SEC598: Security Automation for Offense, Defense, and Cloud™ 6 Day Program 36 CPEs 15+ Labs Skills Learned ▐ Understand the security issues that most organizations are facing today ▐ Translate security issues into smaller problems, define automated solutions for those specific problems, and then fully chain features that can be used to tackle multiple issues in an automated manner ▐ Use tools like Terraform, Ansible, CHEF Puppet, and many more to locally automate secure configurations, set a desired-state configuration, deploy infrastructure as code in different environments, and detect and respond to security incidents in an automated manner ▐ Evaluate real-world scenarios within a combination of on-premise and cloud environments using a reference framework that can be immediately used and implemented in your organization Who Should Attend ▐ Security architects ▐ Automation engineers ▐ Security engineers ▐ Detection engineers ▐ Incident responders ▐ Enterprise risk analysts ▐ Ethical hackers ▐ Penetration testers ▐ Red Team operators ▐ Blue Team members ▐ Purple Team members ▐ Security Operations Center analysts ▐ Cloud engineers NICE Framework Work Roles ▐ Data Analysis (OPM 422) ▐ Cybersecurity Architecture (OPM 652) ▐ Systems Testing and Evaluation (OPM 671) ▐ Technology Research and Development (OPM 661) ▐ Defensive Cybersecurity (OPM 511) ▐ Incident Response (OPM 531) ▐ Infrastructure Support (OPM 521) ▐ All-Source Analysis (OPM 111) ▐ Cyberspace Operations (OPM 321) The machines aren’t taking over. You are! Mastering automation workflows is a force multiplier for security teams. As the scope of work increases in both volume and complexity across today’s modern enterprise, security teams find themselves in an uphill battle to prevent, detect, emulate, and respond to threats against their organization. To combat this ongoing issue, world-class security teams have learned to unleash the power of automation. Highly skilled security and automation engineers are able to implement solutions that allow their teams to shift their daily focus away from high-volume, low priority tasks to business critical, high-priority initiatives. Over the span of this course, you will interact with a real-world fictitious organization, GLOBEX, where you’ll interact with over 15 lab exercises and a capstone centered on security automation use cases that you can take back and implement within your own organization. You Will Be Able To ▐ Translate repeatable activities into automated tasks ▐ Automate prevention, detection, and response capabilities for specific attack techniques used by real-world adversaries and red teamers ▐ Improve the effectiveness of your SOC by uncovering opportunities for efficiencies across tier 1 and tier 2 responsibilities ▐ Learn how to use terraform for advanced capabilities, IaC modules, and setting up dynamic red team and pentest infrastructure ▐ Set up a cloud adversary emulation capability and leverage cloud native tools to measure detection capabilities and automated response implementation ▐ Leverage Infrastructure-as-Code tools to set up automated threat hunting, containment, acquisition, quarantine, and incident response workflows ▐ Leverage Infrastructure as Code to deploy automated Cyber Range capabilities for on-premise, cloud native, and hybrid, enhancing security programs and their understanding of attack tools and defensive controls Syllabus Summary SECTION 1: Security Automation Concepts SECTION 2: Security Automation Engineering SECTION 3: Security Automation in the Cloud SECTION 4: Offensive Security Automation SECTION 5: Defensive Security Automation SECTION 6: Security Automation Capstone FEATURED NEW COURSE CURRICULUM: Offensive Operations For detailed course description, visit SANS.ORG/SEC598 WAYS TO TAKE SEC598 Live Online In-Person Jeroen Vandeleur Course Author Jason Ostrom Course Author
