Cyber Defense, Open-Source Intelligence (OSINT)

Practical Open-Source Intelligence (OSINT)

This course is based on two decades of experience with open-source intelligence (OSINT) research and investigations supporting law enforcement, intelligence operations, and a variety of private sector businesses ranging from small start-ups to Fortune 100 companies. The goal is to provide practical, real-world tools and techniques to help individuals perform OSINT research safely and effectively. One of the most dynamic aspects of working with professionals from different industries worldwide is getting to see their problems and working with them to help solve those problems. SEC497 draws on lessons learned over the years in OSINT to help others. The course not only covers critical OSINT tools and techniques; it also provides real-world examples of how they have been used to solve a problem or further an investigation. Hands-on labs based on actual scenarios provide students with the opportunity to practice the skills they learn and understand how those skills can help in their research. 29 Hands-on Labs + Capstone CTF

Certification: GIAC Open Source Intelligence (GOSI)

Artificial Intelligence (AI), Cyber Defense

Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595 provides students with a crash-course introduction to practical data science, statistics, probability, machine learning, and AI. The course is structured as a series of short discussions with extensive hands-on labs that help students to develop useful intuitive understandings of how these concepts relate and can be used to solve real-world problems. The best analogy is that we are using an apprenticeship approach to bring you from beginner to journeyman in AI and related fields. If you’ve never done anything with data science or machine learning but want to use these AI techniques, this is definitely the course for you! 30 Hands-on Labs

Certification: GIAC Machine Learning Engineer (GMLE)

Cyber Defense

Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise

This course is designed to help students establish and maintain a holistic and layered approach to security while taking them on a journey towards a realistic ‘less trust’ implementation based on Zero Trust principles, pillars and capabilities. Effective security requires a balance between detection, prevention, and response capabilities, but such a balance demands that controls be implemented on the network, directly on endpoints, within cloud environments, and ultimately around the data we are trying to protect. The strengths and weaknesses of one solution complement another solution through strategic placement, implementation, and continuous fine-tuning. To address this need, this course focuses on combining strategic concepts of infrastructure and tool placement while also diving into their technical application.

Certification: GIAC Defensible Security Architecture (GDSA)

Cyber Defense

Network Monitoring and Threat Detection In-Depth

Network Monitoring and Threat Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to confidently defend your network, whether traditional or cloud-based. You will learn about the underlying theory of TCP/IP and the most used application protocols so that you can intelligently examine network traffic to identify emerging threats, perform large-scale correlation for threat hunting, and reconstruct network attacks. 37 Hands-on Labs + Capstone Challenge

Certification: GIAC Certified Intrusion Analyst (GCIA)

Cyber Defense

Blue Team Fundamentals: Security Operations and Analysis

This course provides students with technical knowledge and key concepts essential for security operation center (SOC) analysts and new cyber defense team members. By providing a detailed explanation of the mission and mindset of a modern cyber defense operation, this course will jumpstart and empower those on their way to becoming the next generation of blue team members.

Certification: GIAC Security Operations Certified (GSOC)

Cyber Defense

SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring

In today’s rapidly evolving threat landscape, traditional cybersecurity measures are no longer sufficient. This advanced training addresses the challenge by equipping practitioners with cutting-edge skills in cybersecurity engineering and advanced threat detection for cloud, network, and endpoint environments. Featuring 18 hands-on labs, a final capstone project, plus gamified bootcamp challenges, it immerses you in real-world scenarios. Master NDR, EDR, and MITRE ATT&CK to build a robust SOC with threat-informed defenses. Elevate your expertise and stay ahead of adversaries with this comprehensive course.

Certification: GIAC Continuous Monitoring Certification (GMON)

Cyber Defense

SEC573: Automating Information Security with Python

The challenges faced by security professionals are constantly evolving, so there is a huge demand for those who can understand a technology problem and quickly develop a solution. If you have to wait on a vendor to develop a tool to recover a forensics artifact, or to either patch or exploit that new vulnerability, then you will always be behind. It is no longer an option for employers serious about information security to operate without the ability to rapidly develop their own tools. This course will give you the skills to develop solutions so that your organization can operate at the speed of the adversary. SEC573 is an immersive, self-paced, hands-on, and lab-intensive course. After covering the essentials required for people who have never coded before, the course will present students with real-world forensics, defensive, and offensive challenges. You will develop a malware dropper for an offensive operation; learn to search your logs for the latest attacks; develop code to carve forensic artifacts from memory, hard drives, and packets; automate the interaction with an online website’s API; and write a custom packet sniffer. Through fun and engaging labs, you develop useful tools and build essential skills that will make you the most valuable member of your information security team. 128 Hands-on Labs + Capture-the-Flag Challenge

Certification: GIAC Python Coder (GPYC)

Cyber Defense

SEC555: SIEM with Tactical Analytics

Many organizations have logging capabilities but lack the people and processes to analyze them. In addition, logging systems collect vast amounts of data from a variety of data sources, which require an understanding of the sources for proper analysis. This class is designed to provide training, methods, and processes for enhancing existing logging solutions. This class will also provide an understanding of the when, what, and why behind the logs. This is a lab-heavy course that utilizes SOF-ELK, a SANS-sponsored free SIEM solution, to train hands-on experience and provide the mindset for large-scale data analysis.

Certification: GIAC Certified Detection Analyst (GCDA)

Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming

SEC501: Advanced Security Essentials – Enterprise Defender

Cyber reskilling and upskilling are significant concerns for enterprises both large and small. Technologists must have a broad range of knowledge and certain basic skills in multiple areas. Every member of a security team, increasingly extended into Information Technology and DevOps, must prepare to ensure that any system, software, or infrastructure that is coded, built, and deployed is resilient to attack. Team members must have the knowledge necessary to identify the adversaries in their midst, which requires knowledge of the adversaries’ tactics, techniques, and procedures, as well as familiarity with real-world tools that reveal their activities within the enterprise. Adversaries must be contained when uncovered-controlling their lateral movement and limiting the extent of their infiltration minimizes the risks of disclosure, alteration, and destruction of mission-critical enterprise data. Critically, having all hands on deck is key to eradicating the adversary, remediating compromised systems, and recovering lost assets. Prevent. Detect. Respond.

Certification: GIAC Certified Enterprise Defender (GCED)

Cyber Defense, Open-Source Intelligence (OSINT)

SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis

With Open-Source Intelligence (OSINT) being the engine of most major investigations in this digital age the need for a more advanced course was imminent. The data in almost every OSINT investigation becomes more complex to collect, exploit and analyze. For this OSINT practitioners all around the world have a need for performing OSINT at scale and means and methods to check and report on the reliability of their analysis for sound and unbiased reports. In SEC587 you will learn how to perform advanced OSINT Gathering & Analysis as well as understand and use common programming languages such as JSON and Python. SEC587 also will go into Dark Web and Financial (Cryptocurrency) topics as well as disinformation, advanced image and video OSINT analysis. This is an advanced fast-paced course that will give seasoned OSINT investigators new techniques and methodologies and entry-level OSINT analysts that extra depth in finding, collecting and analyzing data sources from all around the world.

Cyber Defense

SEC505: Securing Windows and PowerShell Automation

Have fun learning Windows security and PowerShell scripting at the same time in course SEC505 at SANS. No prior PowerShell scripting experience is required. Attendees will have fun learning how to write PowerShell scripts, including a fully functional ransomware script that attendees will unleash in their training virtual machines in order to learn about defenses against PowerShell malware. This is a course mainly for on-premises Windows environments, such as for GOV and MIL networks, but PowerShell is popular for Azure and AWS too. The course author, Jason Fossen, is a Faculty Fellow who has taught Windows security at SANS for more than 25 years and PowerShell for more than 15 years. Jason gives away his PowerShell scripts for free at https://BlueTeamPowerShell.com.

Certification: GIAC Certified Windows Security Administrator (GCWN)

Cyber Defense

SEC406: Linux Security for InfoSec Professionals

In today’s fast-paced threat landscape, proficiency in Linux is not optional – it’s essential. Hackers know how to use Linux and a single unsecured Linux box could be all it takes for your organization to fall victim to a devastating cyberattack. Whether you are defensive, offensive, performing incident response, or working in mobile or ICS, this course will equip you with the fundamental proficiency, knowledge, and tools needed to stay ahead of the game. Acquire yours by taking our practical, hands-on training.

Cyber Defense

SEC673: Advanced Information Security Automation with Python

SEC673 is designed as the logical progression point for students who have completed SEC573: Automating Information Security with Python, or for those who already familiar with basic Python programming concepts. We jump immediately into advanced concepts. SEC673 looks at coding techniques used by popular open-source information security packages and how to apply them to your own Python cybersecurity projects. We’ll learn from the best of them as we spend the week making information security for our project, named SPF100, as easy to develop and maintain as that of the most popular cybersecurity projects. Discover how to organize your code and use advanced programming concepts to make your code faster, more efficient, and easier to develop and maintain.

Cyber Defense

SEC547: Defending Product Supply Chains

The threat landscape has changed and gone are the days when erecting a strong perimeter is sufficient to keep adversaries at bay. Supply chain attacks are one of the many effective ways to circumvent traditional perimeter-based controls. In these difficult to spot attacks, organizations unintentionally invite the adversary inside using unvalidated but “trusted” technologies, effectively leading to self-compromise. SEC547: Defending Product Supply Chains teaches how to minimize the risk of supply chain attacks via in-depth supply chain risk management strategies and tactics. The course covers the threat landscape and provides critical skills for defenders across 13 custom tailored labs, provides real-world examples of how these attacks work and how to stop them from happening to you. You’ll leave this course with the industry best practice required to inject security and assurance into your organization’s technology acquisitions.

Cyber Defense

SEC586: Security Automation with PowerShell

Are you a Blue Teamer who has been asked to do more with less? Do you wish you could detect and respond at the same pace as your adversaries who are breaking into and moving within the network? SEC586: Blue Team Operations: Defensive PowerShell teaches deep automation and defensive capabilities using PowerShell. Come join us and learn how to automate everything from regular hardening and auditing tasks to advanced defenses. This course will provide you with skills for near real-time detection and response and elevate your defenses to the next level.

Frequently Asked Questions About Cybersecurity Courses

In today’s rapidly evolving digital landscape, cybersecurity has become a critical concern for organizations worldwide. The demand for skilled cybersecurity professionals is growing exponentially, with the World Economic Forum projecting a talent shortage of 85 million workers by 2030. As a result, IT professionals, whether aspiring or experienced, are increasingly focusing on upskilling to meet this demand.

The high stakes of cybersecurity mean that hiring managers maintain rigorous standards, creating a significant barrier to entry that only education and experience can overcome. This is where cybersecurity courses come into play, offering IT professionals the opportunity to enhance their skills, gain valuable experience, and improve their marketability in the competitive IT career landscape.

Despite the many training organizations claiming expertise in cybersecurity, only a select few are recognized by industry decision-makers. This blog addresses the most common questions from your peers about cybersecurity courses, providing insights that influence both upskillers and job seekers alike.

1. What are the courses for cybersecurity?

Specializing in a specific area of cybersecurity helps tremendously when developing a course and certification roadmap for your cybersecurity career. Areas of specialization are as vast as the cybersecurity discipline itself. So, focus on areas of passion and keen interest, areas where you’ve made positive change or achieved ‘wins’ for an organization.

A few areas of specialization in cybersecurity include:

• Cloud Security
• Cyber Defense
• Cybersecurity and IT Essentials
• Cybersecurity Leadership
• Digital Forensics, Incident Response, and Threat Hunting
• Industrial Control Systems Security
• Offensive Operations, Pen Testing, and Red Teaming
• Open-Source Intelligence

2. How long is a cybersecurity course?

The length of a cybersecurity course depends on the course type. Course types fall into three categories: in-person, live online, and on demand.

In-person cybersecurity courses range from five to ten days in duration and offer a series of networking and professional development opportunities aside from the core subject matter training.

Live online cybersecurity courses take place during a specific date and time and are conducted live, with participants having access to some or all course materials after the completion of the live portion of the course. The duration is equal to that of the in-person version of the course: five to ten days.

OnDemand cybersecurity courses offer students the chance to learn at a customized pace while receiving live support from subject matter experts. There are sometimes limits on the length of time learners can access the materials, in many cases ranging from four months to unlimited access.

3. How much does a cybersecurity course cost?

Courses increase in cost based on complexity of subject matter, length of the course, and the tools and resources included in the course to hone the learner’s skills in a particular area. High quality, highly specialized, and technical courses cost more than others in the market.

Cybersecurity course fees and their return on investment depend on a learner’s goals when seeking cybersecurity education. A cybersecurity pro looking to build a skill base can piece together a learning curriculum, but that can be like building in the dark with no blueprint.

SANS courses offer a curated learning experience with all resources necessary to learn and master the most relevant skills in a subject area. This saves students time and effort. When reviewing costs, consider these factors:

• Time: The lower the cost, the less structured and impactful the experience. Learners often end up pulling together information from disparate sources with no assurance that what they’re learning is important to hiring managers and internal decision makers in their organizations.
• Reputation: Some educational groups in cybersecurity need no explanation as to their expertise or level of trust in the marketplace. Others, while popular in small groups of specialized cybersecurity pros, may not have the name recognition to grab the attention of fast-moving decision makers looking to promote the next solid cybersecurity expert in their organization.
• Employer sponsorship: Some educational groups offer pricing designed for learners who self-fund their education, while other training organizations facilitate corporate pricing for high-level, specialized coursework for their employees. This often helps employers prove that they’re addressing a pressing issue or a gaping hole in their cybersecurity positioning.

Courses that offer this level of efficient delivery and a high-level learning experience range between $3,000 and $6,000 per course.

4. How difficult is a cybersecurity course?

Difficulty levels of cybersecurity courses vary based on the experience level of the learner, the prerequisite courses needed, and the complexity of the course subject matter.

More advanced courses held in a group setting often present the most complexity to learners. Ways to address perceived difficulty of course materials include selecting a course style that best suits the learner’s needs. For some, in-person experiences lessen course difficulty. Whereas on-demand courses offer those who favor self-paced learning the time to absorb and test new concepts until they become integrated into the learner’s skill set.

Consider reviewing prerequisites and consulting with an educational consultant provided by the cybersecurity course provider to select the best course type and to gauge the level of difficulty of each course.

5. What are the best cybersecurity courses for beginners?

This answer depends on your specific goals. There are foundational courses that provide certifications that employers expect potential hires to have when seeking to land a cybersecurity role.

In this case, GIAC Security Essentials (GSEC) offers employers proof of your mastery of cybersecurity essentials and foundational concepts, terms, and strategies. Areas of this certification include cryptography, cloud security operations for AWS and Azure, Linux hardening, and Windows access controls.

6. What are the best advanced cybersecurity courses?

As certain technologies gain popularity, an organization’s attack surface grows. Cybersecurity pros who master the fundamentals can branch out into emerging branches of the cybersecurity threat matrix. For instance, as machine learning becomes more useful in enterprise settings, cybersecurity pros look to codify their understanding of securing systems leveraging the technology.

Other solid advanced courses include:

• Red Team, Blue Team, and Purple Team operations
• Cloud Security
• Security Management
• Advanced Leadership

7. What jobs can you get in cybersecurity?‎

The cybersecurity industry offers many chances for passionate learners to upskill and land roles in the industry. Many cybersecurity pros come from the broader world of IT and move from being network administrators and software engineers to cryptanalysts and bug bounty hunters. Here’s a list of cybersecurity jobs and their associated categories:

Offensive Operations

• Red Team member
• Pen Tester

Defensive Operations

• Counterespionage Analyst
• Cryptanalyst
• Cyber Intelligence Specialist
• Data Privacy Officer
• Data Security Analyst
• Industrial Internet of Things (IIoT) Security Specialist
• Information Security Analyst
• IT Security Architect
• Security Operations Center (SOC) Analyst
• Security Awareness Training Specialist
• Supervisory control and data acquisition (SCADA) Security Analyst

Leadership

• Chief Security Officer (CSO)
• Chief Information Security Officer (CISO)
• Security Operations Center (SOC) Manager

Incident Response and Threat Hunting

• Threat Hunter
• Virus Technician
• Bug Bounty Hunter
• Ethical Hacker
• Incident Responder
• Malware Analyst
• Vulnerability Assessor

Threat Intel and Forensics

• Cyber Insurance Policy Specialist
• Cyber Operations Specialist
• Cybercrime Investigator
• Cybersecurity Lawyer
• Source Code Auditor

8. How can online courses help you learn cybersecurity?

While in-person learning experiences in cybersecurity offer networking opportunities, online courses provide learners with a focused environment for absorbing cybersecurity concepts and practicing their application online.

For the budget conscious, not having to travel makes online courses attractive. Learners also get the chance to engage with course materials at the times most convenient for them.

Another benefit, when course participants need one-on-one assistance, they can reach out to subject matter experts and/or course leaders only when needed. This independent learning format suits many in the cybersecurity industry.

Cybersecurity is a dynamic and ever-evolving field, requiring continuous learning and adaptation. Investing in cybersecurity courses can significantly enhance your skills, boost your career prospects, and help bridge the talent gap in this critical industry. Whether you’re just starting or looking to advance your expertise, there are courses tailored to meet your needs and ambitions. By understanding the various aspects of cybersecurity education, you can make informed decisions and set yourself on a path to success in the cybersecurity landscape.Post navigation.