Training Opportunities

To register for a training session, you must be registered for the Summit. If you are already registered and you would like to add on a training, you may do so in your personal registration portal which you can access from your registration confirmation email or email NCSregistration@eventPower.com for assistance. If you have not registered for the Summit, you may register now below.

REGISTER NOW
 

One Day Training | Monday, September 23

Mastering Active Directory Exploitation

Training by: Applied Technology Academy
Presenter: Mr. Kelley Matthew & Bailey Marshall
Date: Monday, September 23 | 9:00a.m. - 4:00p.m.
Price: $425.00

Description
This intensive seminar offers a comprehensive exploration of Active Directory (AD) security, equipping participants with a deep understanding of both defensive and offensive strategies. Through a combination of foundational instruction, interactive exercises, and hands-on labs (using the Hack The Box platform), participants will gain the ability to identify and exploit misconfigurations commonly encountered in real-world environments. Particular emphasis is placed on offensive security techniques, including the use of industry-standard tools for enumeration and attack simulations. This seminar is designed for security professionals and penetration testers seeking to bolster their expertise in compromising AD environments. Students must have a fundamental understanding of Linux and Windows command line syntax.
 


Real Network Penetration Testing

Training by: Real Hax
Presenter: Mr. Royce Davis, Principal Engineer
Date: Monday, September 23 | 9:00a.m. - 4:00p.m.
Price: $575.00

Description
Welcome to Real Network Penetration Testing, a realistic, hands-on simulation of an Internal Network Penetration Test (INPT). During this training, you will conduct an enterprise-grade network attack simulation targeting your own virtual lab environment containing Windows and Linux systems modeled after real-world enterprise technology stacks. The training curriculum is based on the author's book, The Art of Network Penetration Testing, and is intended for entry-level students with little or no experience in professional penetration testing. 

The four phases of a network pentest Information Discovery - Identifying network-accessible hosts - Enumerating listening services - Interrogating services for exploitable weaknesses Focused Penetration - Attacking web services - Passive credential harvesting - Abusing network file shares - Cracking SPN hashes (Kerberoasting) 

Q&A Privilege Escalation - Abusing Windows service misconfiguration - Common user-to-root escalation paths in Linux - Establishing persistence with Mythic C2 - Lateral movement and escalation to Domain Admin Documentation - Components of a solid pentest deliverable - Narrating network attacks for executives - Post-engagement cleanup Final Thoughts/Class-lead discussion

https://vimeo.com/789154564 
 


 

A Hands-On Review of NIST 800-218 : Secure Software Framework

Training by: CodeLock
Presenters: Mr. Brian Gallagher, CodeLock
Date: Monday, September 23, 2024 | 9:00a.m. - 4:00p.m.
Price: $175.00

Description
At the end of this seminar, attendees of this seminar will: 1. Understanding Compliance Requirements: Gain a comprehensive overview of new secure software development attestation requirements, including NIST 800-218 and Executive Order 14028, and their implications for government software vendors. 2. Be Able to Navigate Common Pain Points: Learn about the common challenges and pain points faced by software vendors in meeting these stringent security and compliance standards, including documentation burdens and vulnerability management. 3. Leverage CodeLock for Compliance: Discover how CodeLock’s features, such as compliance tracking, real-time monitoring, Software Bill of Materials (SBOM) generation, and automated vulnerability scanning, can simplify the compliance process and enhance security posture. 4. Understand Practical Implementation Strategies: Explore practical strategies for integrating CodeLock into your software development workflow to ensure continuous compliance and secure software development practices. 5. Review Case Studies and Success Stories: Review real-world examples and case studies of how other government software vendors have successfully implemented CodeLock to meet attestation requirements, reduce risk, and maintain contract eligibility. Every attendee will be given access to the CodeLock compliance tool as part of the attendance fee.
 


 

NVIDIA GenAI Workshop

Training by: Dell Technologies
Presenters: Ms. Laura Byrd, Dell
Date: Monday, September 23, 2024 | 9:00a.m. - 4:00p.m.
Price: $75.00

Description
A full-day workshop providing attendees with hands-on experience with the latest Generative AI (GenAI) technology from industry leader NVIDIA. Attendees will gain practical knowledge of workflows based on use cases spanning a variety of scenarios. Exploring the wide-reaching impacts of this groundbreaking technology, the session will include multiple security considerations that users and organizations will need to consider as they implement a future-proofed strategy to take advantage of GenAI's revolutionary capabilities while maintaining a strong security posture.
 


 

RMF 2.0

Training by: Cyber Brews
Presenters: Ms. Karen Williams, CEO/Trainer
Date: Monday, September 23, 2024 | 9:00a.m. - 4:00p.m.
Price: $475.00

Description
This workshop is approximately 7 hours in length and will cover the latest National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 REV 2 "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy." We will review other NIST 800 series documents that have been updated (800-53 rev 5, 800-53A, 800-160 v1, and 800-160v2). This workshop will include overviews of System Security Plans (SSPs), System Security Engineering (SSE), Security Assessment Planning, and Plan of Action and Milestone (POA&M) management. Mrs. Williams uses her experience working in the Department of Defense (DoD) as a government contractor for 18 years to explain how each step affects not only security professionals and system owners, but also project management, system development, and organizational risk tolerance.


One Day Training | Tuesday, September 24 | Note Some Are Half Day Courses - Morning or Afternoon Options Provided

Cybersecurity Leadership Cyber42 Games

Training by: SANS Institute
Presenters: Mr. Jonathan Risto, SANS Institute
Date: Tuesday, September 24, 2024 | 8:00a.m. - 12:00p.m. or 1:00p.m. - 5:00p.m.
Price: $150.00

Description
Enhance your proficiency in cybersecurity leadership decision-making through immersive team-based simulations with Cyber42. Practice agile decision-making and information synthesis, key skills required for success in leadership roles. Engage in thought-provoking discussions and gain practical insights to improve your executive cybersecurity competencies. Cyber42 is a realistic leadership simulation with applicable and discussion-based outcomes. Leave with a confidence boast in a key skill senior leaders seek from their CISOs: nimble decision making. Cyber42 puts you in the driver’s seat of making tough executive calls on behalf a fictitious organization that needs your expertise. 

Working through multiple scenarios, each focusing on different elements needed as a Cybersecurity Leader, participants will: 
• Gain insight into the cybersecurity landscape from the leadership and C-suite perspective 
• Strategically balance competing priorities for successful outcomes 
• Utilize rapid data synthesis and analysis for informed decision-making 
• Practice risk-free decision-making in a simulated environment for optimal business outcomes 
• Participate in event discussions providing excellent insights from peers Transformational Cybersecurity Cyber42: Technology – Strategy - Culture Operational Cybersecurity Cyber42: Vulnerabilities - SOC - Controls 

www.sans.org/cybersecurity-leadership/cyber42/

https://www.sans.org/profiles/jonathan-risto/
 


 

Critical Infrastructure Cybersecurity

Training by: SANS Institute
Presenters: Mr. Tim Conway & Mr. Dean Parsons, SANS Institute
Date: Tuesday, September 24, 2024 | 9:00a.m. - 4:00p.m.
Price: $150.00

Description
This one day Operational Technology focused workshop will highlight current threats facing critical infrastructure Industrial Control System environments, and examine lessons learned from attacks that have had operational effects. Understanding the uniqueness of these cyber to physical systems is vital for managing a modern, complex automation environment and conducting root cause analysis on non-cyber-related events that occur across the network. Participants will acquire essential skills for any ICS cybersecurity program. 

Throughout the one day training session, there will be some hands on labs leveraged to highlight learning objectives and expose participants to ICS components. Students will gain practical experience with a programmable logic controller (PLC), a physical kit that emulates operations in electric systems (generation, transmission, and distribution), and a virtual machine setup as a Human Machine Interface (HMI) and Engineering Workstation (EWS). 

Workshop Material: The workshop aims to equip students with the ability to: 
- Comprehend their networked ICS environment. 
- Monitor for threats. 
- Conduct incident response against identified threats. 
- Learn from adversary interactions to enhance network security.
 


 

OSINT- Practical Open-Source Intelligence Techniques For Defense

Training by: SANS Institute
Presenters: Mr. Mick Douglas, SANS Institute
Date: Tuesday, September 24, 2024 | 8:00a.m. - 12:00p.m. or 1:00p.m. - 5:00p.m.
Price: $150.00

Description
Join SANS Principal Instructor Mick Douglas as he walks you through a four-hour hands-on workshop that dives into key open-source intelligence (OSINT) techniques and skills. Mick will guide you through multiple methods for analyzing people, infrastructure discovery, geolocation techniques, and using W-Fi and cloud data for OSINT techniques and skills. Mick will guide you through multiple methods for analyzing people, infrastructure discovery, geolocation techniques, and using Wi-Fi and cloud data for OSINT purposes, all with hands-on labs. Learn the art of social media analysis, gain insights into monitoring Telegram, and using honey pots for counterintelligence. You'll also discuss OPSEC considerations to protecting yourself and the integrity of your investigations. This workshop is ideal for those looking to establish and enhance their OSINT skills for defensive purposes.

Attendees will learn:

  • Fundamentals of OSINT
  • Multiple methods for analyzing people (with lab)
  • Basics of Infrastructure Discovery (with lab)
  • Geolocation techniques and remote site "visits" (with lab)
  • Using Wi-Fi for OSINT purposes (with lab)
  • Cloud data discovery (with lab)
  • Social media analysis/visiting LinkedIn profiles without letting user know you did (with lab) 
  • Monitoring Telegram (with lab)
  • Counter Intel via honey pots (with lab)
  • Suggested further studies/next steps
  • Wrap up

 

Threat Hunting and Criminal Infrastructure Analysis Workshop

Training by: SANS Institute
Presenters: Mr. Conan Beach, SANS Institute
Date: Tuesday, September 24, 2024 | 8:00a.m. - 12:00p.m. or 1:00p.m. - 5:00p.m.
Price: $150.00

Description
Come join SANS "FOR589: Cybercrime Intelligence" authors as they walk you through a four-hour hands-on workshop that dives into the complexities of cybercrime infrastructure. You'll explore the essential types of infrastructure indicators—Atomic, Behavioral, and Computed—and learn how they can be used to uncover and understand cybercrime activities. Discover how domains, IP addresses, email accounts and more play a crucial role as Atomic Indicators, and gain insight into the significance of Infrastructure-as-a-Service (IaaS) in identifying the ownership of these indicators. Through practical exercises, you'll apply a sophisticated fingerprinting methodology to not just identify, but predict cybercrime behaviors, enhancing your ability to analyze and combat cyber threats. This workshop is ideal for those looking to deepen their understanding of cybercrime analysis, investigations, and operations in a real-world setting.