Curriculum | 12 credit hours
Through our highly technical Cyber Defense Operations courses, you will learn the essential operational techniques used to defend an enterprise and you'll have the opportunity to customize the curriculum toward your specific interests or job role. This is the curriculum order for this program.
Required Core Courses | 6 credit hours
ISE 6240: Cybersecurity Engineering: Advanced Threat Detection and Monitoring | SEC511 + GMON
SANS Course: SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
Certification: GIAC Continuous Monitoring Certification (GMON)
3 Credit Hours
ISE 6240 teaches a proactive approach to enterprise security that presumes attackers will penetrate your environment and therefore emphasizes timely incident detection. The Defensible Security Architecture, Network Security Monitoring, Continuous Diagnostics and Mitigation, and Continuous Security Monitoring taught in this course - aligned with the National Institute of Standards and Technology (NIST) guidelines described in NIST SP 800-137 for Continuous Monitoring (CM) - are designed to enable you and your organization to analyze threats and detect anomalies that could indicate cybercriminal behavior.
ISE 6255: Defensible Security Architecture & Engineering | SEC530 + GDSA
SANS Course: SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
Certification: GIAC Defensible Security Architect Certification (GDSA)
3 Credit Hours
Effective security requires a balance between detection, prevention, and response capabilities. Defensible Security Architecture and Engineering is designed to help you establish and maintain a holistic and layered approach to security. You’ll explore the fundamentals of up-to-date defensible security architecture and how to engineer it, with a heavy focus on leveraging current infrastructure (and investment), including switches, routers, and firewalls. You’ll learn how to reconfigure these devices to significantly improve your organization’s prevention capabilities in the face of today's dynamic threat landscape. The course will also delve into the latest technologies and their capabilities, strengths, and weaknesses. Multiple hands-on labs will reinforce key points in the course and provide actionable skills you will be able to leverage immediately at work.
Elective Courses | 6 credit hours
Students select two of the following.
ISE 4450: Blue Team Fundamentals: Security Operations and Analysis | SEC450 + GSOC
SANS Course: SEC450: Blue Team Fundamentals: Security Operations and Analysis
Certification: GIAC Security Operations Certified (GSOC)
3 Credit Hours
ISE 4450 provides you with technical knowledge and key concepts essential for security operation center (SOC) analysts and new cyber defense team members. You will learn the stages of security operations: how data is collected, where it is collected, and how threats are identified within that data. The class dives deep into tactics for triage and investigation of events that are identified as malicious, as well as how to avoid common mistakes and perform continual high-quality analysis. You will learn the inner workings of the most popular protocols, and how to identify weaponized files as well as attacks within the hosts and data on their network.
The course employs practical, hands-on instruction using a simulated SOC environment with a real, fully-integrated toolset that includes:
- Security Information and Event Management (SIEM)
- An incident tracking and management system
- A threat intelligence platform
- Packet capture and analysis
- Automation tools
ISE 6215: Advanced Security Essentials | SEC501 + GCED
SANS Course: SEC501: Advanced Security Essentials - Enterprise Defender
Certification: GIAC Certified Enterprise Defender (GCED)
3 Credit Hours
ISE 6215 reinforces the theme that prevention is ideal, but detection is a must. Students will learn how to ensure that their organizations constantly improve their security posture to prevent as many attacks as possible. A key focus is on data protection, securing critical information no matter whether it resides on a server, in robust network architectures, or on a portable device.
Despite an organization's best effort at preventing attacks and protecting its critical data, some attacks will still be successful. Therefore students will also learn how to detect attacks in a timely fashion through an in-depth understanding the traffic that flows on networks, scanning for indications of an attack. The course also includes instruction on performing penetration testing, vulnerability analysis, and forensics.
ISE 5401: Intrusion Detection In-Depth | SEC503 + GCIA
SANS Course: SEC503: Network Monitoring and Threat Detection In-Depth
Certification: GIAC Certified Intrusion Analyst Certification (GCIA)
3 Credit Hours
ISE 5401 delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, so that you can intelligently examine network traffic for signs of an intrusion. You will get plenty of practice learning to master different open source tools like tcpdump, Wireshark, Snort, Bro, tshark, and SiLK. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that you can transfer knowledge to execution.
ISE 6250: Purple Team Tactics & Kill Chain Defenses | SEC599 + GDAT
SANS Course: SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
Certification: GIAC Defending Advanced Threats (GDAT)
3 Credit Hours
ISE 6250 leverages the purple team concept by bringing together red and blue teams for maximum effect. Recognizing that a prevent-only strategy is not sufficient, the course focuses on current attack strategies and how they can be effectively mitigated and detected using a Kill Chain structure. Throughout the course, the purple team principle will be maintained, where attack techniques are first explained in-depth, after which effective security controls are introduced and implemented.
ISE 6270: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals | SEC595 + GMLE
SANS Course: SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
Certification: GIAC Machine Learning Engineer (GMLE)
3 Credit Hours
This course is squarely centered on solving information security problems. This course covers the necessary mathematics theory and fundamentals students absolutely must know to allow them to understand and apply the machine learning tools and techniques effectively. The course progressively introduces and applies various statistic, probabilistic, or mathematic tools (in their applied form), allowing you to leave with the ability to use those tools. The hands-on projects provide a broad base from which you can build your own machine learning solutions. This course teaches how AI tools like ChatGPT really work so that you can intelligently discuss their potential use by organizations and how to build effective solutions to solve real cybersecurity problems using machine learning and AI.
ISE 6350: Automating Information Security with Python | SEC573 + GPYC
SANS Course: SEC573: Automating Information Security with Python
Certification: GIAC Python Coder (GPYC)
3 Credit Hours
The ISE 6350 course teaches student in the pen testing specialization, and other students who want to use the Python programming language, how to enhance their overall effectiveness during information security engagements. Students will learn how to apply core programming concepts and techniques learned in other courses through the Python programming language. The course teaches skills and techniques that can enhance an information security professional in penetration tests, security operations, and special projects. Students will create simple Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logs or sets of data.
ISE 6655: Cloud Security Threat Detection | SEC541 + GCTD
SANS Course: SEC541: Cloud Security Threat Detection
Certification: GIAC Cloud Threat Detection (GCTD)
3 Credit Hours
ISE 6655 provides hands-on-keyboard experience through 21 practical labs, covering AWS, Azure, and Microsoft 365. This course empowers your team to master cloud-native logging, threat detection, and monitoring, solving hidden, low-hanging but high ROI issues. Equip your team with the skills to necessary to enhance your organization's cloud security posture and stay ahead of potential breaches with SEC541.