Tactical Security Operations

A hands-on security ops class for network and system administrators.

Class Synopsis

Tactical Security Ops is a hands-on class that integrates security operations into the daily activities of network and system administrators. Students of the course will gain an appreciation for the security risks that threaten their environment and leave with practical skills that make them better prepared to face these threats. Students will spend time in labs implementing security tools, performing common attacks, analyzing the signs of the attacks, and hardening systems. Class discussions will focus on common security controls and how to adapt tools and processes to their own environments whether they are large or small.

Duration: 2 days

Features: This training can be conducted live and in person. This training includes practical labs and exercises.

To Register: Contact Us


The following serves as a tenative agenda for this class. The class is regularly updated to incorporate the latest information on security operations.

  • Session 1: Security Foundations
    • Introduction
    • Preparing: Security Foundation
    • Preparing: Standards and Compliance
    • Preparing: Defining Secure Environments
    • Lab: Access & Review Applicable Standards
  • Session 2: Network and Infrastructure Design
    • Building: Network Design
    • Lab: Segmentation Review
    • Building: Infrastructure Services
    • Lab: Disabling NetBIOS and LLMNR
    • Lab: Deploying ModSecurity
  • Session 3: Identity and Access Management
    • Building: Authentication and Authorization
    • Building: Privilege Management
    • Lab: Group Managed Service Accounts (gMSA)
    • Building: Password Management
  • Session 4: Device and Endpoint Security
    • Building: Devices
    • Lab: Finding Exploitable Windows Services
    • Building: Endpoint Security
    • Lab: AppLocker GPO
    • Building: Remote Workforce
  • Session 5: PowerShell and Active Directory
    • Building: PowerShell
    • Lab: Validate Powershell Language Mode and Logging
    • Building: Active Directory
    • Lab: Enforcing NTLMv2 and Kerberos
    • Lab: Restricting Access
  • Session 6: Maintaining Secure Environments
    • Maintaining Secure Environments
    • Maintaining: Inventory Management
    • Maintaining: Discovering Systems and Applications
    • Lab: Analyzing Traffic with Wireshark
    • Lab: Scanning with Nmap
    • Maintaining: Backup Concepts
  • Session 7: Vulnerability Management and Security Testing
    • Maintaining: Vulnerability Management
    • Lab: Exploring OpenVAS
    • Maintaining: Security Testing
    • Lab: MITRE Caldera
    • Common Attack Types
  • Session 8: Log Monitoring and Incident Response
    • Responding: Log Monitoring
    • Responding: Incident Response Preparation
    • Responding: Detection & Identification
    • Responding: Hunt Teaming

Prerequisites & Equipment

Students are expected to have some prior knowledge of network principles (i.e. be familiar with network troubleshooting, TCP/IP protocols, etc), and some general IT experience. Familiarity with command line interfaces and a basic understanding of security concept is also useful. This is not an advanced security class, however students with little IT experience may struggle to keep up.

To perform lab exercises, this class requires the use of a laptop with:

  1. A minimum of 8 GB RAM
  2. A minimum of 40 GB Free disk space
  3. Oracle VirtualBox installed and running

TSO Pricing

The pricing for this class is available as either per-seat (convenient for events) or at a flat rate for an instructor:

Instructor Flat Rate

Flat rate$9,000*Up to 30 students
  • Best for Corporate Training
  • In person, on-site
  • Lecture & Labs
  • Your venue
Request This*Price does not include travel or cost of additional instructors for larger classes.

Per-Seat Rate

Per student price$500*Minimum 15 students
  • Best for Events
  • In person, on-site
  • Lecture & Labs
  • Your venue
Request This*Price does not include travel.

Looking for something else?