Top-tier Training Classes for your team from the industry's best

This foundational course is designed to provide the basic tools needed to protect the data that is most valuable to your business.  Since data is an integral part of an organization’s core operations, it’s important to build a solid foundation for understanding the considerations and mechanisms related to data protection.

The protection of sensitive data is paramount for information security professionals.  The course is intended to help provide the techniques and tools needed to conduct a self-assessment of your data protection program.  This helps ensure that your limited resources are being dedicated to the places within your security program needing the most attention, and based on corporate goals, needs, and regulatory compliance requirements.

 

 

 

Check Upcoming Public Course Dates

Since 2003, OWASP has released the Top 10 Most Critical Web Application Security Risks list.  It has been the basis of much development and consternation, but do you really understand what each of these issues and their corresponding controls mean?  As a developer, do you know how to prevent these issues?  As a security professional, do you truly know what they are and how to evaluate their effectiveness?

In this course, Secure Ideas will walk attendees through the various items in the latest OWASP Top 10 and corresponding controls.  Students will leverage modern applications to explore how the vulnerabilities work and how to find them in their own applications.

 

 

Check Upcoming Public Course Dates

The Red Team Fundamentals for Active Directory course is an 8-hour class focused on explaining the fundamentals of Active Directory and how different aspects can be exploited when performing penetration tests.  The goal is not only to cover different attacks but also explain the details of why they work and how an environment can be made resilient to them and potentially detect malicious activity.  This combination opens the course to those looking to hone their offensive skills as well as those who are protecting an enterprise network.

The course mixes lecture with a number of hands-on exercises to reinforce the information and techniques.  The activities will cover ways to examine an Active Directory environment, looking for a variety of misconfigurations that are commonly seen in Active Directory implementations (even by some security conscious entities), and then exploit these issues to pivot and escalate our access. Ultimately, the students will gain full control of an AD Forest.

While in class, students will be provided access to a lab containing realistic targets and tools to learn both the attacks and defenses of Active Directory.  This environment enables the attendees to understand how the covered techniques are used in the real world.

 

 

Check Upcoming Public Course Dates

This hands-on course will teach students a basic methodology for network penetration testing and an introduction to the processes used.  Students will walk through the phases of Reconnaissance, Mapping, Discovery, Exploitation, and Post-Exploitation with demonstrations of various tools and tactics used in each phase.  The course is heavily focused on hands-on labs so that students have the opportunity to actually use common tools and techniques.  By the end of training, students will understand the structure of a network penetration test and have the experience necessary to begin practicing the demonstrated toolsets.

 

 

Check Upcoming Public Course Dates

This course is designed to introduce IT professionals to the Payment Card Industry collection of standards as defined and enforced by the Payment Card Industry Security Standards Council.  The first half of the course summarizes the structure and history of PCI, the primary standards documents, and the various certification programs for professionals.  The second half of the course dives into a summary of the components of the PCI Data Security Standard (PCI DSS).  This is a high-level, introductory summary designed to provide a general understanding of the requirements in the PCI DSS.

 

 

Check Upcoming Public Course Dates

The Foundational Application Security Training (FAST) course is an 8-hour class focused on explaining the fundamentals of applications and their security.  This lecture-focused class is designed to allow managers, product owners, support staff and non-developers understand application security.  This lecture includes what makes up the various modern application technologies, the application development process, what vulnerabilities and risk are exposed via applications and how the attacks happen.  This course will enable organizations to improve how they focus on application security while continuing to increase the coordination between the various teams including development, project management, product owners, IT, and security.  Attendees will be able to understand and explain the various risks and controls within a secure modern application environment.

 

 

Check Upcoming Public Course Dates

This course is designed to cover the core fundamentals of container and container orchestration security.  We’ll explore container security concerns, configuration issues, and how to abuse them as an attacker.  Then we’ll switch gears and explore the ways that we can prevent the attacks we just carried out.  This will all be done in a hands-on lab driven manner.  This class is focused primarily on Docker and Kubernetes but many of the core concepts can be applied to other container technologies.

 

 

Check Upcoming Public Course Dates

This workshop-style intermediate course is designed to complement a student’s understanding of traditional Web Application Security.  It focuses on modern application and API security features and tactics to protect APIs and microservices from attacks.  Because the material in this course leans on standard HTTP and browser features, and standard web and API security best practices, the lessons and labs are applicable across programming languages and platform implementations.  This material in this course is approached both from the perspective of an adversary and that of a defender.

 

 

Check Upcoming Public Course Dates

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”. It is one of the primary certifications used as a stepping point in your cybersecurity career.

This class is set up to cover the 8 domains of the ISC2 CBK:

• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management (IAM)
• Security Assessment and Testing
• Security Operations
• Software Development and Security

 

 

Check Upcoming Public Course Dates

Through engaging lectures, hands-on insights, and real-world examples, attendees will gain the knowledge necessary to understand, assess, and improve the cybersecurity posture of ICS/OT systems without compromising operational goals.  

 

 

Check Upcoming Public Course Dates