Virginia Tech - Invent the Future
SANS  - Advanced Security Essentials - Enterprise Defender - March 6-11, 2017  - Torgersen Hall - Blacksburg, Virginia
SANS  - Advanced Security Essentials - Enterprise Defender - March 6-11, 2017  - Torgersen Hall - Blacksburg, Virginia

General Information

SEC501: Advanced Security Essentials - Enterprise Defender
March 6-11, 2017
Virginia Tech, Blacksburg, Virginia

Effective cybersecurity is more important than ever as attacks become stealthier, have a greater financial impact, and cause broad reputational damage. SEC501: Advanced Security Essentials - Enterprise Defender builds on a solid foundation of core policies and practices to enable security teams to defend their enterprise.

It has been said of security that "prevention is ideal, but detection is a must." However, detection without response has little value. Network security needs to be constantly improved to prevent as many attacks as possible and to swiftly detect and respond appropriately to any breach that does occur. This PREVENT - DETECT - RESPONSE strategy must be in place both externally and internally. As data become more portable and networks continue to be porous, there needs to be an increased focus on data protection. Critical information must be secured regardless of whether it resides on a server, in a robust network architecture, or on a portable device.

Of course, despite an organization's best efforts to prevent network attacks and protect its critical data, some attacks will still be successful. Therefore, organizations need to be able to detect attacks in a timely fashion. This is accomplished by understanding the traffic that is flowing on your networks, looking for indications of an attack, and performing penetration testing and vulnerability analysis against your organization to identify problems and issues before a compromise occurs.

Finally, once an attack is detected we must react quickly and effectively and perform the forensics required. Knowledge gained by understanding how the attacker broke in can be fed back into more effective and robust preventive and detective measures, completing the security lifecycle.

Course Topics

  • How to build a comprehensive security program focused on preventing, detecting, and responding to attacks
  • Core components of building a defensible network infrastructure and how to properly secure routers, switches, and network infrastructure
  • Methods to detect advanced attacks of systems that are currently compromised
  • Formal methods for performing a penetration test to find weaknesses in an organization's security apparatus
  • Ways to respond to an incident and how to execute the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
  • Approaches to remediating malware and how to clean up a compromised system

March 6, 2017: SEC501.1: Defensive Network Infrastructure

March 7, 2017: SEC501.2: Packet Analysis

March 8, 2017: SEC501.3: Pentest

March 9, 2017: SEC501.4: First Responder

March 10, 2017: SEC501.5: Malware

March 11, 2017: SEC501.6: Data Loss Prevention

Who Should attend?

  • Incident response and penetration testers
  • Security Operations Center engineers and analysts
  • Network security professionals
  • Anyone who seeks technical in-depth knowledge about implementing comprehensive security solutions

Instructor Biography:

Bryce Galbraith
As a contributing author of the internationally bestselling book Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies, he was a member of Foundstone's renowned penetration testing team and served as a senior instructor and co-author of Foundstone's Ultimate Hacking: Hands-On course series. Bryce is currently the owner of Layered Security where he provides specialized vulnerability assessment and penetration testing services for clients. He teaches several of the SANS Institute's most popular courses and develops curriculum around current topics. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a who's who of top companies, financial institutions, and government agencies around the globe. Bryce is an active member of several security-related organizations, he holds several security certifications and speaks at conferences around the world.

Additional Information:
If you wish to receive additional information about this program, please contact Randy Marchany, IT Security Lab, Virginia Tech by e-mail at

 Continuing & Professional Education @ Virginia Tech  

Virginia Tech's Equal Opportunity/Affirmative Action Statement:
For individuals with disabilities: see the registration page