Curriculum | 15 Credit Hours
In this hands-on program, you'll begin with a foundational course, then progress through more advanced blue and red team electives. The capstone course (ISE 6250) synthesizes your purple team knowledge and skills, culminating with a Defend-the-Flag challenge. This is the curriculum order for this program.
Required Core Courses | 9 credit hours
- SANS Course: SEC460: Enterprise and Cloud | Threat and Vulnerability Assessment
Certification: GIAC Enterprise Vulnerability Assessor Certification (GEVA)
3 Credit Hours
ISE 6310 covers threat management, introduces the core components of comprehensive vulnerability assessment, and provides the hands-on instruction necessary to produce a vigorous defensive strategy. Through a detailed, practical analysis of threat intelligence, modeling, and automation, you will learn not only how to use the tools of the trade, but also how to implement a transformational security vulnerability assessment program to secure networks against even the most advanced intrusions.
- SANS Course: SEC501: Advanced Security Essentials - Enterprise Defender
Certification: GIAC Certified Enterprise Defender (GCED)
3 Credit Hours
ISE 6215 reinforces the theme that prevention is ideal, but detection is a must. Students will learn how to ensure that their organizations constantly improve their security posture to prevent as many attacks as possible. A key focus is on data protection, securing critical information no matter whether it resides on a server, in robust network architectures, or on a portable device.
Despite an organization's best effort at preventing attacks and protecting its critical data, some attacks will still be successful. Therefore students will also learn how to detect attacks in a timely fashion through an in-depth understanding the traffic that flows on networks, scanning for indications of an attack. The course also includes instruction on performing penetration testing, vulnerability analysis, and forensics.
- SANS Course: SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
Certification: GIAC Defending Advanced Threats (GDAT)
3 Credit Hours
ISE 6250 leverages the purple team concept by bringing together red and blue teams for maximum effect. Recognizing that a prevent-only strategy is not sufficient, the course focuses on current attack strategies and how they can be effectively mitigated and detected using a Kill Chain structure. Throughout the course, the purple team principle will be maintained, where attack techniques are first explained in-depth, after which effective security controls are introduced and implemented.
Blue Elective Courses | 3 credit hours
Students select one of the following.
- SANS Course: SEC503: Network Monitoring and Threat Detection In-Depth
Certification: GIAC Certified Intrusion Analyst Certification (GCIA)
3 Credit Hours
ISE 5401 delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, so that you can intelligently examine network traffic for signs of an intrusion. You will get plenty of practice learning to master different open source tools like tcpdump, Wireshark, Snort, Bro, tshark, and SiLK. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that you can transfer knowledge to execution.
- SANS Course: SEC511: Continuous Monitoring and Security Operations
Certification: GIAC Continuous Monitoring Certification (GMON)
3 Credit Hours
ISE 6240 teaches a proactive approach to enterprise security that presumes attackers will penetrate your environment and therefore emphasizes timely incident detection. The Defensible Security Architecture, Network Security Monitoring, Continuous Diagnostics and Mitigation, and Continuous Security Monitoring taught in this course - aligned with the National Institute of Standards and Technology (NIST) guidelines described in NIST SP 800-137 for Continuous Monitoring (CM) -- are designed to enable you and your organization to analyze threats and detect anomalies that could indicate cybercriminal behavior.
Red Elective Courses | 3 credit hours
Students select one of the following.
- SANS Course: SEC560: Enterprise Penetration Testing
Certification: GIAC Penetration Tester Certification (GPEN)
3 Credit Hours
ISE 6320 prepares students to conduct successful penetration testing and ethical hacking projects. The course starts with proper planning, scoping and recon, and then dives deep into scanning, target exploitation, password attacks, and wireless and web apps with detailed hands-on exercises and practical tips for doing the job safely and effectively. Students will participate in an intensive, hands-on Capture the Flag exercise, conducting a penetration test against a sample target organization.
- SANS Course: SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)