SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC501: Advanced Security Essentials - Enterprise Defender
SEC501Cyber Defense
- 6 Days (Instructor-Led)
- 38 Hours (Self-Paced)
- GIAC Certified Enterprise Defender (GCED)
- 38 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 25 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Gain hands-on, cross-disciplinary cyber defense skills and prepare for CERT/CSIRT roles with 25+ labs using real cyber tools for network security, malware analysis, SecOps, forensics, and more.
Featured Quote
This is the best technical training course I have ever taken. SEC501 exposed me to many valuable concepts and tools but also gave me a solid introduction to those tools so that I can continue to study and improve on my own.
Course Overview
As cyberattacks grow more sophisticated and damaging, enterprises must adopt a comprehensive PREVENT-DETECT-RESPOND strategy to protect critical data and maintain resilient network defenses. SEC501: Advanced Security Essentials – Enterprise Defender equips security professionals with the hands-on skills and knowledge needed to audit, harden, monitor, and defend infrastructure across both on-premises and cloud environments. By strengthening prevention, enhancing detection, and streamlining incident response, organizations can reduce risk, mitigate the impact of breaches, and continuously improve their cybersecurity posture.
What You’ll Learn
- Secure network infrastructure and harden devices
- Identify vulnerabilities through testing and assessments
- Detect threats using packet analysis and forensics
- Follow the six-step incident response process
- Analyze malware behavior and reverse code
- Use active defense and perform network forensics
- Understand attacker tactics to reduce risk
Business Takeaways
- Upskill technologists for stronger cyber defense
- Boost cybersecurity effectiveness and efficiency
- Build resilient, attack-resistant networks
- Identify and fix critical vulnerabilities
- Detect threats through system and network monitoring
- Understand attack methods across environments
Meet Your Authors
- Slide 1 of 2Ross BergmanRoss Bergman
Ross Bergman
Principal InstructorAfter a malicious attack in his lab, Ross pivoted from neuroscience to cybersecurity, driven by a passion for safeguarding digital assets. He has dedicated over three decades to fortifying enterprise defenses and mentoring future cyber leaders.
Read more about Ross Bergman - Slide 2 of 2Dave ShacklefordDave Shackleford
Dave Shackleford
Senior InstructorDave Shackleford, founder of Voodoo Security, has advanced cybersecurity through his leadership roles, including serving as CTO for the Center for Internet Security, where he coordinated the first published virtualization security benchmarks.
Read more about Dave Shackleford
Slide 1 of 0
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC501: Advanced Security Essentials - Enterprise Defender.
Section 1Defensive Network Architecture
In this course section we will discuss published security benchmarks, vendor guidance to secure various products, and regulatory requirements and how they impact defending infrastructure against specific attacks.
Topics covered
- Security Standards and Audit
- Authentication, Authorization, and Accounting
- Defending Network Infrastructure
Labs
- Initial Router Configuration and Audit
- Securing AAA
- Securing Redundancy Protocols
Section 2Penetration Testing
This course section will present the variety of tests that can be run against an enterprise, and show how to perform effective penetration tests to better understand the security posture for network services, operating systems, and applications.
Topics covered
- Penetration Testing Scoping and Rules of Engagement
- Open-Source Intelligence
- Social Engineering
Labs
- Network Scanning Fundamentals
- Scanning with Nessus
- Exploitation and Metasploit Basics
Section 3Security Operations Foundations
This course section will start with a brief introduction to network security monitoring, followed by a refresher on network protocols, with an emphasis on fields to look for as security professionals.
Topics covered
- Network Security Monitoring
- Advanced Packet Analysis
- Network Intrusion Detection/Prevention
Labs
- Analyzing PCAPs with tcpdump
- Attack Analysis with Wireshark
- Snort Basics
Section 4Digital Forensics and Incident Response
Students will learn how incident response currently operates, after years of evolving, in order to address the dynamic procedures used by attackers to conduct their operations.
Topics covered
- Active Defense
- DFIR Core Concepts
- Scaling and Scoping
Labs
- Active Defense: Honeypots
- Data Recovery with FTK Imager and Photorec
- Discovering Artifacts
Section 5Malware Analysis
In this course section, we will define each of the most popular types of malware and walk through multiple examples. The four primary phases of malware analysis will be covered: Fully Automated Analysis, Static Properties Analysis, Interactive Behavior Analysis, and Manual Code Reversing.
Topics covered
- Intro to Malware Analysis
- Malware Analysis Stages
Labs
- Static Properties Analysis of Ransomware
- Interactive Behavior Analysis of Ransomware
Section 6Enterprise Defender Capstone
This final course section will serve as a real-world challenge for students by requiring them to work in teams, use the skills they have learned throughout the course, think outside the box, and solve a range of problems from simple to complex.
Things You Need To Know
Relevant Job Roles
Protection
SCyWF: Protection And DefenseThis role uses cybersecurity tools to protect information, systems and networks from cyber threats. Find the SANS courses that map to the Protection SCyWF Work Role.
Explore learning pathNetwork Operations (OPM 441)
NICE: Implementation and OperationResponsible for planning, implementing, and operating network services and systems, including hardware and virtual environments.
Explore learning pathDefense
SCyWF: Protection And DefenseThis role uses monitoring and analysis tools to identify and analyze events and to detect incidents. Find the SANS courses that map to the Defense SCyWF Work Role.
Explore learning pathCybersecurity Instruction (OPM 712)
NICE: Oversight and GovernanceResponsible for developing and conducting cybersecurity awareness, training, or education.
Explore learning pathInfrastructure Support (OPM 521)
NICE: Protection and DefenseResponsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.
Explore learning pathDefensive Cybersecurity (OPM 511)
NICE: Protection and DefenseResponsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Explore learning pathCybersecurity Analyst/Engineer
Cyber DefenseAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathCybersecurity Implementer
European Cybersecurity Skills FrameworkDevelop, deploy and operate cybersecurity solutions (systems, assets, software, controls and services) on infrastructures and products.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price8,780ドル USD*Prices exclude applicable local taxesRegistration Options
- Location & instructor
SANS Cyber Defense Initiative 2025
Washington, DC, US & Virtual (live)
Instructed byDate & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes - Date & TimeFetching schedule..Course price1,335,000円 JPY*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,230ドル EUR*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,230ドル EUR*Prices exclude applicable local taxesRegistration Options
Showing 8 of 8
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4The disciplines/skills taught in SEC501 were exactly what my career and team needed to mature our SOC. Bryce Galbraith was an amazing, extremely knowledgeable instructor who kept all of the material interesting and fun.
- Slide 2 of 4I would recommend SEC501 as a strong foundation to any security practitioner role. It is broad but assumes a reasonable level of technical proficiency that is refreshing.
- Slide 3 of 4SEC501 offers a great explanation of Net Defense best practices that often get overlooked.
- Slide 4 of 4A must for cyber security professionals!
Slide 1 of 0
Benefits of Learning with SANS
Instructor teaching to a class
Get feedback from the world’s best cybersecurity experts and instructors
OnDemand Mobile App
Choose how you want to learn - online, on demand, or at our live in-person training events
Resources
Get access to our range of industry-leading courses and resources