SANS SEC530 GDSA Defensible Security Architecture Engineering
 
This course is crafted to assist students in constructing and upholding a robust security architecture while guiding them in adopting Zero Trust principles, pillars, and capabilities. It emphasizes leveraging existing infrastructure and investments. Participants will learn to evaluate, reconfigure, and validate current technologies to enhance their organizations' prevention, detection, and response capabilities, bolster visibility, diminish attack surfaces, and even anticipate attacks creatively. The course explores the latest technologies, scrutinizing their functionalities, strengths, and weaknesses. Graduates will depart with recommendations and insights to aid in erecting a resilient security infrastructure across hybrid environments as they progress toward Zero Trust.

What You Will Learn
(NOTE: The interpretation of "architecture" varies among organizations and world regions. This course concentrates on strategic and technical applications, fine-tuning and implementing multiple infrastructure components, and cyber defense techniques. If you anticipate focusing solely on strategic solution placement, vendor products, and use cases, this system may not suit your needs.)

Traditional cyber defense methods, such as perimeter-based network security, have long underscored the importance of barring adversaries from infiltrating our networks by constructing a fortress that thwarts attackers while facilitating secure access for legitimate users. However, contemporary client-side attacks have underscored the inadequacy of the old perimeter security model, necessitating the adoption of new data-centric models like Zero Trust.

But is Zero Trust merely a marketing buzzword, a mere iteration of the well-established 'least privilege' mindset, or a genuinely innovative strategy? Is Zero Trust attainable, and if not, can 'less trust' be gradually implemented as part of a holistic defensible security architecture? How do we kick-start this process, and what tools and technologies are available to facilitate its implementation?

SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise is tailored to assist students in establishing and sustaining a holistic and layered security approach, guiding them towards a pragmatic implementation of 'less trust' based on Zero Trust principles, pillars, and capabilities. Adequate protection necessitates a balance between detection, prevention, and response capabilities, necessitating controls to be deployed across the network, directly on endpoints, and within cloud environments. The strengths and weaknesses of one solution complement another through strategic placement, implementation, and continuous fine-tuning.

This course amalgamates strategic infrastructure and tool placement concepts to address these concerns while delving into their technical application. It deliberates on available solutions and their successful application to reduce attack surfaces and implement adaptive trust. Crucially, it assesses the strengths and weaknesses of various solutions and elucidates how to layer them cohesively to achieve a defensible security architecture.

SEC530 is a hands-on class that imparts effective tactics and tools to architect and engineer for disruption, early warning detection, and response to prevalent attacks, drawing on the author's experience as highly skilled practitioners with extensive careers in cyber defense. It significantly emphasizes leveraging existing infrastructure (and investment), encompassing switches, routers, next-gen firewalls, IDS, IPS, WAF, SIEM, sandboxes, encryption, PKI, and proxies. Students will learn to evaluate, reconfigure, and validate these technologies to enhance their organizations' prevention, detection, and response capabilities, bolster visibility, diminish attack surfaces, and even anticipate attacks innovatively. The course also explores the latest technologies and their functionalities, strengths, and weaknesses. Graduates will depart with recommendations and insights to aid in erecting a resilient security infrastructure across hybrid environments as they progress toward Zero Trust.

While this course does not focus solely on monitoring, it seamlessly aligns with continuous security monitoring, ensuring that the security architecture not only supports prevention but also furnishes critical logs that can be integrated into behavioral detection and analytics systems, such as UEBA or Security Information and Event Management (SIEM), in a Security Operations Center (SOC).

Daily hands-on labs will reinforce key concepts in the course, imparting actionable skills that students can leverage upon returning to work.

Upon Completion, You Will Be Able To:

- Analyze a security architecture for deficiencies.
- Identify data, applications, assets, and services and assess compliance status.
- Implement technologies to enhance prevention, detection, and response capabilities.
- Recognize deficiencies in security solutions and understand how to fine-tune and operate them.
- Understand the impact of 'encrypt all' strategies.
- Apply the principles learned in the course to design a defensible security architecture.
- Determine appropriate security monitoring needs for organizations of all sizes.
- Maximize existing investment in security architecture by reconfiguring existing technologies.
- Determine capabilities required to support continuous monitoring of key Critical Security Controls.
- Configure appropriate logging and monitoring to support a Security Operations Center and continuous monitoring program.
- Design and Implement Zero Trust strategies leveraging current technologies and investment.

While the above points provide a brief overview of the knowledge and skills you will acquire, they merely scratch the surface of what this course offers.

Upon completing your SEC530 training journey and honing your skills, you'll be equipped to return to work and apply what you've learned in this course from day one.

This Course Will Prepare You To:

- Understand how to implement data-centric security architectures like Zero Trust.
- Layer security solutions ranging from network to endpoint and cloud-based technologies.
- Grasp the implications of proper placement of technical controls.
- Tune, adjust, and implement security techniques, technologies, and capabilities.
- Think creatively by utilizing standard security solutions in innovative ways.
- Balance visibility and detection with prevention, enabling better response times and capabilities.
- Recognize where prevention technologies are likely to fall short and how to supplement them with specific detection technologies.
- Understand how security infrastructure and solutions operate at a technical level and how to implement them effectively.
SANS SEC530 GDSA Defensible Security Architecture Engineering

GIAC Defensible Security Architecture:
The GIAC Defensible Security Architect (GDSA) certification validates a practitioner's ability to design and implement a strategic combination of network-centric and data-centric controls to balance prevention, detection, and response capabilities.

- Utilizing network-centric and data-centric security strategies to architect a layered defense.
- Assessing existing technology implementations to enhance prevention, detection, and response.
- Understanding and applying Zero Trust principles.