O'Reilly logo
live online training icon Live Online training

Cybersecurity Offensive and Defensive Techniques in 3 Hours

Topic: Security
Omar Santos

In this course you will learn all about cybersecurity blue and red teams while also building the skills necessary to create your own teams. We will start with exploring the concepts of red, blue and "purple teams" or "purple teaming," which combines the elements of defense and offense within an organization. Next you will find out how to create and manage cybersecurity red, blue and "purple" teams before jumping into best practices for understanding how your teams can effectively collect and analyze data to defend your organization against threat actors. You will also learn different tools that are appropriate for blue and red teams and how to proactively and iteratively "hunt" and isolate advanced threats that evade existing security solutions within your organization. We will then end with a look at threat intelligence and how blue and red teams use it in their engagements.

What you'll learn-and how you can apply it

  • Learn how enterprises create and manage red and blue teams.
  • Best practices of cybersecurity offensive and defensive practices.
  • Learn how to perform threat hunting.
  • Learn about tools used by blue and red teams.
  • Learn best practices on how to use threat intelligence within a blue or a red team.
  • Learn how large enterprises are building ethical hacking and penetration testing capabilities, as well as automating some of the processes to continuously monitor and assess their infrastructure.

This training course is for you because...

  • You have an understanding of cybersecurity fundamentals.
  • You want to learn different methodologies and best practices to identify, track, and contain advanced adversaries and to response and remediate cybersecurity incidents.
  • You want to learn more about cybersecurity red and blue teams and their practices.
  • You want to learn how to perform threat hunting, how to use threat intelligence, and how enterprises are developing enterprise-wide ethical hacking programs.

About your instructor

  • Omar Santos is an active member of the cybersecurity community, where he leads several industry-wide initiatives. He is the lead of the DEF CON Red Team Village; the chair of the Common Security Advisory Framework (CSAF) technical committee; the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group; and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.

    Omar is the author of over twenty books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io and you can follow Omar on Twitter @santosomar.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Segment 1: Understanding Offensive and Defensive Security Methodologies (25 minutes) In this segment you will learn about modern offensive and defensive cybersecurity strategies and methodologies that today’s enterprises are adopting.

Segment 2: So, You Want to Be a Hacker? (25 minutes) In this segment you will learn about the different cybersecurity skills that are necessary in today’s environment. We will review different cybersecurity certification programs, their blueprints, and requirements and how you can develop your own roadmap to start or enhance your career in cybersecurity.

Break: 10 minutes

Segment 3: How to Build, Manage, and Operate Cybersecurity Teams (25 minutes) Many organizations hire individuals (or external red teams) to perform penetration testing and assess their security posture. Similarly, they also hire security professionals to defend the organization. These defense teams include computer security incident response teams (CSIRT), security operation center (SOC) analysts and investigators, and InfoSec professionals. Many organizations are now trying to combine the elements of defense and offense in their practices. In this segment you will learn how to create and manage cybersecurity offensive and defensive teams. You will learn best practices that will allow you to understand how your teams can effectively collect and analyze data to defend your organization against threat actors. You will also learn different tools that are appropriate for cybersecurity operations.

Segment 4: Introduction to Threat Hunting (25 minutes) In this segment you will learn what is threat hunting. You will learn how proactively and iteratively “hunt” and isolate advanced threats that evade existing security solutions within your organization.

Break: 10 minutes

Segment 5: Effective Threat Intelligence (30 minutes) In this segment you will learn what is threat intelligence and how cybersecurity experts use it in their engagements. You will learn details about open source intelligence (OSINT) and many different tools that will allow you to successfully use it within your organization.

Segment 6: Enterprise-wide Ethical Hacking and Continuous Monitoring (30 minutes) In this segment you will learn how large enterprises are building ethical hacking and penetration testing capabilities, as well as automating some of the processes to continuously monitor and assess their infrastructure.