Certificate Programs: Cyber Defense Operations

Certificate Programs: Cyber Defense Operations

The Cyber Defense Operations graduate certificate program is a highly technical, 12 credit hour program with a cohesive set of learning outcomes focused on teaching the applied technologies used to defend and secure information assets and business systems at an organization.

Because traditional counter defenses are no longer effective in stopping malware, viruses, and other advanced attacks-it is a forgone conclusion that targeted organizations will be compromised. Therefore, proactive and layered defensive tactics are needed to stop the adversary.

The Cyber Defense Operations certificate program provides a mechanism for students to learn the essential operational techniques used to defend an enterprise, plus allows them an elective choice to further specialize their capabilities. All work completed in the certificate program may be applied directly in fulfillment of the master's degree requirements should the student matriculate in the master's program.

Cyber Defense Operations Certificate - 12 credit hours

Required courses (expand for more info):
ISE 5401: Advanced Network Intrusion Detection and Analysis   |   SEC 503, GCIA

SANS class: SEC503 Intrusion Detection In-Depth
Assessment: GIAC GCIA
3 Credit Hours

ISE 5401 arms students with the core knowledge, tools, and techniques to detect and analyze network intrusions, building in breadth and depth for advanced packet and traffic analysis. Hands-on exercises supplement the course book material, allowing students to transfer the knowledge in their heads to their keyboards using the Packetrix VMware distribution. As the Packetrix name implies, the distribution contains many of the tricks of the trade to perform packet and traffic analysis.

ISE 6240: Continuous Monitoring and Security Operations   |   SEC 511, GMON

SANS class: SEC 511 Continuous Monitoring and Security Operations
Assessment: GIAC GCCC
3 Credit Hours

ISE6240 teaches a proactive approach to enterprise security that presumes attackers will penetrate your environment and therefore emphasizes timely incident detection. The Defensible Security Architecture, Network Security Monitoring, Continuous Diagnostics and Mitigation, and Continuous Security Monitoring taught in this course - aligned with the National Institute of Standards and Technology (NIST) guidelines described in NIST SP 800-137 for Continuous Monitoring (CM) - are designed to enable you and your organ.

Selection of two (2) of the following:
ISE 6001: Implementing and Auditing Critical Security Controls   |   SEC 566, GCCC

SANS class: SEC566 Implementing and Auditing the Critical Security Controls - In-Depth
Assessment: GIAC GCCC
3 Credit Hours

Students are introduced to security standards and their implementation, with particular focus on the consensus Critical Controls guidelines that were developed through collaboration of U.S. Departments of Defense and Energy, the U.S. Computer Emergency Readiness Team, the FBI and other law enforcement agencies, and civilian penetration testers. The course teaches the theoretical and practical underpinnings for implementing or deploying a strategy for information assurance in an agency or organization. Using the information presented in the ISE 5101 course, this course helps students understand not only what to do to stop a threat, but why the threat exists and how to ensure that their organization is indeed in compliance with their standards.

ISE 6215: Advanced Security Essentials   |   SEC 501, GCED

SANS class: SEC501 Advanced Security Essentials - Enterprise Defender
Assessment: GIAC GCED
3 Credit Hours

Students will learn how to design and build a secure network that can both prevent attacks and recover after a compromise. They will also learn how to retrofit an existing network to achieve the level of protection that is required. While prevention is important to learn, students will also learn how to detect the indications that the attack is in progress and stop it before significant harm is caused. Packet analysis and intrusion detection are at the core of this study. In the third module, students will learn about the variety of tests that can be run against an organization and how to perform effective penetration testing. To round out the defensive posture, students will learn the practice of identifying, analyzing, and responding effectively to attacks, including the identification of malware and steps that can be taken to prevent data loss.

ISE 6230: Securing Windows with the Critical Security Controls   |   SEC 505, GCWN

SANS class: Securing Windows and PowerShell Automation
Assessment: GIAC GCWN
3 Credit Hours

ISE 6230 shows students how to secure servers, workstations and portable devices running Microsoft Windows. Windows is the most frequent target of hackers and advanced malware. While other courses focus on detection or remediation of a compromise after the fact, the aim of this course is to substantially reduce these compromises in the first place. For scalability and automation, this course includes many hands-on labs with Group Policy and PowerShell scripting. No prior scripting experience is required. Learning at least the basics of PowerShell is an essential skill for anyone who manages Windows servers or clients in an enterprise.

ISE 6235: Securing Linux/Unix   |   SEC 506, GCUX

SANS class: SEC506 Securing Linux/Unix
Assessment: GIAC GCUX
3 Credit Hours

ISE 6235 provides the specific technical education to enable students to secure Linux and Unix clients and infrastructure. This course is particularly valuable for students who are involved with sysadmins and network administrators, given the popularity of *nix tools in that space. The course covers various vulnerabilities and defenses, and includes an introduction to forensic methods for *nix systems.

Download the Cyber Defense Operations certificate Briefing Document in .pdf format.

The ideal candidate for the Cyber Defense Operations certificate program is an information technology professional with a year or more of experience working with network infrastructures, or an information security professional who is or seeks to specialize in setting up defense-in-depth strategies, auditing for their effectiveness. Candidates will also be interested in the follow-on detection and response activities to malicious traffic in order to maintain defensible networks.

Graduates of the Cyber Defense Operations post-baccalaureate certificate program will be able to:

  1. Utilize a broad range of current tools and technologies in the design and implementation of security solutions deployed across organizations.
  2. Identify the information assets of an enterprise, classify them by value, and determine what management and technical controls can be used to monitor and audit them effectively.
  3. Develop a program for analyzing the risk to the information assets in an enterprise and determining which technical and management controls can mitigate, remove, or transfer that risk.
  4. Articulate important attacker techniques, analyze the traffic that flows on networks, and identify indications of an attack, engage in penetration testing within their organization, and respond to incidents associated with these activities within their organization

For additional, detailed technical goals for each course, please review the educational goals listed for each SANS class.

Tuition for each course in a certificate program is $5,000, and all courses may be taken either live at a SANS event or online from home or work. Credit is earned only when a student enrolls first in a given certificate program and then registers for the appropriate graduate courses.

Admissions to the Cyber Defense Operations Certificate Program

To apply, please view the Admissions Page dedicated to the SANS Graduate Certificate Programs.