SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
ICS/OT Security Training
Industrial Control Systems (ICS) and Operational Technology (OT) are increasingly targeted by cyber threats, putting businesses, governments, and national infrastructure at risk. Specialized ICS/OT security training is vital to securing operations across all industries and defending the systems that make, move, and power the world.
The SANS ICS Security Mission
Unlike traditional IT environments, ICS/OT systems face unique risks that demand both cybersecurity expertise and operational awareness. SANS ICS security training prepares defenders for the evolving threats targeting essential industries worldwide. From foundational to advanced—SANS training, led by expert instructors with real-world labs using cyber physical systems, provides the knowledge and hands-on skills to defend the critical infrastructure and industrial operations that drive economies.
What You'll Learn
ICS/OT Cyber Threats & Defense Strategies
Understand the unique attack surfaces of ICS/OT environments and apply defense-in-depth strategies to mitigate real-world threats.
Secure ICS/OT Architecture & Risk Management
Learn how to design, assess, and strengthen industrial systems while aligning with industry frameworks and regulatory requirements.
Threat Detection & Incident Response in ICS/OT
Develop the skills to detect, investigate, and respond to cyber threats targeting industrial operations, minimizing downtime and business disruption.
Student Insights
Even in the tech industry, ICS security is often overlooked. This training showed me how ICS threats impact all sectors and gave me the skills to mitigate them.
Featured Courses
- Slide 1 of 7
ICS515: ICS Visibility, Detection, and Response
Intermediate ICS515Industrial Control Systems Security
- GIAC Response and Industrial Defense (GRID)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 25 Hours of hands-on instruction
- Slide 2 of 7
ICS418: ICS Security Essentials for Leaders
Essentials ICS418Industrial Control Systems Security
- 12 CPEs / 12 Hours (Self-Paced)
- Labs: 12 Hours of hands-on instruction
- Slide 3 of 7
ICS613: ICS/OT Penetration Testing & Assessments
betaAdvanced ICS613Industrial Control Systems Security
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 27 Hours of hands-on instruction
- Slide 4 of 7
ICS456: Essentials for NERC Critical Infrastructure Protection
Essentials ICS456Industrial Control Systems Security
- GIAC Critical Infrastructure Protection (GCIP)
- 5 Days (Instructor-Led)
- 31 CPEs / 31 Hours (Self-Paced)
- Labs: 23 Hours of hands-on instruction
- Slide 5 of 7
ICS310: ICS Cybersecurity Foundations
newBeginner ICS310Industrial Control Systems Security
- 6 CPEs / 6 Hours (Self-Paced)
- Labs: 3 Hours of hands-on instruction
- Slide 6 of 7
ICS410: ICS/SCADA Security Essentials
Essentials ICS410Industrial Control Systems Security
- GIAC Global Industrial Cyber Security Professional (GICSP)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 15 Hours of hands-on instruction
- Slide 7 of 7
ICS612: ICS Cybersecurity In-Depth
Advanced ICS612Industrial Control Systems Security
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 25 Hours of hands-on instruction
Meet Your Experts
Mark Bristow
Certified InstructorMark Bristow was born to work in information security as he found his first bug in an ICS system at the age of 10. As a teen, he had a passion for technology and spent a lot of time exploring the possibilities of his computer and the nascent internet.
Learn more
Lesley Carhart
Technical Director of Incident Response for North AmericaLesley is Technical Director of Incident Response for North America for Dragos and teaches SANS Industrial Control System courses. She's a recognized leader in cybersecurity and has won a number of prestigious awards in the field.
Learn more
Jason Christopher
Senior Vice President of Cybersecurity and Digital Transformation for Research & InnovationJason D. Christopher has significantly influenced national cybersecurity policies through his leadership in developing the NERC Critical Infrastructure Protection standards and the U.S. Department of Energy's Cybersecurity Capability Maturity Model.
Learn more
Tim Conway
ICSTim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings.
Learn more
Jason Dely
DirectorJason Dely brings over 20 years of experience and a diverse industrial control system background to SANS and the industrial control system (ICS) community.
Learn more
Monta Elkins
Hacker-in-ChiefMonta Elkins is currently "Hacker-in-Chief" for FoxGuard Solutions, an ICS patch provider. A security researcher and consultant; he was formerly Security Architect for Rackspace, and the first ISO for Radford University.
Learn moreExplore Careers Within ICS / OT
ICS Security Analyst
Industrial Control SystemsAcquires and manages resources, supports, and performs key industrial security protection while adhering to safety and engineering goals.
Explore learning pathICS Security Architect
Industrial Control SystemsEnsures control system network security compliance and best practises for control networks.
Explore learning pathICS Security Incident Responder
Industrial Control SystemsExecutes specific industrial incident response for incidents that threaten or impact control system networks and assets, while maintaining the safety and reliability of operations.
Explore learning pathProcess Control Engineering
Industrial Control SystemsTests, programs, troubleshoots, and oversees changes of existing processes or implements new engineering processes through the deployment and operations of engineering systems and automation devices.
Explore learning pathICS Security Manager
Industrial Control SystemsBuilds and maintains business relationships with engineering staff and C-suite stakeholders by communicating and managing cyber-to- physical risks while reducing security risk to engineering operations and simultaneously prioritising safety.
Explore learning pathUpcoming Events
- Slide 1 of 20
Ransoming Critical Infrastructure - Emergency Webcast
As ransomware attacks continue to impact organizations around the world, and with recent events like the colonial pipeline impacts, we are seeing more and more attacks that have an adjacent or direct impact on Operational Technology environments. As ransomware attacks continue to rise, how should companies think about the cyber to physical impacts to their OT environments? Organizations responsible for operating and maintaining critical infrastructure environments need to consider the steps they should be pursuing right now before a potential attack occurs, establish and implement procedures on how or if they should operate their systems during an attack, and what actions need to be taken after an attack. Tim Conway & Jeff Shearer will discuss how organizations responsible for operating & maintaining critical infrastructure environments need to consider the following: Steps to pursue before a potential attack Procedures to implement during an attack Actions necessary to take after an attack
WebinarIndustrial Control Systems Security
- 13 May 2021
- 11:00 UTC
- Tim Conway & Jeffrey Shearer
- Slide 2 of 20
OT Network Visibility and Detective Controls in a NERC CIP World
NERC CIP is complicated. Integrating solutions into your CIP program is complex. Demonstrating compliance in a zero-deficiency regulatory sector is challenging. Going beyond compliance in pursuit of expanded cybersecurity capabilities and innovative emerging solutions in ICS environments can be confusing. How do you determine the most appropriate operation technology solutions for your NERC CIP program? Are there unique operating models that make certain solutions better than others? In this webcast, SANS Instructor Tim Conway and Dragos Cyber Risk Advisor Jason Christopher look at the NERC CIP standards and explore how to balance technology implementations for resilient operations, cybersecurity, and compliance benefits. Attendees will learn how to integrate solutions into their CIP programs that help drive detection and incident response actions. Be among the first to receive the associated whitepaper written by Tim Conway.
WebinarIndustrial Control Systems Security
- 24 Jun 2021
- 15:30 UTC
- Tim Conway
- Slide 3 of 20
ICS Threat Landscape Update: Active Cyber Defense for Industrial Control Systems
The presentation draws attention to practical threat detection and incident response in industrial control system environments, by dissecting advanced ICS adversary threat capabilities in recent attack campaigns. A focus of the webcast is on ICS adversary Tactics Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs). Dean will illustrate why the cyber weapons and the techniques used in modern attacks may be more important than adversary attribution for tactical ICS incident response. 개요 이 프레젠테이션은 최근 공격 유형들(campaigns)중에서 고급 산업 제어 시스템 (ICS)의 적대적 위협 가능성들(adversary threat capabilities)을 심층 분석하여 산업제어시스템 환경 속에서 일어날 실질적 위협을 감지하고 발생한 사고에 대응하는 것에 초점을 맞추고 있습니다. 이 웹 캐스트에서는 산업 제어 시스템의 공격자 전략과 전술, 그리고 그 과정(Adversary TTPs) 및 침해 지표 (IoCs)에 집중하여 설명 할 것입니다. 강사 Dean은 전술적 산업제어시스템의 사고 대응을 위해 왜 최근 공격에 활용되는 사이버 무기와 기술들이 적대적 속성(adversary attribute)보다 더 중요한지 그 이유를 설명 할 것입니다.
WebinarIndustrial Control Systems Security- 8 Jul 2021
- 09:00 UTC
- Dean Parsons
- Slide 4 of 20
Cyber42 Game Day: Industrial Edition
Cyber42: Industrial Edition will put you through the paces as an industrial control system (ICS) security manager as players adapt to challenges in operational technology (OT) environments. Unlike traditional IT networks, industrial equipment is designed to impact the physical world and require special considerations when deploying security technologies. As threats continue to rise targeting these networks, many of which are vital for critical infrastructure (like power, water, and energy), it is more important than ever to understand the impacts on ICS due to a cyber security event and to invest in resilience and security that promotes both reliability and safety. Players will step into the world of Cyber42: Industrial Edition, which is being developed for the upcoming ICS418: ICS Security Essentials for Managers, and address real-world industrial cyber threats from the comfort of their own home! This Game Day will focus on balancing security program improvements that impact engineers, operations, and customers all while considering the various technical and cultural implications of an OT security program. In this simulation, you will compete for the high score across other ICS managers facing the same dilemma: How to protect industrial equipment from shut downs, failure, damage, or worse! Do you have what it takes? Find out by playing the game with us! Important Notes: Cyber42 Game Days utilize three platforms:Webcast to view presenters slides throughout the gameLog into the webcast via your SANS Portal AccountSlack to interact with other players, leaders, and SANS Staff for supportLog in information and directions to be provided a week before Game Day (and at Game Day)Cyber42 Web App online gameDirections to join will be provided at Game Day
WebinarIndustrial Control Systems Security
- 27 Jul 2021
- 10:30 UTC
- Dean Parsons
- Slide 5 of 20
การลงมือปฏิบัติจริงกับ Industrial Control Systems
ความจำเป็นของประสบการณ์ที่ได้จากการลงมือปฏิบัติงานจริง และการฝึกอบรมแบบเจาะจงหัวข้อสำหรับผู้ที่ทำงานในสาย Cybersecurity ที่ต้องทำงานเกี่ยวกับ Critical Infrastructure การระบุภัยคุกคาม และข้อบกพร่องของระบบ กระบวนการทำให้ ICS ปลอดภัย Tim และ Jeff จะอภิปรายเกี่ยวกับ องค์ประกอบพื้นฐานของ ICS และชนิดของอุปกรณ์ที่จะพบกับใน ICS และระบบสนับสนุน
WebinarIndustrial Control Systems Security
- 17 Feb 2022
- 11:00 UTC
- Tim Conway & Jeffrey Shearer
- Slide 6 of 20
산업 제어시스템(ICS) 직접 체험하기!
SANS의 산업 제어시스템(ICS) 코스의 저자이며 국제적으로 유명한 Tim Conway와 Jeff Shearer이 핵심 인프라 및 프로세스 환경에서 근무하는 사이버보안 실무자들이 ICS 환경을 보호하고 위협 및 취약점 식별 방법을 익혀야 함에 있어 실무 경험과 전문 교육의 중요성에 대해 설명합니다. Jeff와 Tim은 ICS 환경을 지원하고 작업하는 모든 실무자님들이 접하게 될 공통 요소 및 자산 유형과 ICS 전문가들이 추구해야 하는 다양한 지식 영역에 대해 논의하고자 합니다.
WebinarIndustrial Control Systems Security- 17 Feb 2022
- 11:00 UTC
- Tim Conway & Jeffrey Shearer
- Slide 7 of 20
Menguasai Industrial Control Systems
Bergabunglah dengan para pakar global terkemuka dan instruktur pelatihan SANS ICS, Tim Conway dan Jeff Shearer, yang akan membahas perlunya pengalaman langsung dan pelatihan terfokus bagi praktisi keamanan siber yang bekerja di sektor infrastruktur vital dan lingkungan processing untuk mengidentifikasi ancaman dan kerentanan serta metode untuk mengamankan lingkungan ICS.
WebinarIndustrial Control Systems Security
- 17 Feb 2022
- 11:00 UTC
- Tim Conway & Jeffrey Shearer
- Slide 8 of 20
産業用制御システム(ICS)で手を動かそう
SANSのICSに関するコースを開発しているTim ConwayとJeff ShearerによるWebcastを開催します。TimとJeffは重要インフラやプロセス環境に携わるサイバーセキュリティ人材の実践的な経験や集中的なトレーニングの必要性について議論します。ICSの環境で働いていたり、サポートしたりしている方が関わる一般的な要素と資産の種類や、このコミュニティにいる専門家が知っておくべき様々な知識に関して説明します。
WebinarIndustrial Control Systems Security- 17 Feb 2022
- 11:00 UTC
- Tim Conway & Jeffrey Shearer
- Slide 9 of 20
Discover the NEW ICS Cybersecurity Field Manual – Vol. 1
New to the ICS/OT security area? Are you an IT Security Manager stepping over to take on responsibilities to secure critical infrastructure? Maybe you’re in an engineering role taking a more focused approach to cyber security and practical cyber defense. Or perhaps you have IT security knowledge and are looking to explore OT security.
WebinarIndustrial Control Systems Security
- 15 Jun 2022
- 13:00 UTC
- Dean Parsons
- Slide 10 of 20
산업시스템(ICS) 위협 환경 및 적극적 방어 전략
이번 웹 캐스트에서는 최근 공격 유형들(campaigns)중에서 고급 산업제어시스템 (ICS)을 대상으로 한 적대적 위협 가능성들(adversary threat capabilities)을 심층 분석하여 산업제어시스템(ICS) 환경에서 일어날 수 있는 실질적 위협을 감지하고 발생한 사고에 대응하는 것에 초점을 맞추고 있으며, 산업제어시스템(ICS)의 공격자TTP(Tactics, Techniques and Procedures/전술, 기법 및 절차) 및 효율적이고 경제적인 사전 방어기법들을 소개합니다. 특히, 강사 Dean은 최근 많은 공격에서 활용되고 있는 사이버무기와 기술들이 전술적 산업제어시스템(ICS) 침해사고대응(IR)에서 드러나는 적대적 공격속성(adversary attribution)보다 왜 더 중요한지에 대해 자세히 다룰 예정입니다.
WebinarIndustrial Control Systems Security
- 12 Oct 2022
- 09:00 UTC
- Dean Parsons
- Slide 11 of 20
ภัยคุกคามต่อระบบ Industrial Control System และวิธีป้องกัน
การบรรยายนี้จะมุ่งเป้าที่การตรวจจับภัยคุกคามและการตอบสนองต่อภัยคุกคามในสภาพแวดล้อมของ Industrial Control System (ICS) โดยจะเจาะลึกถึงเทคนิคและความสามารถของผู้ร้ายในเคสที่เกิดขึ้นไม่นานมานี้ การบรรยายจะเน้นเรื่อง Tactics Techniques and Procedures (TTP) ของผู้ร้าย และอุตสาหกรรม ICS จะตอบสนองต่อผู้ร้ายอย่างไรโดยที่ไม่ต้องใช้งบประมาณสูง Dean จะแสดงให้เห็นว่าการวิเคราะห์เทคนิคและเครื่องมือ ที่ผู้ร้ายใช้ สำคัญหว่าการระบุตัวของผู้ร้าย ซึ่งจะทำให้การปฏิบัติงานของมีประสิทธิภาพมากขึ้นในอุตสาหกรรม ICS/OT
WebinarIndustrial Control Systems Security- 12 Oct 2022
- 09:00 UTC
- Dean Parsons
- Slide 12 of 20
タイトル:産業制御システム(ICS)の脅威の状況とアクティブデフェンス
概要:このWebcastでは、最近の攻撃キャンペーンにおける高度なICS攻撃者の脅威を分析することで、産業用制御システム環境における実践的な脅威の検出とインシデントレスポンスの対応方法についてご紹介します。このWebcastの焦点は、ICS攻撃者の戦術と手順(TTPs)、および産業用制御システムのセキュリティを、いかにプロアクティブかつ最低限のコストで、効果的に実現するかというところにあります。Deanは、近年の攻撃で使用されるツールや技術について理解することが、戦術的なICSインシデントレスポンスにおいて重要である理由を説明し、あらゆるICS/OT重要インフラ部門の業務において実践的なヒントを提供します。
WebinarIndustrial Control Systems Security- 12 Oct 2022
- 09:00 UTC
- Dean Parsons
- Slide 13 of 20
2022 ICS/OT Cybersecurity Year in Review Executive Briefing
The ICS/OT community has long suffered from a lack of insight into cyber threats, vulnerabilities, and incident response observations. The annual Dragos ICS/OT Cybersecurity Year in Review provides a comprehensive look at the events that shaped the ICS/OT community and the current threat landscape. It also reports on how the community is performing, and surfaces areas of improvement needed to provide safe and reliable operations.
WebinarDigital Forensics and Incident Response- 23 Feb 2023
- 13:00 UTC
- Rob M. Lee & Ben Miller
- Slide 14 of 20
SANS Community Night Abu Dhabi March 2023 - ICS / OT Security Challenges, Assessments, and Takeaways
Don C. Weber will discuss his experiences related to the cyber security challenges facing utilities, industrial, and automation industries. He will discuss the challenges he has experienced, outline security assessments of OT environments, and provide insight into common systemic issues. The presentation will include a question-and-answer session to allow attendees to discuss the challenges and resolutions experienced by their own teams.
WebinarIndustrial Control Systems Security- 16 Mar 2023
- 18:30 GST
- Don C. Weber
- Slide 15 of 20
Discover the ICS Cybersecurity Field Manual Vol. 3
Join Dean Parsons in this webcast as he discusses the key takeaways of the new ICS Cybersecurity Field Manual Vol. 3.
WebinarIndustrial Control Systems Security- 10 May 2023
- 10:00 UTC
- Dean Parsons
- Slide 16 of 20
Bridging the Gap: Securing Your Digital Transformation Journey
Are you grappling with the fear of data exposure, conflicting process control and IT/security teams, and limited problem-solving for individual plants? These challenges can lead to considerable security risks and impede your digital transformation journey. In this session, dive into the negative consequences of neglecting these challenges, and learn from Armis Field CTO, Steve Gyurindak, how your organization can overcome these hurdles without compromising critical infrastructure or existing security solutions.
WebinarIndustrial Control Systems Security- 18 May 2023
- 13:00 UTC
- Jeffrey Shearer & Steve Gyurindak
- Slide 17 of 20
Exposed Industrial Control System Remote Services: A Threat to Critical Infrastructure
Industrial control systems (ICS) are critical to the operation of many essential services, including power grids, water treatment plants, and transportation systems. These systems are often connected to the enterprise, which opens the door for potential cyber-attacks. In ICS environments, access equals control, with exposed remote services being one of the most common attack vectors. Remote services are software applications that allow users to connect to an ICS from a remote location. These services can be used for various purposes, such as troubleshooting, maintenance, and updates. However, if these services are not properly understood or secured, they can be used by attackers to gain unauthorized access to ICS systems. In this presentation we will explore with the audience a deeper understanding of the attack surface challenge for industrial environments, how to identify remote services exposures, and recommendations on how to gain control of your remote logical access.
WebinarIndustrial Control Systems Security- 6 Jun 2023
- 13:00 UTC
- Ron Fabela
- Slide 18 of 20
Enhancing OT Security: A Dual Perspective on Threat Detection with Emerson and Dragos
Join us for a panel discussion presented by Emerson and Dragos, as they share their insights around OT cybersecurity as partners - while also depicting the unique expertise, experience, and responsibilities that they bring to the table to defend customer installations and environments together. Although the core focus of the conversation will be on DeltaV systems, a high-level overview of OT cybersecurity and the Industrial Control Systems (ICS) landscape will be covered and relevant to multiple industry segments, including Oil & Gas, Chemicals, Life Sciences, and Metals & Mining.
WebinarDigital Forensics and Incident Response- 15 Jun 2023
- 15:30 UTC
- Jeff Mais , Dan Schaffer, Jack Sweet + 1 more
- Slide 19 of 20
SANS Cyber Defence Australia 2023 Community Night - June 29
Presentation 1 - The Five ICS Cybersecurity Critical Controls for APAC PractitionersPeter Jackson, Certified Instructor CandidatePresentation 2 - Establishing the Link Between Corruption and CybercrimeJason Jordaan, Principal Instructor
WebinarIndustrial Control Systems Security- 29 Jun 2023
- 18:00 AEST
- Peter Jackson & Jason Jordaan
- Slide 20 of 20
SANS Cyber Defence Australia 2023 Community Night - July 6
Presentation 1 - DevSecOps - We Are The Champions and 2023 Chris Edmundson, Associate InstructorPresentation 2 - 2023 SOC Survey - Highlights and Deep Drive presentedChristopher Crowley, Senior Instructor
WebinarIndustrial Control Systems Security- 6 Jul 2023
- 18:00 AEST
- Chris Edmundson & Christopher Crowley
ICS/OT Insights From The Experts
ICS410: ICS/SCADA Security Essentials
Reinforce critical cybersecurity skills to secure industrial control systems and operational technology against emerging threats while maintaining operational resilience in industrial environments.
Course
Authored byJustin Searle
- Slide 1 of 3
- Slide 2 of 3
ICS456: Essentials for NERC Critical Infrastructure Protection
CourseAuthored byTim Conway, Ted Gutierrez & Felix Schallock - Slide 3 of 3
