SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
SEC530Cyber Defense
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course created by:
Ismael Valenzuela
Course created by:Ismael Valenzuela
- GIAC Defensible Security Architecture (GDSA)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 24 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Achieve a holistic approach to defensible security architecture and engineering. Master tactics from network segmentation to conditional access and privileged identity controls under Zero Trust.
Featured Quote
I would highly recommend this for any business and organization […] to fully understand why this attitude of Zero Trust needs to be taken into consideration. This course covers areas that CISSP or Sec+ would not.
Course Overview
SEC530 teaches practical cyber defense, improving prevention, detection, and response by leveraging your existing infrastructure like firewalls, SIEM, identity platforms, and cloud controls. You will learn to assess and reconfigure technologies to reduce attack surfaces, and to anticipate threats while showcasing practical Zero Trust like implementations. Over 25 hands-on labs will reinforce your skills, offering vendor-neutral expertise and real-world application. Whether you're building out an SOC or strengthening enterprise defenses, SEC530 stands out among cyber security architect courses for its hands-on approach and hybrid enterprise focus. SEC530 is a course designed by all-around defenders for all-around defenders, emphasizing actionable skills and Zero Trust infrastructure enhancements for the hybrid enterprise.
What You’ll Learn
- Analyze security gaps and build resilient hybrid environments
- Implement Zero Trust using existing tech, networks, endpoints, cloud and identity, maximizing investments
- Discover assets, assess compliance, and determine monitoring needs
- Implement technologies for improved prevention, detection, and response
- Defend against modern authentication attacks with conditional access policies
- Apply micro-segmentation, ZTNA and identity-based controls to restrict lateral movement
- Understand encryption, identity, and logging for a robust defense
Business Takeaways
- Identify and remediate weaknesses in current security solutions
- Leverage existing investments for Zero Trust strategies
- Reconfigure and extend tech to maximize Return on Investment (ROI)
- Layer prevention, detection and response for better continuous security posture
- Minimize attack surface and elevate visibility into adversarial behavior
- Mitigate authentication risks: pass-the-hash, Golden Ticket, Adversary-in-the-Middle (AiTM), and MFA bypass
- Implement conditional access and dynamic group membership for adaptive trust
- Utilize Time Based Security and "Think Red, Act Blue" approaches
Meet Your Author
Ismael Valenzuela
Senior InstructorIsmael Valenzuela, VP of Threat Research & Intelligence at Arctic Wolf, has fortified global cybersecurity by leading critical threat intelligence initiatives and pioneering defenses against AI-driven threats like deepfakes and ransomware.
Read more about Ismael ValenzuelaCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise.
Section 1Defensible Security Architecture and Engineering: A Journey Towards Zero Trust
This section covers defensible system design, Zero Trust principles, and practical threat modeling using MITRE ATT&CK. It emphasizes building a strong foundation, from physical to network security, using VLANs, NetFlow baselining, and Time-Based Security.
Topics covered
- Defensible Security Architecture and DARIOM lifecycle
- Threat Modeling with MITRE ATT&CK
- Physical and Layer 2 Security: VLANs, PVLANs
- Threat, Vulnerability, and Data Flow Analysis
- Time-based Security Principles
Labs
- Practical Threat Modeling with MITRE ATT&CK
- DNS Tunneling and Detection Layering
- Identifying Layer 2 Attacks
- Architecting for Flow Data
Section 2Network Security Architecture and Engineering
Section 2 details hardening hybrid infrastructure: routers and firewalls in on-prem and cloud deployments. It covers often-overlooked IPv6 security, addressing errors and solutions. It covers key Zero Trust concepts like macro, micro, and identity-based segmentation, including a new lab with OpenZiti. Finally, it covers web and SMTP proxy security.
Topics covered
- Layer 3: Attacks and Mitigation
- Layer 2 and 3: Benchmarks and Auditing Tools
- Securing SNMP and NTP
- Bogon Filtering, Blackholes, and Darknets
- Network vs. Access Segmentation Principles
Labs
- Auditing Router Security
- Router SNMP Security
- IPv6
- Identity based segmentation with OpenZiti
Section 3Network-Centric Application Security Architecture
This section focuses on optimizing network security tech (NGFW, IDS/IPS, Proxies, VPNs, ZTNA and SASE) with Zero Trust. It critiques over-reliance on built-in features, advocating for application-layer security to boost prevention and detection. It covers application proxies, remote access (VPNs, ZTNA and SASE), and the risks/benefits of TLS decryption.
Topics covered
- NGFW On-Prem And In The Cloud
- Network Security Monitoring (NSM), NIDS/NIPS
- Application Proxies and Gateways
- Secure Remote Access: VPNs, ZTNA and SASE
- Network Encryption
Labs
- NSM Architecture and Engineering
- Network Security Monitoring
- Encryption Considerations
Section 4Data-Centric Application Security Architecture
This section covers data-centric security, a core Zero Trust strategy. It emphasizes identifying, classifying, and protecting critical data across on-prem and cloud environments. It also explores data governance, WAFs, DAM, WAAP, RASP, Microsoft Purview, MDM, and Entra ID, and advocates prioritizing security controls around vital data, not everything.
Topics covered
- Data-Centric Security
- Web Application Firewalls
- Database Firewalls/Database Activity Monitoring
- Privileged Access and Identity Defense
- Mobile Device Management and Private Cloud
Labs
- Securing Web Applications
- Discovering Sensitive Data
- Secure Visualization
- Bonus Lab: Azure Privilege Escalation
Section 5Zero-Trust Architecture: Addressing the Adversaries Already in Our Networks
Section 5 shifts from "trust but verify" to "verify then trust." It leverages previous learning to implement adaptive trust models and effective identity management and federation, to defend against modern authentication attacks, and to use AI, Analytics and MITRE ATT&CK content engineering to maintain a defensible security architecture.
Topics covered
- Zero Trust Architecture
- Identity Management and Federation
- Artificial Intelligence (AI), Analytics and SIEM
Labs
- Network Isolation and Mutual Authentication
- SIEM Analysis and Tactical Detection
- SIGMA Generic Signatures
- Advanced Defense Strategies
Section 6Hands-On Secure the Flag Challenge
The course concludes with an immersive team-based "Design-and-Secure-the-Flag" competition, powered by SANS Cyber Ranges. Teams apply principles in a full-day, hands-on challenge. They assess, design, and secure systems, using learned skills to defend Tyrell Corporation from a replicant attack, demonstrating techniques learned throughout SEC530.
Topics covered
- Defensible Security Architecture
- Assess Provided Architecture and Identify Weaknesses
- Use Tools/Scripts to Assess the Initial State
- Quickly/Thoroughly Find All Changes Made
Labs
- Capstone - Design/Detect/Defend
Things You Need To Know
Relevant Job Roles
Security Architect & Engineer
Cyber DefenseDesign, implement, and tune an effective combination of network-centric and data-centric controls to balance prevention, detection, and response. Security architects and engineers are capable of looking at an enterprise defense holistically and building security at every layer. They can balance business and technical requirements along with various security policies and procedures to implement defensible security architectures.
Explore learning pathCybersecurity Architecture (OPM 652)
NICE: Design and DevelopmentResponsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.
Explore learning pathNetwork Operations Specialist (DCWF 441)
DoD 8140: Cyber ITImplements and maintains network services, including hardware and virtual systems, ensuring operational support for infrastructure platforms.
Explore learning pathData Architect (DCWF 653)
DoD 8140: Data/AIDesigns system data models and flow architectures to meet mission or business data requirements using scalable and efficient solutions.
Explore learning pathSecurity Architect (DCWF 652)
DoD 8140: CybersecurityDesigns secure enterprise systems considering environmental constraints and translates them into enforceable security processes and protocols.
Explore learning pathBlue Teamer - All Around Defender
Cyber DefenseThis job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.
Explore learning pathEnterprise Architecture (OPM 651)
NICE: Design and DevelopmentResponsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Explore learning pathEnterprise Architect (DCWF 651)
DoD 8140: Cyber ITDevelops business and IT process architectures, creating baseline and target architectures to meet mission or enterprise goals.
Explore learning pathCybersecurity Analyst / Engineer
Cyber DefenseAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathCyber Defense Analyst (DCWF 511)
DoD 8140: CybersecurityMonitors cyber defense tools like IDS and logs to analyze network events, identifying and mitigating potential threats to security environments.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Ismael ValenzuelaDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Andy SmithDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxes - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Ismael ValenzuelaDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Anaheim, CA, US & Virtual (live)
Instructed by Josh JohnsonDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Huntsville, AL, US & Virtual (live)
Instructed by Greg ScheidelDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Singapore, SG & Virtual (live)
Instructed by Greg ScheidelDate & TimeFetching schedule..View event detailsCourse price$8,900 USD*Prices exclude applicable local taxes - Location & instructor
Virginia Beach, VA, US & Virtual (live)
Instructed by Eric ConradDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Virginia Beach, VA, US & Virtual (live)
Instructed by Eric ConradDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options
Showing 8 of 29
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4SEC530 is a great course for Blue Teams & Security Engineers. This is an evolution to the significance of good & practical defense approach in enterprises.
- Slide 2 of 4I just have to say, these labs are astonishingly well set up. They demonstrate exactly what's needed in very few steps. There's a lot of moving parts behind some of them but they are robust, and all in a small VM footprint. I've never seen any course lab environment executed so well.
- Slide 3 of 4This training showed how overall security posture of an organization can be improved. It helps connect the dots between different areas within security infrastructure.
- Slide 4 of 4SEC530 teaches you to defend and put mechanisms in place to secure the environment. The real life scenarios and examples were priceless.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources