• Watch a preview of this course • Discover how to take this course: Online, In-Person sans.org/sec530 SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise SEC530 is designed to help students establish and maintain a holistic and layered approach to security, while taking them on a journey towards a realistic ‘less trust’ implementation, based on Zero Trust principles, pillars and capabilities. Effective security requires a balance between detection, prevention, and response capabilities, but such a balance demands that controls be implemented on the network, directly on endpoints, and within cloud environments. The strengths and weaknesses of one solution complement another solution through strategic placement, implementation, and continuous fine-tuning. To address these issues, this course focuses on combining strategic concepts of infrastructure and tool placement while also diving into their technical application. We will discuss and identify what solutions are available and how to apply them successfully to reduce attack surface and implement adaptive trust. Most importantly, we’ll evaluate the strengths and weaknesses of various solutions and how to layer them cohesively to achieve a defensible security architecture. SEC530 is a practical class, focused on teaching effective tactics and tools to architect and engineer for disruption, early warning detection, and response to most prevalent attacks, based on the experience of the authors, highly experienced practitioners with an extensive career in cyberdefense. There will be a heavy focus on leveraging current infrastructure (and investment), including switches, routers, next-gen firewalls, IDS, IPS, WAF, SIEM, sandboxes, encryption, PKI and proxies, among others. Students will learn how to assess, re-configure and validate these technologies to significantly improve their organizations’ prevention, detection and response capabilities, augment visibility, reduce attack surface, and even anticipate attacks in innovative ways. The course will also delve into some of the latest technologies and their capabilities, strengths, and weaknesses. You will come away with recommendations and suggestions that will aid in building a robust security infrastructure, layer by layer, across hybrid environments, as you embark on a journey towards Zero Trust. While this is not a monitoring course, it will dovetail nicely with continuous security monitoring, ensuring that your security architecture not only supports prevention but also provides the critical logs that can be fed into behavioral detection and analytics systems, like UEBA or Security Information and Event Management (SIEM), in a Security Operations Center (SOC). Multiple hands-on labs conducted daily will reinforce key points in the course and provide actionable skills that students will be able to leverage as soon as they return to work. Business Takeaways • Identify and comprehend deficiencies in security solutions • Design and Implement Zero Trust strategies leveraging current technologies and investment • Maximize existing investment in security architecture by reconfiguring existing technologies • Layer defenses to increase protection time while increasing the likelihood of detection • Improved prevention, detection, and response capabilities • Reduced attack surface You Will Be Able To • Analyze a security architecture for deficiencies • Discover data, applications, assets and services, and assess compliance state • Implement technologies for enhanced prevention, detection, and response capabilities • Comprehend deficiencies in security solutions and understand how to tune and operate them • Understand the impact of ‘encrypt all’ strategies • Apply the principles learned in the course to design a defensible security architecture • Determine appropriate security monitoring needs for organizations of all sizes • Maximize existing investment in security architecture by reconfiguring existing technologies • Determine capabilities required to support continuous monitoring of key Critical Security Controls • Configure appropriate logging and monitoring to support a Security Operations Center and continuous monitoring program • Design and Implement Zero Trust strategies leveraging current technologies and investment 6 Day Program 36 CPEs Laptop Required GDSA Defensible Security Architecture giac.org/gdsa “ SEC530 provided an excellent understanding of application attacks and how to protect against them.” — Shayne Douglass, AMEWAS Inc. GIAC Defensible Security Architecture “The GIAC Defensible Security Architecture (GDSA) certificate is an industry certification that proves an individual is capable of looking at an enterprise defense holistically. A GDSA no longer emphasizing security through a single control but instead applies multiple controls ranging from network security, cloud security, and data-centric security approaches to properly prevent, detect, and respond. The end result is defense-in-depth that is maintainable and works.” — Justin Henderson, SEC530 Course Author • Defensible Security Architecture: network- centric and data-centric approaches • Network Security Architecture: hardening applications across the TCP/IP stack • Zero Trust Architecture: secure environment creation with private, hybrid or public clouds GDSA Defensible Security Architecture giac.org/gdsa
