Tactical Security Operations Course

A hands-on security ops class for network and system administrators.


Class Duration

  • 2 days

Class Synopsis

Tactical Security Ops is a hands-on class that integrates security operations into the daily activities of network and system administrators. Students of the course will gain an appreciation for the security risks that threaten their environment and leave with practical skills that make them better prepared to face these threats. Students will spend time in labs implementing security tools, performing common attacks, analyzing the signs of the attacks, and hardening systems. Class discussions will focus on common security controls and how to adapt tools and processes to their own environments whether they are large or small.


The following serves as a tenative agenda for this class. The class is regularly updated to incorporate the latest information on security operations.

  • Session 1: Security Foundations
    • Introduction
    • Preparing: Security Foundation
    • Preparing: Standards and Compliance
    • Preparing: Defining Secure Environments
    • Lab: Access & Review Applicable Standards
  • Session 2: Network and Infrastructure Design
    • Building: Network Design
    • Lab: Segmentation Review
    • Building: Infrastructure Services
    • Lab: Disabling NetBIOS and LLMNR
    • Lab: Deploying ModSecurity
  • Session 3: Identity and Access Management
    • Building: Authentication and Authorization
    • Building: Privilege Management
    • Lab: Group Managed Service Accounts (gMSA)
    • Building: Password Management
  • Session 4: Device and Endpoint Security
    • Building: Devices
    • Lab: Finding Exploitable Windows Services
    • Building: Endpoint Security
    • Lab: AppLocker GPO
    • Building: Remote Workforce
  • Session 5: PowerShell and Active Directory
    • Building: PowerShell
    • Lab: Validate Powershell Language Mode and Logging
    • Building: Active Directory
    • Lab: Enforcing NTLMv2 and Kerberos
    • Lab: Restricting Access
  • Session 6: Maintaining Secure Environments
    • Maintaining Secure Environments
    • Maintaining: Inventory Management
    • Maintaining: Discovering Systems and Applications
    • Lab: Analyzing Traffic with Wireshark
    • Lab: Scanning with Nmap
    • Maintaining: Backup Concepts
  • Session 7: Vulnerability Management and Security Testing
    • Maintaining: Vulnerability Management
    • Lab: Exploring OpenVAS
    • Maintaining: Security Testing
    • Lab: MITRE Caldera
    • Common Attack Types
  • Session 8: Log Monitoring and Incident Response
    • Responding: Log Monitoring
    • Responding: Incident Response Preparation
    • Responding: Detection & Identification
    • Responding: Hunt Teaming


Students are expected to have some prior knowledge of network principles (i.e. be familiar with network troubleshooting, TCP/IP protocols, etc), and some general IT experience. Familiarity with command line interfaces and a basic understanding of security concept is also useful. This is not an advanced security class, however students with little IT experience may struggle to keep up.

To perform lab exercises, this class requires the use of a laptop with:

  1. A minimum of 8 GB RAM
  2. A minimum of 40 GB Free disk space
  3. Oracle VirtualBox installed and running



flat rate

up to 30 students

*Price does not include travel or cost of additional instructors for larger classes.

  • Best for Corporate Training
  • In person, on-site
  • Lecture only
  • Your venue



per student price

minimum 15 students

*Price does not include travel.

  • Best for Events
  • In person, on-site
  • Lecture only
  • Your venue