Due to a high demand for security training at SANS Virginia Beach 2018, courses will be held at both the Hilton Virginia Beach Oceanfront and Hilton Garden Inn Virginia Beach Oceanfront. The hotels are less than a five minute walk from one another, and are accessible from both the Boardwalk and Atlantic Avenue. SEC503, SEC555, SEC573, SEC575, MGT514, and DEV540 will be hosted at the Hilton Garden Inn Virginia Beach Oceanfront.
It's a very good course if you need the basic foundation. It's a very helpful class to take because it expands on some basic concepts.
Great course - very informative and current.
To determine if SANS SEC301: Introduction to Cyber Security is right for you, ask yourself five simple questions:
If you answer yes to any of these questions, the SEC301: Introduction to Cyber Security training course is for you. Students with a basic knowledge of computers and technology but no prior cyber security experience can jump-start their security education with insight and instruction from real-world security experts in SEC301.
This completely revised and comprehensive five-day course covers a wide range of baseline topics, including terminology, the basics of computer networks, security policies, incident response, passwords, and even an introduction to cryptographic principles. The hands-on, step-by-step learning format will enable you to grasp all the information presented even if some of the topics are new to you. You'll learn fundamentals of cyber security that will serve as the foundation of your security skills and knowledge for years to come.
Written by a security professional with over 30 years of experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as for the next SANS course in this progression, SEC401: Security Essentials Bootcamp Style. It also delivers on the SANS promise: You will be able to use the knowledge and skills you learn in SEC301 as soon as you return to work.
Important additional Information:
Every good security practitioner and every good security program begins with the same mantra: learn the fundamentals. SEC301 starts by instilling familiarity with core security terms and principles. By the time you leave the classroom after the first day, you will fully understand the Principle of Least Privilege and Confidentiality, Integrity, Availability (CIA), and you'll see why those principles drive all security discussions. You will be conversant in the fundamentals of risk management, security policy, and authentication/authorization/accountability.
NOTE: We do not give time in class to watch the videos or complete the quizzes. These are extra activities students can do outside of class. If you think you may want to view the videos during the week of the course (perhaps during breaks), please bring ear-buds or headphones so that you do not distract other students with the audio.
CPE/CMU Credits: 6
This course day begins with an explanation of how computers handle numbers using decimal, binary, and hexadecimal numbering systems. It also provides an understanding of how computers encode letters using the American Standard Code for Information Interchange (ASCII).
We then spend the remainder of the day on networking. All attacks or exploits have one thing in common: they take something that exists for perfectly valid reasons and misuse it in malicious ways. Always! So as security practitioners, to grasp what is invalid we must first understand what is valid - that is, how things like networks are supposed to work. Only once we have that understanding can we hope to understand the mechanics of malicious misuse of those networks - and only with that knowledge can we understand how security devices such as firewalls seek to thwart those attacks.
The networking discussion begins with a non-technical explanation of how data move across a network. From there we move to fundamental terminology dealing with network types and standards. You'll learn about common network hardware such as switches and routers, and terms like "protocol" and "encapsulation." We'll give a very basic introduction to network addressing and port numbers and then work our way up the Open Systems Interconnection (OSI) protocol stack, introducing more detail only as we proceed to the next layer. In other words, we explain networking starting in non-technical terms and gradually progress to more technical detail as students are ready to take the next step.
By the end of our discussions, you'll have a fundamental grasp of any number of critical technical networking acronyms that you've often heard but never quite understood, including TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS.
CPE/CMU Credits: 6
Cryptography is one of the most complex issues faced by security practitioners. It is not a topic you can explain in passing, so we will spend some time on it. Not to worry, we won't take you through the math behind cryptography. Instead, we learn basic crypto terminology and processes. What is steganography? What is substitution and transposition? What is a "work factor" in cryptography and why does it matter? What do we mean by symmetric and asymmetric key cryptography and "cryptographic hash," and why do you need to know? How are those concepts used together in the real world to create cryptographic systems?
CPE/CMU Credits: 6
Our fourth day in the classroom begins our exploration of cyber security technologies. We begin with wireless network security (WiFi and Bluetooth), and mobile device security (i.e., cell phones). We follow that with a brief look at some common attacks. We then move into a discussion of malware and anti-malware technologies. We end the day with an examination of several data protection protocols used for email encryption, secure remote access, secure web access, secure file transfer, and Virtual Private Network (VPN) technologies.
CPE/CMU Credits: 6
The final day of our SEC301 journey continues the discussion of cyber security technologies. The day begins by looking at several security technologies, including compartmentalization, firewalls, Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS), sniffers, content filters, etc. We then take a good look at browser and web security, and the difficulties of securing the web environment. For example, students will understand why and how their browser connects to anywhere from 5 to 100 different Internet locations each time they load a single web page. We end the day with a look at system security to include hardening operating systems, patching, virtual machines, cloud computing, and backup.
CPE/CMU Credits: 6
Here's what recent attendees had to say about SEC301:
"This class is great for IT professionals looking for their first step towards security awareness. I have been in IT for 17 years and I learned a lot on this first day of class." - Paul Beninati, EMC
"Good basic information for someone just coming into the field." - Bryce Richert, SUH
"Being new to the industry, this course provided a great deal of foundational information and context." - Kimberly Stover, Kaiser Permanente
SEC301 includes both lectures and hands-on labs. In order to perform the hands-on labs, you will use a classroom network to connect to a lab server either in the classroom or in the cloud. To accomplish this, you need the following:
NOTE: Administrative (or "Admin") permission is NOT required to perform any of the labs you will do in class. None of the lab work actually occurs on the student's computer (and no software is installed there during class). We access all labs in the LODS virtual environment via a browser.
Video
Each lab also has a video in which the author of the course goes through the steps to complete the lab, explains why you are doing those steps, and outlines any output you may get on your screen and what that output means to you. You will receive access to those videos once you arrive at the class. Time to view the videos will not be provided during class, but if you think you might view some of them in the classroom, please bring earbuds or headphones so you do not distract other students.
If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.
The SEC301: Introduction to Cyber Security course is designed to address the needs of:
The SEC301 course lives up to its name as a thorough introduction to cyber security. The course is designed for those who have limited background in information technology, but who need to understand cyber security concepts, principles, and terms. If you fall into that category, SEC301 will serve your needs well.
SANS301 is the course SANS offers for the professional just starting out in security.
The SANS courses SEC401, LEG523, and MGT512 are good follow-ups to SEC301.
"If you want to be good at something, whether it be sports, music, science, math, or cyber security, you MUST have a solid grasp of the fundamentals. In fact, the better you understand the fundamentals, the better you will be at a particular skillset. Without that foundation to build on, it is almost impossible to become a master at something. The SEC301: Introduction to Cyber Security course is all about building those fundamentals and creating that foundation.
"One of the things I enjoy most is seeing when students have that 'ah-ha' moment when they suddenly understand a topic for the first time - often a topic they have wondered about for years. You can almost literally see the light-bulb of understanding appear over their head. There are 'ah-ha' moments at every turn and on every day of the SEC301!"
- Keith Palmgren