search
top


SEC530: Defensible Security Architecture and Engineering – Zero Trust

Why take this course?

One of the major reasons on why I chose to take SEC530 is due to the class syllabus. A big item that stood out to me was learning more about implementing Zero Trust and an Insider Threat program. The course has a whole day dedicated to just those topics alone. Being in a Security Engineering role, this course is a great way to understand how to assess your current defenses within your organization. But, also allows you to plan ahead for future controls that may need to be built out over time.

If you’ve got an extensive amount of experience already working within the cyber security world. Then, some of the defenses may be items that you have already worked on or have some exposure on. For me personally, a lot of the materials from Day 1-3 were concepts and practical work that I have already experienced. However, Day 4-5 were excellent in learning new topics/ideas that will at least for me lead to fun future projects.

I took the vLive course option, which in my case was also taking place in person. So, it was a hybrid class with students in person, as well as students (such as me) taking it remotely for the week.

Day 1

The start to the course will go over many basic concepts related to best practices for physical and network security. You’ll get to play with the MITRE Framework, and understand the cyber kill chain. There is a good chunk of time dedicated to learning about various types of NetFlow data (on prem networking devices, cloud, endpoint). It’s a great start to the course to warm you up to the good stuff!

Day 2

Day 2 is where we get to have a whole lot of fun with Networking. My favorite piece here was auditing router security, along with a fun lab on hacking into routers to identity weaknesses. Expect to learn tons about IPv6, and why it plays a huge role when it comes down to network security. IPv6 is the future and the sooner we learn more about the security implications related to it. The better off you will be in creating, auditing, and testing defenses and controls that will be required for safeguarding your environment.

Day 3

For Day 3, there is even more networking fun to have and explore. Out of all the networking topics discussed. This day was the most fun, as you get to learn more about NGFW best practices, a deeper dive into Network Intrusion Detection systems. A huge section on network security monitoring tools and the benefits of it. Great concepts on DDoS attacks and mitigation techniques that can be utilized. And lastly a whole section on Web App attacks, and methods to build out defenses to monitor and prevent DDoS and Web App attacks.

Day 4

So, for Day 4, this day is solely based on a data centric approach towards building defenses. Think of it as, you must know what data and where your most important data resides. And, how you wish to secure it. A great section on DLP, and file classification is discussed to teach you about classifying data and how important of a role it plays towards achieving insider threat detection. There are some great topics on container security, as many orgs are now moving to the cloud. There is a section on public cloud offerings and strengths/weaknesses related to placing in data detection and controls in the cloud.

Day 5

Day 5 deals with the topic solely on Zero Trust for the entire day. For me, this was the driving factor in taking the course. The topic on zero trust really nails down how you can put all the various difference pieces/defense together to build out a zero trust approach. Whether that’s network, endpoint, or cloud defenses. There is a small section on log collection and the MITRE frame work. As well as making use of Sigma to port over alerting rules from one SIEM to another.

Day 6

Day 6 is fun and really is an optional day. However, I highly recommend you take advantage of it. This is a chance to meet and network with people in your class. And, also put your newly acquired skills to the test. I find most people skip out on this day, as it ends up leading into a weekend that gets eaten away from your time. Personally, I have always found the capstone days worthwhile to attend. We had a pair of  2 teams (in person and remote). Both teams were amazing, and both teams completed the capstone CTF by the end of the day!

Final verdict

Overall, this was a fun course and there was a lot to learn and bring back to the workforce. If you have plans for building out Zero Trust or an insider threat program. This course will teach you enough to get started in the right direction.

If you plan on challenging the exam for this course (GIAC GDSA). Check out our exam prep notes for the specific exam here -> https://www.stealthbay.com/passing-the-gdsa-exam/



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top