SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC501: Advanced Security Essentials - Enterprise Defender
SEC501Cyber Defense
- 6 Days (Instructor-Led)
- 38 Hours (Self-Paced)
Course created by:
Ross Bergman & Dave Shackleford
Course created by:Ross Bergman & Dave Shackleford
- GIAC Certified Enterprise Defender (GCED)
- 38 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 25 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Gain hands-on, cross-disciplinary cyber defense skills and prepare for CERT/CSIRT roles with 25+ labs using real cyber tools for network security, malware analysis, SecOps, forensics, and more.
Featured Quote
This is the best technical training course I have ever taken. SEC501 exposed me to many valuable concepts and tools but also gave me a solid introduction to those tools so that I can continue to study and improve on my own.
Course Overview
As cyberattacks grow more sophisticated and damaging, enterprises must adopt a comprehensive PREVENT-DETECT-RESPOND strategy to protect critical data and maintain resilient network defenses. SEC501: Advanced Security Essentials – Enterprise Defender equips security professionals with the hands-on skills and knowledge needed to audit, harden, monitor, and defend infrastructure across both on-premises and cloud environments. By strengthening prevention, enhancing detection, and streamlining incident response, organizations can reduce risk, mitigate the impact of breaches, and continuously improve their cybersecurity posture.
What You’ll Learn
- Secure network infrastructure and harden devices
- Identify vulnerabilities through testing and assessments
- Detect threats using packet analysis and forensics
- Follow the six-step incident response process
- Analyze malware behavior and reverse code
- Use active defense and perform network forensics
- Understand attacker tactics to reduce risk
Business Takeaways
- Upskill technologists for stronger cyber defense
- Boost cybersecurity effectiveness and efficiency
- Build resilient, attack-resistant networks
- Identify and fix critical vulnerabilities
- Detect threats through system and network monitoring
- Understand attack methods across environments
Meet Your Authors
- Slide 1 of 2
Ross Bergman
Principal InstructorAfter a malicious attack in his lab, Ross pivoted from neuroscience to cybersecurity, driven by a passion for safeguarding digital assets. He has dedicated over three decades to fortifying enterprise defenses and mentoring future cyber leaders.
Read more about Ross Bergman - Slide 2 of 2
Dave Shackleford
Senior InstructorDave Shackleford, founder of Voodoo Security, has advanced cybersecurity through his leadership roles, including serving as CTO for the Center for Internet Security, where he coordinated the first published virtualization security benchmarks.
Read more about Dave Shackleford
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC501: Advanced Security Essentials - Enterprise Defender.
Section 1Defensive Network Architecture
In this course section we will discuss published security benchmarks, vendor guidance to secure various products, and regulatory requirements and how they impact defending infrastructure against specific attacks.
Topics covered
- Security Standards and Audit
- Authentication, Authorization, and Accounting
- Defending Network Infrastructure
Labs
- Initial Router Configuration and Audit
- Securing AAA
- Securing Redundancy Protocols
Section 2Penetration Testing
This course section will present the variety of tests that can be run against an enterprise, and show how to perform effective penetration tests to better understand the security posture for network services, operating systems, and applications.
Topics covered
- Penetration Testing Scoping and Rules of Engagement
- Open-Source Intelligence
- Social Engineering
Labs
- Network Scanning Fundamentals
- Scanning with Nessus
- Exploitation and Metasploit Basics
Section 3Security Operations Foundations
This course section will start with a brief introduction to network security monitoring, followed by a refresher on network protocols, with an emphasis on fields to look for as security professionals.
Topics covered
- Network Security Monitoring
- Advanced Packet Analysis
- Network Intrusion Detection/Prevention
Labs
- Analyzing PCAPs with tcpdump
- Attack Analysis with Wireshark
- Snort Basics
Section 4Digital Forensics and Incident Response
Students will learn how incident response currently operates, after years of evolving, in order to address the dynamic procedures used by attackers to conduct their operations.
Topics covered
- Active Defense
- DFIR Core Concepts
- Scaling and Scoping
Labs
- Active Defense: Honeypots
- Data Recovery with FTK Imager and Photorec
- Discovering Artifacts
Section 5Malware Analysis
In this course section, we will define each of the most popular types of malware and walk through multiple examples. The four primary phases of malware analysis will be covered: Fully Automated Analysis, Static Properties Analysis, Interactive Behavior Analysis, and Manual Code Reversing.
Topics covered
- Intro to Malware Analysis
- Malware Analysis Stages
Labs
- Static Properties Analysis of Ransomware
- Interactive Behavior Analysis of Ransomware
Section 6Enterprise Defender Capstone
This final course section will serve as a real-world challenge for students by requiring them to work in teams, use the skills they have learned throughout the course, think outside the box, and solve a range of problems from simple to complex.
Things You Need To Know
Relevant Job Roles
Network Operations (OPM 441)
NICE: Implementation and OperationResponsible for planning, implementing, and operating network services and systems, including hardware and virtual environments.
Explore learning pathCybersecurity Instruction (OPM 712)
NICE: Oversight and GovernanceResponsible for developing and conducting cybersecurity awareness, training, or education.
Explore learning pathInfrastructure Support (OPM 521)
NICE: Protection and DefenseResponsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.
Explore learning pathDefensive Cybersecurity (OPM 511)
NICE: Protection and DefenseResponsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Explore learning pathCybersecurity Analyst / Engineer
Cyber DefenseAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Ross BergmanDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Riyadh, SA & Virtual (live)
Instructed by Ross BergmanDate & TimeFetching schedule..View event detailsCourse price$8,900 USD*Prices exclude applicable local taxes - Location & instructor
Virtual (live)
Instructed by Dave ShacklefordDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxesEnrollment options - Location & instructor
Huntsville, AL, US & Virtual (live)
Instructed by Ross BergmanDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Dave ShacklefordDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Ross BergmanDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Orlando, FL, US & Virtual (live)
Instructed by Ross BergmanDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes
Showing 7 of 7
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4The disciplines/skills taught in SEC501 were exactly what my career and team needed to mature our SOC. Bryce Galbraith was an amazing, extremely knowledgeable instructor who kept all of the material interesting and fun.
- Slide 2 of 4I would recommend SEC501 as a strong foundation to any security practitioner role. It is broad but assumes a reasonable level of technical proficiency that is refreshing.
- Slide 3 of 4SEC501 offers a great explanation of Net Defense best practices that often get overlooked.
- Slide 4 of 4A must for cyber security professionals!
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources