Graduate Certificate Programs: Cyber Defense Operations

Graduate Certificate Programs: Cyber Defense Operations

Graduate Certificate Program in
Cyber Defense Operations

Designed for working InfoSec and IT professionals, the graduate certificate program in Cyber Defense Operations is a 12-credit-hour sequence of highly technical, hands-on courses focused on teaching the applied technologies used to defend and secure information assets and business systems at an organization.

Because traditional counter defenses are no longer effective in stopping malware, viruses, and other advanced attacks, it is a forgone conclusion that targeted organizations will be compromised. Therefore, proactive and layered defensive tactics are needed to stop the adversary.

In the Cyber Defense Operations certificate program, you'll learn the essential operational techniques used to defend an enterprise and you'll select an elective course to further specialize your skill set.

Learn How To

  1. Utilize a broad range of current tools and technologies in the design and implementation of security solutions deployed across organizations.
  2. Identify the information assets of an enterprise, classify them by value, and determine what management and technical controls can be used to monitor and audit them effectively.
  3. Develop a program for analyzing the risk to the information assets in an enterprise and determining which technical and management controls can mitigate, remove, or transfer that risk.
  4. Articulate important attacker techniques, analyze the traffic that flows on networks, and identify indications of an attack, engage in penetration testing within their organization, and respond to incidents associated with these activities within their organization.

Curriculum | 12 credit hours

Click on each course title for a full description.

Core Courses (6 credit hours):
ISE 5401: Intrusion Detection In-Depth |   SEC 503, GCIA

Content: SANS SEC 503 Intrusion Detection In-Depth
Assessment: GIAC GCIA Exam
3 Credit Hours

ISE 5401 arms students with the core knowledge, tools, and techniques to detect and analyze network intrusions, building in breadth and depth for advanced packet and traffic analysis. Hands-on exercises supplement the course book material, allowing students to transfer the knowledge in their heads to their keyboards using the Packetrix VMware distribution. As the Packetrix name implies, the distribution contains many of the tricks of the trade to perform packet and traffic analysis.

ISE 6240: Continuous Monitoring and Security Operations   |   SEC 511, GMON

Content: SANS SEC 511 Continuous Monitoring and Security Operations
Assessment: GIAC GMON Exam
3 Credit Hours

ISE 6240 teaches a proactive approach to security that is needed to enhance the capabilities of organizations to detect threats that will inevitably slip through their defenses. The Defensible Security Architecture, Network Security Monitoring (NSM)/Continuous Diagnostics and Mitigation (CDM)/Continuous Security Monitoring (CSM) taught in this course will help students best position their organization or Security Operations Center (SOC) to analyze threats and detect anomalies that could indicate cybercriminal behavior.

Elective Courses (6 credit hours):

Students select two of the following courses.

ISE 6001: Implementing & Auditing the Critical Security Controls |   SEC 566, GCCC

Content: SANS SEC 566 Implementing and Auditing the Critical Security Controls - In-Depth
Assessment: GIAC GCCC Exam
3 Credit Hours

Students are introduced to security standards and their implementation, with particular focus on the consensus Critical Controls guidelines that were developed through collaboration of U.S. Departments of Defense and Energy, the U.S. Computer Emergency Readiness Team, the FBI and other law enforcement agencies, and civilian penetration testers. The course teaches the theoretical and practical underpinnings for implementing or deploying a strategy for information assurance in an agency or organization. Using the information presented in the ISE 5101 course, this course helps students understand not only what to do to stop a threat, but why the threat exists and how to ensure that their organization is indeed in compliance with their standards.

ISE 6215: Advanced Security Essentials   |   SEC 501, GCED

Content: SANS SEC 501 Advanced Security Essentials - Enterprise Defender
Assessment: GIAC GCED Exam
3 Credit Hours

Students will learn how to design and build a secure network that can both prevent attacks and recover after a compromise. They will also learn how to retrofit an existing network to achieve the level of protection that is required. While prevention is important to learn, students will also learn how to detect the indications that the attack is in progress and stop it before significant harm is caused. Packet analysis and intrusion detection are at the core of this study. In the third module, students will learn about the variety of tests that can be run against an organization and how to perform effective penetration testing. To round out the defensive posture, students will learn the practice of identifying, analyzing, and responding effectively to attacks, including the identification of malware and steps that can be taken to prevent data loss.

ISE 6230: Securing Windows & PowerShell Automation |   SEC 505, GCWN

Content: SANS Securing Windows and PowerShell Automation
Assessment: GIAC GCWN Exam
3 Credit Hours

ISE 6230 shows students how to secure servers, workstations and portable devices running Microsoft Windows. Windows is the most frequent target of hackers and advanced malware. While other courses focus on detection or remediation of a compromise after the fact, the aim of this course is to substantially reduce these compromises in the first place. For scalability and automation, this course includes many hands-on labs with Group Policy and PowerShell scripting. No prior scripting experience is required. Learning at least the basics of PowerShell is an essential skill for anyone who manages Windows servers or clients in an enterprise.

ISE 6235: Securing Linux/Unix   |   SEC 506, GCUX

Content: SANS SEC 506 Securing Linux/Unix
Assessment: GIAC GCUX Exam
3 Credit Hours

ISE 6235 provides the specific technical education to enable students to secure Linux and Unix clients and infrastructure. This course is particularly valuable for students who are involved with sysadmins and network administrators, given the popularity of *nix tools in that space. The course covers various vulnerabilities and defenses, and includes an introduction to forensic methods for *nix systems.

Who Should Enroll

The Cyber Defense Operations graduate certificate program is designed for information technology professionals with a year or more of experience working with network infrastructures, or for information security professionals who are or seek to specialize in implementing defense-in-depth strategies and auditing for their effectiveness.

The SANS Technology Institute Advantage

Live and Online Study Options

  • The graduate certificate program can be completed entirely online, through immersive weeklong live courses, or in combination. View course delivery options.

Flexibility for Working Professionals

  • Monthly admissions windows mean you can start on your schedule and earn the graduate certificate in roughly two years.

Credentials that Showcase Your Skills

  • Earn industry-recognized GIAC certifications that validate your skill set in critical, specialized areas of InfoSec.

World-class Faculty

Pathway to a Master's Degree

  • Credits earned in the certificate program may be applied directly toward the master's degree program should you later apply and be accepted.

Quick Links

Admissions Deadlines & Application Requirements
Tuition & Options for Funding



Questions?

We're happy to help.
Email info@sans.edu or call (301) 241-7665.