions more tactical.

  • Defining Active Defense
  • Active Defense Techniques
  • Active Defense Tools

Bryan Simon
Thu Jun 18th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 7:00 PM ET


There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues, although few companies deploy it correctly. This technology is cryptography. Concealing the meaning of a message can prevent unauthorized parties from reading sensitive information. During the first half of Section 4 we'll look at various aspects of encryption and how it can be used to secure a compan''s assets. A related area called steganography, or information hiding, is also covered. During the second half of the section, we shift our focus to how we respond to events that can have an adverse effect on our organization. Incident handling is the action or plan for dealing with intrusions, cyber-theft, denial-of-service attacks, malicious code, and other events. Additionally, unexpected events occur on a regular basis, whether the result of adversarial activity or not. The difference between organizations that survive and those that do not is typically based on whether an accurate (and tested) contingency plan has been developed. Planning needs to be done before there is a problem so that the proper focus can be given to the execution of that plan. Business continuity planning (including disaster recovery planning) addresses this need. We end the section discussing how to quantify risk and present justification for our proposed solutions.

CPE/CMU Credits: 8


SEC401.4: Outline: Cryptography, Incident Response, and Risk Management

  • Cryptography
  • Cryptography Algorithms and Deployment
  • Applying Cryptography
  • Incident-Handling and Contingency Planning
  • Risk Management

Module 17: Cryptography

Cryptography can be used to provide functional confidentiality, integrity, authentication, and non--epudiation for information. There are three general types of cryptography algorithms: secret key or symmetric, public key or asymmetric, and no-key or hash. These schemes are usually distinguished from one another by the number of keys employed. This module discusses these different types of algorithms and how each type is used to provide a specific security function. The module also introduces steganography, a means of hiding data in a carrier medium. Steganography can be used for a variety of reasons but is most often is used to conceal the fact that sensitive information is being sent or stored.

  • Cryptosystem Fundamentals
  • General Types of Cryptosystems
    • Symmetric
    • Asymmetric
    • Hash
  • Steganography Overview

Module 18: Cryptography Algorithms and Deployment

In this module, we'll acquire a high-level understanding of the mathematical concepts that contribute to modern cryptography and a basic understanding of commonly used symmetric, asymmetric, and hashing cryptosystems. We'll also identify common attacks used to subvert cryptographic defenses.

  • Cryptography Concepts
  • Symmetric and Asymmetric Cryptosystems
  • Cryptography Attacks

Module 19: Applying Cryptography

In this module, we'll discuss solutions for achieving our primary goals for using cryptography: protection of data in transit and protection of data at rest, and the management of keys via PKI.

  • Data in Transit

    • Virtual Private Networks
  • Data at Rest
    • Data Encryption
    • Full Disk Encryption
    • GNU Privacy Guard
  • Key Management
    • Public Key Infrastructure
    • Digital Certificates
    • Certificate Authorities

Module 20: Incident-Handling and Contingency Planning

In this module, we explore the fundamentals of incident handling and why it is important to our organization. We outline a six-step process to help create our own incident-handling procedures. The module also covers contingency planning, including business continuity planning and disaster recovery planning.

  • Incident-Handling Fundamentals
  • Six-Step Process for Handling an Incident
  • Contingency Planning

Module 21: Risk Management

In this module we discuss the terminology and basic approaches to cybersecurity risk management. We identify each step in the Threat Assessment and Analysis process and learn how to report findings to management.

  • Risk Management Overview
  • Best-Practice Approach to Risk Management
  • Threat Assessment, Analysis, and Reporting to Management

Bryan Simon
Fri Jun 19th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 7:00 PM ET


Remember when Windows was simple? Windows XP desktops in a little workgroup...what could be easier? A lot has changed over time. Now, we have Windows tablets, Azure, Active Directory, PowerShell, Office 365, Hyper-V, Virtual Desktop Infrastructure, and so on. Microsoft is battling Google, Apple, Amazon, and other cloud giants for cloud supremacy. The trick is to do cloud securely, of course.

Windows is the most widely used and targeted operating system on the planet. At the same time, the complexities of Active Directory, Public Key Infrastructure, BitLocker, AppLocker, and User Account Control represent both challenges and opportunities. Section 5 will help you quickly master the world of Windows security while showing you the tools that can simplify and automate your work. You will complete the section with a solid grounding in Windows security by looking at automation, auditing, and forensics.

CPE/CMU Credits: 8


SEC401.5: Outline: Windows Security

  • Windows Security Infrastructure
  • Windows as a Service
  • Windows Access Controls
  • Enforcing Security Policy
  • Network Services and Cloud Computing
  • Automation, Auditing, and Forensics

Module 22: Windows Security Infrastructure

This module discusses the infrastructure that supports Windows security. This is a big picture overview of the Windows security model. It provides the background concepts necessary to understand everything else that follows.

  • Windows Family of Products
  • Windows Workgroups and Accounts
  • Windows Active Directory and Group Policy

Module 23: Windows as a Service

This module discusses techniques for managing updates to Windows.

  • End of Support
  • Servicing Channels
  • Windows Update
  • Windows Server Update Services

Module 24: Windows Access Controls

This module focuses on understanding how permissions are applied in the Windows NT File System (NTFS), Shared Folders, Registry Keys, Active Directory, and Privileges. BitLocker Drive Encryption is discussed as another form of access control (for encrypted information), and as a tool to help maintain the integrity of the boot-up process if you have a Trusted Platform Module.

  • NTFS Permissions
  • Shared Folder Permissions
  • Registry Key Permissions
  • Active Directory Permissions
  • Privileges
  • BitLocker Drive Encryption

Module 25: Enforcing Security Policy

This module discusses one of the best tools for automating security configuration changes, SECEDIT.EXE, the command--ine version of Microsoft's Security Configuration and Analysis snap-in. We'll look at some of the most important changes to make through the use of this tool, such as password policy, lockout policy, and null user session restrictions. We'll also briefly discuss Group Policy Objects (GPOs) and the many security configuration changes that they can help to enforce throughout the domain.

  • Applying Security Templates
  • Employing the Security Configuration and Analysis Snap-in
  • Understanding Local Group Policy Objects
  • Understanding Domain Group Policy Objects
  • Administrative Users
  • AppLocker
  • User Account Control
  • Recommended GPO settings

Module 26: Network Services and Cloud Computing

It is important that we properly secure a system before we connect to a network. Applying the latest updates isn't good enough: We want a machine that has been hardened specifically in anticipation of vulnerabilities that have not yet been discovered.

  • Server Core and Server Nano
  • Best Way to Secure a Service
  • Packet Filtering
  • IPsec Authentication and Encryption
  • Internet Information Server (IIS)
  • Remote Desktop Services
  • Windows Firewall
  • Microsoft Azure and Office 365

Module 27: Automation, Auditing, and Forensics

Automation, auditing, and forensics go together because, if we can't automate our work, the auditing and forensics work doesn'' get done at all (or is done only sporadically), or we can't make it scale beyond the small number of machines that we can physically touch.

  • Verifying Policy Compliance
  • Creating Baseline System Snapshots
  • Gathering Ongoing Operational Data
  • Employing Change Detection and Analysis

Bryan Simon
Sat Jun 20th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET


While organizations do not have as many Linux systems, the Linux systems that they do have are often some of the most critical systems that need to be protected. Section 6 provides guidance to improve the security of any Linux system. The course combines practical "how to" instructions with background information for Linux beginners, as well as security advice and best practices for administrators with various levels of expertise.

CPE/CMU Credits: 6


SEC401.6: Outline: Linux Security

  • Linux Security: Structure, Permissions, and Access Controls
  • Hardening and Securing Linux Services
  • Monitoring and Attack Detection
  • Security Utilities

Module 28: Linux Security: Structure, Permissions, and Access Controls

This module discusses the foundational items that are needed to understand how to configure and secure a Linux system. It also provides an overview of the operating system and mobile markets. To lay a foundation, it provides an overview of the different operating systems that are based on Linux.

  • Operating System Comparison
    • Linux
    • Cygwin
    • macOS
  • Mobile Device Security
    • Android
    • iOS
  • Linux Operating System
    • Commands
    • Shell
    • Kernel
    • Filesystem
    • Linux Unified Key Setup
  • Linux Security Permissions
  • Linux User Accounts

    • Pluggable Authentication Modules

Module 29: Hardening and Securing Linux Services

This module outlines the methods, tips, and tricks for hardening and securing Linux services. The Golden Rule to always remember is: The best way to secure a service is to turn it off, and if it's not needed, uninstall it.

  • Starting Services in Linux
  • Linux Configuration Management
  • Linux Hardening
  • Operating System Enhancements

Module 30: Monitoring and Attack Detection

Linux systems use multiple log files, several of which are described in this module. The syslog logging daemon and alternatives are discussed. We'll also describe auditd, the access monitoring and accounting subsystem.

  • Configuring and Monitoring Logs
  • Syslog and Alternatives
  • Auditd

Module 31: Security Utilities

This module discusses some security-enhancement utilities, capabilities, and package management tools. Additionally, well look at several built-in and third-party tools that you can use to enhance and increase the overall security of a Linux system.

  • Built-in Commands
  • File Integrity Checking
  • Host-based Firewalls
  • Hardening Guides
  • Rootkit Detectors
  • Chroot, Containers, and Virtualization
  • Package Management

Additional Information

SEC401: Security Essentials Bootcamp Style consists of course instruction and integrated hands-on sessions. The labs reinforce the skills covered in class and enable students to use the knowledge and tools learned throughout the course in an instructor-led environment. Students will have the opportunity to install and configure a virtual lab environment, and will utilize the tools and techniques that have been presented. During the course students will receive a USB drive with two virtual machines; it is critical that you have a properly configured system prior to class.

IMPORTANT: You must use a 64-bit version of Windows or macOS, as your core operating system (OS) . You must have the ability to install and run VMware virtualization products (a VMware product must be installed prior to coming to class). You must also have a minimum of 8 GB of RAM or higher for the virtual machines to function properly in class. Verify that under BIOS, Virtualization Support is ENABLED.

Your CPU and OS MUST be 64-bit so that our 64-bit guest virtual machines will run on your laptop, and so you can access at least 8 GB of memory. This article provides instructions on how to determine if you have both a 64-bit CPU and OS.

Mandatory Laptop Requirements / Checklist

  • 64-bit capable laptop running a 64-bit OS (Windows 10 x64 is recommended) configured as follows:
    • 8 GB physical memory (minimum; this requires you to be running a 64-bit OS)
    • 50 GB of available disk space (minimum)
    • An available/active USB Type-A port (or both a USB Type-C port and a USB Type-A to USB Type-C adapter)
    • In BIOS (UEFI), Virtualization Support must be ENABLED
    • Windows Credential Guard must be DISABLED (if running Windows as your host OS)
  • For computers running the Windows OS, download and install the latest version of VMware Workstation or VMware Player (version 15.5 or higher) prior to the start of class. For computers running the macOS, download and install VMware Fusion (version 11.5 or higher) on your system prior to the start of the class.

    • If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from the VMware website.
  • You must have administrator access to the OS and to all security software installed.
  • You must have the ability to reboot the laptop and login (i.e., you must have valid credentials for any drive encryption or other security software installed)
  • Your laptop should NOT contain any personal or company data.

If you have additional questions about the laptop specifications, please contact

Anyone who works in security, is interested in security, or has to understand security should take this course, including:

  • Security professionals who want to fill the gaps in their understanding of technical information security
  • Managers who want to understand information security beyond simple terminology and concepts
  • Operations personnel who do not have security as their primary job function but need an understanding of security to be effective
  • IT engineers and supervisors who need to know how to build a defensible network against attacks
  • Administrators responsible for building and maintaining systems that are being targeted by attackers
  • Forensic analysts, penetration testers, and auditors who need a solid foundation of security principles so they can be as effective as possible at their jobs
  • Anyone new to information security with some background in information systems and networking.

Use this sample training request letter, or elements of it, to justify the time and budget required to complete SANS training to your manager. Simply copy and paste text into an email to your manager, then make any necessary adjustments to personalize the information.

SEC401: Security Essentials Bootcamp Style covers all of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are new to the field and have no background knowledge, SEC301: Intro to Information Security would be the recommended starting point. While SEC301 is not a prerequisite for SEC401, it will provide the introductory knowledge to help maximize the experience with SEC401.

SEC401 is an interactive hands-on training course. The following are some of the lab activities that students will carry out:

  • Set up a virtual lab environment
  • Carry out tcpdump network analysis
  • Use Wireshark to decode network traffic
  • Crack passwords
  • Use hashing to preserve digital evidence
  • Analyze networks with hping3 and Nmap
  • Use steganography tools
  • Secure and audit a Windows system against a template
Related Courses

For those who have a more experienced background, SEC501: Enterprise Defender might be the more appropriate course to take.

  • Course books with labs
  • USB
  • TCP/IP and tcpdump Reference Guide
  • IPv6 Pocket Guide
  • MP3 audio files of the complete course lecture

  • Apply what you learn directly to your job when you go back to work
  • Design and build a network architecture using VLANs, NAC, and 802.1x based on advanced persistent threat indicators of compromise
  • Run Windows command line tools to analyze the system looking for high-risk items
  • Run Linux command line tools (ps, ls, netstat, etc.) and basic scripting to automate the running of programs to perform continuous monitoring of various tools
  • Create an effective policy that can be enforced within an organization and design a checklist to validate security and create metrics to tie into training and awareness
  • Identify visible weaknesses of a system using various tools and, once vulnerabilities are discovered, configure the system to be more secure
  • Build a network visibility map that can be used for hardening of a network - validating the attack surface and covering ways to reduce that surface by hardening and patching
  • Sniff network communication protocols to determine the content of network communication (including unprotected access credentials), using tools such as tcpdump and Wireshark.

"SEC401 provides an excellent overview of security fundamentals delivered by experienced industry professionals." - Jathan Watso, Department of Finance

"Excellent material for security professionals wanting a deeper level of knowledge on how to implement security policies, procedures, and defensive mechanisms in an organization." - Brandon Smit, Dynetics

"SEC401 took what I thought I knew and truly explained everything to me. Now, I also UNDERSTAND the security essentials fundamentals and how/why we apply them. Loved the training, cannot wait to come back for more." - Nicholas Blanton, ManTech International

Author Statement

"From all observations of the world around us, it would appear that we might be living in a world of never-ending compromise. It seems to be that a day no longer goes by without hearing of yet another compromise. On initial glance, an increase in compromise might be attributed to having more systems than ever before connected to more and more computer networks. On second glance, an increase in compromise might be attributed to poor security practices.

If having more systems connected to more networks results in more compromise, we are in serious trouble. Only more systems will continue to be connected to more computer networks in an ever increasingly connected world. And surely today, with more security at our avail than at any other point in the history of computing, an ever continuing increase in worldwide compromise can't be attributed to poor security practice, can it? The truth is always more complicated.

The truth is that we now live in a world of ever increasing security capability, AND ever increasing compromise. Said and asked differently, how is it possible to have ever more compromise in the presence of ever more security?

While the truth is more complicated, fortunately, the answer is simple. Offense informs the defense.

SEC401 will provide you with real-world, immediately actionable knowledge and information, to put you and your organization on the best footing possible to counter the modern adversary. Join us to learn how to fight, and how to win."

Bryan Simon, Lead Author, SEC401.