www.sans.org/miami

The Most Trusted Source for Information Security Training, Certif ication, and Research

SAVE $400 Register and pay by September 13th – Use code EarlyBird17

MIAMI 2017November 6-11

“Top-notch training!” -RICHARD ZUECH, CITY OF MIAMI BEACH

Protect Your Business and Advance Your CareerFive hands-on, immersion-style information security courses taught by real-world practitioners

CYBER DEFENSEETHICAL HACKING

DIGITAL FORENSICSCYBER THREAT INTELLIGENCE

Evening Bonus Sessions Take advantage of these extra evening presentations

and add more value to your training. Learn more on page 7.

KEYNOTE: If I Wake Evil!!! John Strand

Virtualizing Forensic Images Using Free Tools in Linux Carlos Cajigas

Advancing the Security Agenda: Compelling Leadership to Support Security Doc Blackburn

Register today for SANS Miami 2017! www.sans.org/miami

@SANSInstitute Join the conversation: #SANSMiami

Miami 2017 NOVEMBER 6-11

SANS Instructors SANS instructors are real-world practitioners who specialize in the subjects they teach. All instructors undergo rigorous training and testing in order to teach SANS courses. This guarantees that what you learn in class will be up to date and relevant to your job. The SANS Miami 2017 lineup of instructors includes:

John Strand Senior Instructor @strandjs

Bryan Simon Certified Instructor @BryanOnSecurity

MON 11-6

TUE 11-7

WED 11-8

THU 11-9

FRI 11-10

SAT 11-11

SEC301 Intro to Information Security

SEC401 Security Essentials Bootcamp Style

SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling

FOR500 Windows Forensic Analysis (formerly FOR408)

FOR578 Cyber Threat Intelligence

Page 2

Page 4

Page 3

Page 6

Page 5

Courses at a Glance

Rebekah Brown Instructor @PDXBek

Doc Blackburn Instructor @DocBlackburn

Carlos Cajigas Certified Instructor @Carlos_Cajigas

Save $400 when you register and pay by September 13th using code EarlyBird17

The training campus for SANS Miami 2017 is the Sonesta Coconut Grove Miami, a contemporary, 22-story boutique-style hotel in the heart of Coconut Grove that is just steps from the fashionable shopping, dining and nightlife of CocoWalk.P A G E 1 3

SANS Institute

The most trusted source for information security training, certification, and research

The SANS Institute’s mission is to deliver cutting-edge information security knowledge and skills to companies, military organizations, and governments in order to protect people and assets.

CUTTING-EDGE TRAININGMore than 55 unique courses are designed to align with dominant security team roles, duties, and disciplines. The courses prepare students to meet today’s threats and tomorrow’s challenges. The SANS curriculum spans Cyber Defense, Digital Forensics & Incident Response, Threat Hunting, Audit, Management, Penetration Testing, Industrial Control Systems Security, Secure Software Development, and more. Each curriculum offers a progression of courses that can take professionals from a subject’s foundations right up to top-flight specialization. We constantly update and rewrite these courses to teach the most cutting-edge tools and techniques that are proven to keep networks safe.Our training is designed to be practical. Students are immersed in hands-on lab exercises designed for them to practice, hone, and perfect what they’ve learned.

LEARN FROM EXPERTSSANS courses are taught by an unmatched faculty of active security practitioners. Each instructor brings a wealth of real-world experience to every classroom – both live and online. SANS instructors work for high-profile organizations as red team leaders, CISOs, technical directors, and research fellows.Along with their respected technical credentials, SANS instructors are also expert teachers. Their passion for the topics they teach shines through, making the SANS classroom dynamic and effective.

WHY SANS IS THE BEST TRAINING AND EDUCATIONAL INVESTMENTSANS immersion training is intensive and hands-on, and our courseware is unrivaled in the industry.SANS instructors and course authors are leading industry experts and practitioners. Their real-world experience informs their teaching and training content. SANS training strengthens a student’s ability to achieve a GIAC certification.

THE SANS PROMISE At the heart of everything we do is the SANS Promise: Students will be able to use the new skills they’ve learned as soon as they return to work.

SANS FORMATSThe most popular option to take SANS training is to attend a 5- or 6-day technical course taught live in a classroom at one of our 200+ training events held around the world throughout the year. SANS training events provide an ideal learning environment and offer the chance to network with other security professionals, as well as SANS instructors and staff.SANS training can also be delivered online, with several convenient options to suit your learning style. All SANS online courses include at least four months of access to the course material anytime and anywhere, enabling students to revisit and rewind content.

HOW TO REGISTER FOR SANS TRAINING Students can learn more and register online by visiting www.sans.org/online 1

“Labs reinforced the security principles in a real-world scenario.” -TYLER MOORE, ROCKWELL

“This is the perfect course for establishing

a foundation for knowledge of aspects

of information security, and the instructor is very knowledgeable and well-

versed in the topics.” -STEPHEN PRIDMORE,

PROTECTIVE LIFE

SEC301Intro to Information Security

GISF CertificationInformation Security Fundamentals

www.giac.org/gisf

Five-Day Program Mon, Nov 6 - Fri, Nov 10 9:00am - 5:00pm 30 CPEs Laptop Required Instructor: Doc Blackburn

To determine if the SANS SEC301 course is right for you, ask yourself five simple questions:

Do you have basic computer knowledge, but are new to information security and in need of an introduction to the fundamentals?

Are you bombarded with complex technical security terms that you don’t understand?

Are you a non-IT security manager (with some technical knowledge) who lays awake at night worrying that your company will be the next mega-breach headline story on the 6 o’clock news?

Do you need to be conversant in basic security concepts, principles, and terms, even if you don’t need “deep in the weeds” detail?

Have you decided to make a career change to take advantage of the job opportunities in information security and need formal training/certification?

If you answer yes to any of these questions, the SEC301: Intro to Information Security training course is for you. Jump-start your security knowledge by receiving insight and instruction from real-world security experts on critical introductory topics that are fundamental to information security. This completely revised five-day, comprehensive course covers everything from core terminology to the basics of computer networks, security policies, incident response, passwords, and even an introduction to cryptographic principles.

This course is designed for students who have a basic knowledge of computers and technology but no prior knowledge of cybersecurity. The hands-on, step-by-step teaching approach will enable you to grasp all of the information presented even if some of the topics are new to you. You’ll learn the fundamentals of information security that will serve as the foundation of your InfoSec skills and knowledge for years to come.

Written by a security professional with over 30 years of experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as for the next course up the line, SEC401: Security Essentials Bootcamp Style. It also delivers on the SANS promise: You will be able to use the knowledge and skills you learn in SEC301 as soon as you return to work.

WITH THIS COURSE www.sans.org/ondemand

Doc Blackburn SANS InstructorDoc Blackburn has over 30 years of experience in system and software design, server and network administration and website programming. His interest in computers started in 1982 when he first started programming in DOS on a Texas Instruments TI-99 4a and continued as a dedicated computer hobbyist until he decided to make information technology a full-time career in 1998. Doc ran a successful IT consulting, hosting, and design firm for 12 years until he found his passion was in systems security and compliance. His well-rounded experience includes hardware, software, network design, project management,

administration, programming, systems security, and compliance frameworks. He has vast experience at various levels of information technology from technical support to security leadership roles. He has been heavily involved in the technical design and implementation of NIH-approved and FISMA-compliant information systems. His current work has focused on HIPAA, FERPA, PCI DSS, and FISMA compliant systems with an emphasis on IT risk management in enterprise environments. Doc holds ITIL, CISSP, HCISPP (healthcare, HIPAA), PCI ISA (payment card industry) and GIAC GSEC, GISF, GPEN, GCPM, GCIA and GSLC certifications. He has a bachelor’s degree from the University of Arizona. He is currently the IT Compliance Administrator for the University of Colorado Denver | Anschutz Medical Campus. @DocBlackburn

administration, programming, systems security, and compliance frameworks. He has vast experience at various levels of

Register at www.sans.org/miami | 301-654-SANS (7267) 2

For course updates, prerequisites, special notes, or laptop requirements, visit www.sans.org/event/miami-2017/courses 3

“Hands-on labs reinforce the course teachings

– this is tremendously valuable to be able to grasp the concepts.”

-LAURA IWASAKI, WALT DISNEY PARKS AND RESORTS TECHNOLOGY

SEC401Security Essentials Bootcamp Style

GSEC CertificationSecurity Essentials

www.giac.org/gsec

Six-Day Program Mon, Nov 6 - Sat, Nov 11 9:00am - 7:00pm (Days 1-5) 9:00am - 5:00pm (Day 6) 46 CPEs Laptop Required Instructor: Bryan Simon

Who Should Attend Security professionals who want to fill the gaps in their understanding of technical information security Managers who want to understand information security beyond simple terminology and concepts Operations personnel who do not have security as their primary job function but need an understanding of security to be e³ective IT engineers and supervisors who need to know how to build a defensible network against attacks Administrators responsible for building and maintaining systems that are being targeted by attackers Forensic specialists, penetration testers, and auditors who need a solid foundation of security principles to be as e³ective as possible at their jobs Anyone new to information security with some background in information systems and networking

This course will teach you the most effective steps to prevent attacks and detect adversaries with actionable techniques you can directly apply when you get back to work. You’ll learn tips and tricks from the experts so you can win the battle against the wide range of cyber adversaries that want to harm your environment.

STOP and ask yourself the following questions: Do you fully understand why some organizations get compromised and others do not? If there were compromised systems on your network, are you confident you would be able to find them? Do you know the e�ectiveness of each security device and are you certain they are all configured correctly? Are proper security metrics set up and communicated to your executives to drive security decisions?

If you do not know the answers to these questions, SEC401 will provide the information security training you need in a bootcamp-style format that is reinforced with hands-on labs.

SEC401: Security Essentials Bootcamp Style is focused on teaching you the essential information security skills and techniques you need to protect and secure your organization’s critical information assets and business systems. Our course will show you how to prevent your organization’s security problems from being headline news in the Wall Street Journal!

Prevention Is Ideal but Detection Is a Must

With the rise in advanced persistent threats, it is almost inevitable that organizations will be targeted. Whether the attacker is successful in penetrating an organization’s network depends on the effectiveness of the organization’s defense. Defending against attacks is an ongoing challenge, with new threats emerging all of the time, including the next generation of threats. Organizations need to understand what really works in cybersecurity. What has worked, and will always work, is taking a risk-based approach to cyber defense. Before your organization spends a dollar of its IT budget or allocates any resources or time to anything in the name of cybersecurity, three questions must be answered:

What is the risk? Is it the highest priority risk? What is the most cost-e�ective way to reduce the risk?

Security is all about making sure you focus on the right areas of defense. In SEC401 you will learn the language and underlying theory of computer and information security. You will gain the essential and effective security knowledge you will need if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will learn up-to-the-minute skills you can put into practice immediately upon returning to work; and (2) You will be taught by the best security instructors in the industry.

www.sans.eduWITH THIS COURSE

www.sans.org/ondemandwww.sans.org/8140

Bryan Simon SANS Certified InstructorBryan Simon is an internationally recognized expert in cybersecurity and has been working in the information technology and security field since 1991. Over the course of his career, Bryan has held various technical and managerial positions in the education, environmental, accounting, and financial services sectors. Bryan speaks on a regular basis at international conferences and with the press on matters of cybersecurity. He has instructed individuals from organizations such as the FBI, NATO, and the UN in matters of cybersecurity on two continents. Bryan has specialized expertise in defensive and o³ensive

capabilities. He has received recognition for his work in IT security, and was most recently profiled by McAfee (part of Intel Security) as an IT Hero. Bryan holds 13 GIAC Certifications including GSEC, GCWN, GCIH, GCFA, GPEN, GWAPT, GAWN, GISP, GCIA, GCED, GCUX, GISF, and GMON. Bryan’s scholastic achievements have resulted in the honor of sitting as a current member of the Advisory Board for the SANS Institute, and his acceptance into the prestigious SANS Cyber Guardian program. Bryan is a SANS instructor for SEC401, SEC501, SEC505, and SEC511. @BryanOnSecurity

capabilities. He has received recognition for his work in IT security, and was most recently profiled by McAfee (part of Intel Security)

Register at www.sans.org/miami | 301-654-SANS (7267) 4

“SEC504 fills in the gap of ‘here’s what

adversaries do’ and the evidence they leave.”

-KEVIN HEITHAUS, JPMORGAN CHASE

“SEC504 was an excellent course, and John Strand

was exceptional. He’s the best instructor I have had when it comes to the

technical world.” -ERIC BOLES, YAHOO

SEC504Hacker Tools, Techniques, Exploits, and Incident Handling

GCIH CertificationIncident Handler

www.giac.org/gcih

Six-Day Program Mon, Nov 6 - Sat, Nov 11 9:00am - 7:15pm (Day 1) 9:00am - 5:00pm (Days 2-6) 37 CPEs Laptop Required (If your laptop supports only wireless, please bring a USB Ethernet adapter.) Instructor: John Strand

Who Should Attend Incident handlers

Leaders of incident handling teams

System administrators who are on the front lines defending their systems and responding to attacks

Other security personnel who are first responders when systems come under attack

The Internet is full of powerful hacking tools and bad guys using them extensively. If your organization has an Internet connection and one or two disgruntled employees (and whose does not!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth. As defenders, it is essential we understand these hacking tools and techniques.

“As someone who works in information security but has never had to do a full incident report, SEC504 taught me all the proper processes and steps.”

-TODD CHORYAN, MOTOROLA SOLUTIONS

This course enables you to turn the tables on computer attackers by helping you understand their tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan. It addresses the latest cutting-edge, insidious attack vectors, the “oldie-but-goodie” attacks that are still prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course provides a time-tested, step-by-step process for responding to computer incidents and a detailed description of how attackers undermine systems so you can prepare for, detect, and respond to those attacks. In addition, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence. Finally, students will participate in a hands-on workshop that focuses on scanning, exploiting, and defending systems. This course will enable you to discover the holes in your system before the bad guys do!

The course is particularly well-suited to individuals who lead or are a part of an incident handling team. General security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

www.sans.eduWITH THIS COURSE

www.sans.org/ondemandwww.sans.org/cyber-guardian www.sans.org/8140

John Strand SANS Senior InstructorJohn Strand is the owner of Black Hills Information Security, a firm specializing in penetration testing, Active Defense and Hunt Teaming services. He is also the CTO of O³ensive Countermeasures, a firm dedicated to tracking advanced attackers inside and outside your network. John is an experienced speaker, having made presentations to the FBI, NASA, the NSA and at various industry conferences. He teaches SEC504, SEC560, SEC580, SEC550, and the lead course author of SEC504. He also co-hosts Security Weekly, the world’s largest information security podcast, and O�ensive Countermeasures: The Art of Active

Defense. In his free time, he writes loud rock music and makes various futile attempts at fly fishing. @strandjsDefense. In his free time, he writes loud rock music and makes various futile attempts at fly fishing.

For course updates, prerequisites, special notes, or laptop requirements, visit www.sans.org/event/miami-2017/courses 5

“The course content was excellent and well presented. From start to finish, there were

many di¤erent pieces of information that went into solving the main time line of events.”

-CHRIS THEN, MORRIS COUNTY, NJ

PROSECUTOR’S OFFICE

FOR500 (Formerly FOR408)Windows Forensic Analysis

GCFE CertificationForensic Examiner

www.giac.org/gcfe

Six-Day Program Mon, Nov 6 - Sat, Nov 11 9:00am - 5:00pm 36 CPEs Laptop Required Instructor: Carlos Cajigas

Who Should Attend Information security professionals

Incident response team members

Law enforcement o¶cers, federal agents, and detectives

Media exploitation analysts

Anyone interested in a deep understanding of Windows forensics

M A S T E R W I N D O W S F O R E N S I C S – YO U C A N ’ T P R O T E C T W H AT YO U D O N ’ T K N O W A B O U T

All organizations must prepare for cyber-crime occurring on their computer systems and within their networks. Demand has never been greater for analysts who can investigate crimes such as fraud, insider threats, industrial espionage, employee misuse, and computer intrusions. Government agencies increasingly require trained media exploitation specialists to recover vital intelligence from Windows systems. To help solve these cases, SANS is training a new cadre of the world’s best digital forensic professionals, incident responders, and media exploitation experts capable of piecing together what happened on computer systems second by second.

FOR500: Windows Forensic Analysis focuses on building in-depth digital forensics knowledge of Microsoft Windows operating systems. You can’t protect what you don’t know about, and understanding forensic capabilities and artifacts is a core component of information security. You’ll learn how to recover, analyze, and authenticate forensic data on Windows systems, track particular user activity on your network, and organize findings for use in incident response, internal investigations, and civil/criminal litigation. You’ll be able to use your new skills to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies. Whether you know it or not, Windows is silently recording an unbelievable amount of data about you and your users. FOR500 teaches you how to mine this mountain of data.

Proper analysis requires real data for students to examine. The completely updated FOR500 course trains digital forensic analysts through a series of new hands-on laboratory exercises that incorporate evidence found on the latest Microsoft technologies (Windows 7, Windows 8/8.1, Windows 10, Office and Office365, cloud storage, SharePoint, Exchange, Outlook). Students leave the course armed with the latest tools and techniques, prepared to investigate even the most complicated systems they might encounter. Nothing is left out – attendees learn to analyze everything from legacy Windows 7 systems to just-discovered Windows 10 artifacts.

FOR500: Windows Forensic Analysis will teach you to: Conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016 Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, geolocation, file download, anti-forensics, and detailed system usage Focus your capabilities on analysis instead of on how to use a particular tool Extract critical answers and build an in-house forensic capability via a variety of free, open-source, and commercial tools provided within the SANS Windows SIFT Workstation

www.sans.edu

WITH THIS COURSE www.sans.org/ondemand

Carlos Cajigas SANS Certified InstructorA native of San Juan, Puerto Rico, Carlos began his career with the West Palm Beach Police Department in Florida, first as a police o¶cer and eventually as a digital forensics detective, examiner, and instructor specializing in computer crime investigations. During his law enforcement tenure, Carlos conducted examinations on hundreds of digital devices, from computers and mobile phones to GPS devices, and served as both a fact and expert witness. Today, Carlos is a senior incident response analyst at IBM, where he is responsible for responding to computer and network security threats for clients located in North and

South America. In addition, he holds various certifications in the digital forensics field including EnCase Certified Examiner (ENCE), Certified Forensic Computer Examiner (CFCE) from IACIS, and the GIAC Certifications GCFE and GCFA. @Carlos_CajigasSouth America. In addition, he holds various certifications in the digital forensics field including EnCase Certified Examiner (ENCE),

6 Register at www.sans.org/miami | 301-654-SANS (7267)

GCTI CertificationAvailable Late 2017

WITH THIS COURSE www.sans.org/ondemand

FOR578Cyber Threat Intelligence

Five-Day Program Mon, Nov 6 - Fri, Nov 10 9:00am - 5:00pm 30 CPEs Laptop Required Instructor: Rebekah Brown

Who Should Attend Incident response team members

Threat hunters

Experienced digital forensic analysts

Security Operations Center personnel and information security practitioners

Federal agents and law enforcement o¶cials

SANS FOR500 (formerly FOR408), FOR572, FOR508, or FOR610 graduates looking to take their skills to the next level

Make no mistake, current network defense, threat hunting, and incident response practices contain a strong element of intelligence and counterintelligence that cyber analysts must understand and leverage in order to defend their networks, proprietary data, and organizations.

FOR578: Cyber Threat Intelligence will help network defenders, threat hunting teams, and incident responders to:

Understand and develop skills in tactical, operational, and strategic-level threat intelligence Generate threat intelligence to detect, respond to, and defeat advanced persistent threats (APTs) Validate information received from other organizations to minimize resource expenditures on bad intelligence Leverage open-source intelligence to complement a security team of any size Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX

The collection, classification, and exploitation of knowledge about adversaries – collectively known as cyber threat intelligence – gives network defenders information superiority that is used to reduce the adversary’s likelihood of success with each subsequent intrusion attempt. Responders need accurate, timely, and detailed information to monitor new and evolving attacks, as well as methods to exploit this information to put in place an improved defensive posture.

Cyber threat intelligence thus represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary’s tool, but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders.

During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic-level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.

T H E R E I S N O T E A C H E R B U T T H E E N E M Y !

“This course gives a very smart and structured approach to cyber threat intelligence, something that the global community has been lacking to date.”

-JOHN GEARY, CITIGROUP

“This training very well summarizes CTI and

connects all the dots. On the training, one will get a clear answer to the

following questions: what is CTI, how important is it, what is it built upon,

and how can it be applied in practice?”

-NIKITA MARTYNOV, NNIT A/S

Rebekah Brown SANS InstructorRebekah Brown has helped develop threat intelligence programs at the highest levels of government. She is a former National Security Agency network warfare analyst, U.S. Cyber Command training and exercise lead, and crypto-linguist and Cyber Unit Operations Chief for the U.S. Marine Corps. A highlight of her career was conducting a briefing at the White House on the future of cyber warfare and coordinated defensive and o³ensive cyber operations. She has provided threat intelligence for all types of security programs ranging from national security operations to state and local governments and Fortune 500

companies. Rebekah is currently the threat intelligence lead for Rapid7, where she supports incident and analytical response and global services and provides product support. She has an associate degree in Chinese Mandarin and a bachelor’s degree in international relations, and she is finishing her master’s degree in homeland security with a cybersecurity focus as well as a graduate certificate in intelligence analysis. @PDXBek

companies. Rebekah is currently the threat intelligence lead for Rapid7, where she supports incident and analytical response

Register at www.sans.org/miami | 301-654-SANS (7267) 7

Bonus SessionsEnrich your SANS training experience! Evening talks by our instructors and selected subject-matter experts help you broaden your knowledge, hear from the voices that matter in computer security, and get the most for your training dollar.

KEYNOTE: If I Wake Evil!!!John Strand

Let’s say I went to the dark side to get their sweet, sweet cookies...Let’s say that all goodness had left me...How would I attack you? This talk will answer that question. It will also show you how to stop me.

Virtualizing Forensic Images Using Free Tools in LinuxCarlos Cajigas

Have you ever needed to boot a forensic image to preview the system in a live manner? Would you like to do it without changing a single bit? It is possible! In this session we will discuss the tools and steps required for converting the Donald Blake forensic image into a Virtual Machine (VM). This process is useful, because it gives you the ability to boot an image of an OS drive into a VM, all while preserving the integrity of the image. All changes made by the OS are saved and stored to a cache file. Come see how you accomplish this using free tools under Linux Ubuntu. The presentation will include a live demo.

Advancing the Security Agenda: Compelling Leadership to Support SecurityDoc Blackburn

Are you having trouble convincing the decision-makers in your business to support security initiatives? Are your concerns being ignored? You are not alone! One of the biggest challenges InfoSec professionals face today is getting leadership to support their activities. There have been many recent cases of security not getting enough resources until after a breach. Unfortunately, many times, the security team is shown the door after the breach because it was considered their fault. Don’t let this happen to you. You know what to do, and how to do it. You know how important it is to your organization. The technology exists to fix your concerns. So why won’t leadership fund it? Find out how to gain support for your activities and receive the support your security initiatives need.

�e best. Made better.

“Joining the SANS Master’s Program was probably one of the best decisions I’ve ever made.”

– John Hally, MSISE, EBSCO Information Services

The SANS Technology Institute transforms the world's best cybersecurity training and certifications into a comprehensiveand rigorous graduate education experience.

MASTER OF SCIENCE DEGREES• Information Security Engineering: MSISE• Information Security Management: MSISM

GRADUATE CERTIFICATE PROGRAMS• Cybersecurity Engineering (Core)• Cyber Defense Operations• Penetration Testing and Ethical Hacking• Incident Response

Tuition Reimbursement Regional accreditation enables students to use most corporate tuition reimbursement plans.

The SANS Technology Institute is also approved to accept and/or certify Veterans for education benefits.

The SANS Technology Institute is accredited by The Middle States Commission on Higher Education (3624 Market Street, Philadelphia, PA 19104 – 267-284-5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.

GI Bill® is a registered trademark of the U.S. Department of Veterans Affairs (VA). More information about education benefits offered by VA is available at the official U.S. government Web site at www.benefits.va.gov/gibill.

Students earn industry-recognized GIAC certifications during most technical courses. WWW.SANS.EDU INFO@SANS.EDU

C

M

Y

CM

MY

CY

CMY

K

STI Half Page Regional Ad 2017April27a.pdf 1 4/27/17 10:40 AM

8

�e best. Made better.

“Joining the SANS Master’s Program was probably one of the best decisions I’ve ever made.”

– John Hally, MSISE, EBSCO Information Services

The SANS Technology Institute transforms the world's best cybersecurity training and certifications into a comprehensiveand rigorous graduate education experience.

MASTER OF SCIENCE DEGREES• Information Security Engineering: MSISE• Information Security Management: MSISM

GRADUATE CERTIFICATE PROGRAMS• Cybersecurity Engineering (Core)• Cyber Defense Operations• Penetration Testing and Ethical Hacking• Incident Response

Tuition Reimbursement Regional accreditation enables students to use most corporate tuition reimbursement plans.

The SANS Technology Institute is also approved to accept and/or certify Veterans for education benefits.

The SANS Technology Institute is accredited by The Middle States Commission on Higher Education (3624 Market Street, Philadelphia, PA 19104 – 267-284-5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.

GI Bill® is a registered trademark of the U.S. Department of Veterans Affairs (VA). More information about education benefits offered by VA is available at the official U.S. government Web site at www.benefits.va.gov/gibill.

Students earn industry-recognized GIAC certifications during most technical courses. WWW.SANS.EDU INFO@SANS.EDU

C

M

Y

CM

MY

CY

CMY

K

STI Half Page Regional Ad 2017April27a.pdf 1 4/27/17 10:40 AM

• Let employees train on their own schedule

• Tailor modules to address specific audiences

• Courses translated into many languages

• Test learner comprehension through module quizzes

• Track training completion for compliance reporting purposes

End UserCIP v5/6

ICS EngineersDevelopersHealthcare

Visit SANS Securing The Human atsecuringthehuman.sans.org

Security Awareness Training by the Most Trusted Source

Computer-based Training for Your Employees

Change Human Behavior | Manage Risk | Maintain Compliance | Protect Your Brand

Security Awareness Training by the Most Trusted Source

Protect Your EmployeesKeep your organization safe with flexible computer-based training.

End UserCIP

ICS EngineersDevelopersHealthcare

• Train employees on their own schedule• Modify modules to address specific audiences• Increase comprehension – courses translated into many languages• Test learner comprehension through module quizzes• Track training completion for compliance reporting purposes

Learn more about SANS Security Awareness at:securingthehuman.sans.org

Change Human Behavior | Manage Risk | Maintain Compliance | Protect Your Brand

10

SANS Training FormatsWhether you choose to attend a training class live or online, the entire SANS team is dedicated to ensuring your training experience exceeds expectations.

Premier Training EventsOur most recommended format, live SANS training events feature SANS’s top instructors teaching multiple courses at a single time and location. This allows for:• Focused, immersive learning without the distractions of your

office environment• Direct access to SANS Certified Instructors• Interacting with and learning from other professionals• Attending SANS@Night events, NetWars tournaments, vendor

presentations, industry receptions, and many other activitiesOur premier live training events in North America, serving thousands of students, are held in Orlando, Washington DC, Las Vegas, New Orleans, and San Diego. Regional events with hundreds of students are held in most major metropolitan areas during the year. See page 12 for upcoming training events in North America.

SummitsSANS Summits focus one or two days on a single topic of particular interest to the community. Speakers and talks are curated to ensure the greatest applicability to participants.

Community SANS CoursesSame SANS courses, courseware, and labs are taught by up-and-coming instructors in a regional area. Smaller classes allow for more extensive instructor interaction. No need to travel; commute each day to a nearby location.

Private ClassesBring a SANS Certified Instructor to your location to train a group of your employees in your own environment. Save on travel and address sensitive issues or security concerns in your own environment.

Live Classroom Instruction Online TrainingSANS Online successfully delivers the same measured learning outcomes to students at a distance that we deliver live in classrooms. More than 30 courses are available for you to take whenever or wherever you want. Thousands of students take our courses online and achieve certifications each year.

Top reasons to take SANS courses online:• Learn at your own pace, over four

months• Spend extra time on complex topics • Repeat labs to ensure proficiency

with skills• Save on travel costs• Study at home or in your oªce

Our SANS OnDemand, vLive, Simulcast, and SelfStudy formats are backed by nearly 100 professionals who ensure we deliver the same quality instruction online (including support) as we do at live training events.

“The decision to take five days away from the o¬ce is never easy, but so rarely have I come to the end of a course and had no regret whatsoever. This was one of the most useful weeks of my professional life.” -Dan Trueman, Novae PLC

“I am thoroughly pleased with the OnDemand modality. From a learning standpoint, I lose nothing. In fact, the advantage of setting my own pace with respect to balancing work, family, and training is significant, not to mention the ability to review anything that I might have missed the first time.” -Kevin E., U.S. Army

11

12

Future Training Events

Future Community SANS Events

New York City . . . . . . . . . . . . . . New York, NY . . . . . . . . . . Aug 14-19Salt Lake City . . . . . . . . . . . . . . Salt Lake City, UT . . . . . . . Aug 14-19Chicago . . . . . . . . . . . . . . . . . . . Chicago, IL . . . . . . . . . . . Aug 21-26Virginia Beach . . . . . . . . . . . . . . Virginia Beach, VA . . . Aug 21 - Sep 1Tampa – Clearwater . . . . . . . . . Clearwater, FL . . . . . . . . . . Sep 5-10San Francisco Fall . . . . . . . . . . . San Francisco, CA . . . . . . . Sep 5-10

Network Security Las Vegas, NV Sep 10-17

Baltimore Fall . . . . . . . . . . . . . . Baltimore, MD . . . . . . . . Sep 25-30Rocky Mountain Fall . . . . . . . . . Denver, CO . . . . . . . . . . .Sep 25-30Phoenix-Mesa . . . . . . . . . . . . . . Mesa, AZ . . . . . . . . . . . . . . Oct 9-14Tysons Corner Fall . . . . . . . . . . McLean, VA . . . . . . . . . . . Oct 14-21San Diego . . . . . . . . . . . . . . . . . San Diego, CA . . . . . . Oct 30 - Nov 4Seattle . . . . . . . . . . . . . . . . . . . . Seattle, WA . . . . . . . . Oct 30 - Nov 4Miami . . . . . . . . . . . . . . . . . . . . Miami, FL . . . . . . . . . . . . . Nov 6-11San Francisco Winter . . . . . . . . San Francisco, CA . . .Nov 27 - Dec 2Austin Winter . . . . . . . . . . . . . . Austin, TX . . . . . . . . . . . . . .Dec 4-9

Cyber Defense Washington, D.C. Dec 12-19 Initiative

Security East New Orleans, LA Jan 8-13, 2018

Northern Virginia Winter . . . . . Reston, VA . . . . . . . . . . . . Jan 15-20Las Vegas . . . . . . . . . . . . . . . . . Las Vegas, NV . . . . . .Jan 28 - Feb 2Miami . . . . . . . . . . . . . . . . . . . . Miami, FL . . . . . . . . .Jan 29 - Feb 3Scottsdale . . . . . . . . . . . . . . . . . Scottsdale, AZ . . . . . . . . . . Feb 5-10Southern California – Anaheim . . Anaheim, CA . . . . . . . . . . Feb 12-17Dallas . . . . . . . . . . . . . . . . . . . . Dallas, TX . . . . . . . . . . . . Feb 19-24

Future Summit EventsSecurity Awareness . . . . . . . . . Nashville, TN . . . . . . July 31 - Aug 9Data Breach . . . . . . . . . . . . . . . Chicago, IL . . . . . . . . Sep 25 - Oct 2Secure DevOps . . . . . . . . . . . . . Denver, CO . . . . . . . . . . . .Oct 10-17SIEM & Tactical Analytics . . . . . Scottsdale, AZ . . . . . Nov 28 - Dec 5Cyber Threat Intelligence . . . . . Washington, DC . . . . . Jan 27 - Feb 6

Local, single-course events are also offered throughout the year via SANS Community. Visit www.sans.org/community for up-to-date Community course information.

Top 5 reasons to stay at the Sonesta Coconut Grove Miami1 All SANS attendees receive complimentary

high-speed Internet when booking in the SANS block.

2 No need to factor in daily cab fees and the time associated with travel to alternate hotels.

3 By staying at the Sonesta Coconut Grove Miami, you gain the opportunity to further network with your industry peers and remain in the center of the activity surrounding the training event.

4 SANS schedules morning and evening events at the Sonesta Coconut Grove Miami that you won’t want to miss!

5 Everything is in one convenient location!

The Sonesta Coconut Grove Miami is a contemporary, 22-story boutique-style hotel in the heart of Coconut Grove that is just steps from the fashionable shopping, dining and nightlife of CocoWalk. You are minutes from downtown Miami’s Business District (Brickell Avenue), Port of Miami, South Beach, Coral Gables, University of Miami, and the beaches of Key Biscayne.

Special Hotel Rates AvailableA special discounted rate of $199.00 S/D plus a $3.00 service charge will be honored based on space available. Government per diem rooms are available with proper ID; you will need to email Gus Corral at reservations.coconutgrove@sonesta.com to book a government room. These rates include high-speed Internet in your room and are only available through October 13, 2017. You can make reservations by calling (305) 447-8258 and asking for the SANS group rate.

Sonesta Coconut Grove Miami 2889 McFarlane Road Coconut Grove, FL 33133 Phone: 305.529.2828 www.sans.org/event/miami-2017/location

Hotel Information

Registration InformationRegister online at www.sans.org/miamiwww.sans.org/miami

We recommend you register early We recommend you register early to ensure you get your first choice of courses.to ensure you get your first choice of courses.Select your course and indicate whether you plan to test for GIAC certification. If the course Select your course and indicate whether you plan to test for GIAC certification. If the course is still open, the secure, online registration server will accept your registration. Sold-out courses will be removed from the online registration. Everyone with Internet access must complete the online registration form. We do not take registrations by phone.

Cancellation & Access PolicyIf an attendee must cancel, a substitute may attend instead. Substitution requests can be made at any time prior to the event start date. Processing fees will apply. All substitution requests must be submitted by email to registration@sans.org. If an attendee must cancel and no substitute is available, a refund can be issued for any received payments by October 18, 2017. A credit memo can be requested up to the event start date. All cancellation requests must be submitted in writing by mail or fax and received by the stated deadlines. Payments will be refunded by the method that they were submitted. Processing fees will apply.

SANS Voucher ProgramExpand your training budget! Extend your fiscal year. The SANS Voucher Program provides flexibility and may earn you bonus funds for training.

www.sans.org/vouchers 13

Pay Early and Save*

DATE DISCOUNT DATE DISCOUNT

Pay & enter code by 9-13-17 $400.00 10-4-17 $200.00

*Some restrictions apply. Early bird discounts do not apply to Hosted courses.

Use code EarlyBird17 when registering early

5705 Salem Run Blvd.Suite 105Fredericksburg, VA 22407

B R O C H U R E C O D E

Save $400 when you pay for any 4-, 5-, or 6-day course and enter the code “EarlyBird17” before January 4th.

www.sans.org/dallas

To be removed from future mailings, please contact unsubscribe@sans.org or (301) 654-SANS (7267). Please include name and complete address. NALT-BRO-DALLAS17

Open a SANS Account todayto enjoy these FREE resources:

W E B C A S T SAsk The Expert Webcasts – SANS experts bring current and timely information on relevant topics in IT Security.

Analyst Webcasts – A follow-on to the SANS Analyst Program, Analyst Webcasts provide key information from our whitepapers and surveys.

WhatWorks Webcasts – The SANS WhatWorks webcasts bring powerful customer experiences showing how end users resolved specific IT Security issues.

Tool Talks – Tool Talks are designed to give you a solid understanding of a problem, and to show how a vendor’s commercial tool can be used to solve or mitigate that problem.

N E W S L E T T E R SNewsBites – Twice-weekly high-level executive summary of the most important news relevant to cybersecurity professionals

OUCH! – The world’s leading monthly free security-awareness newsletter designed for the common computer user

@RISK: The Consensus Security Alert – A reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) how recent attacks worked, and (4) other valuable data

OT H E R F R E E R E S O U R C E S InfoSec Reading Room

Top 25 Software Errors

20 Critical Controls

Security Policies

Intrusion Detection FAQs

Tip of the Day

Security Posters

Thought Leaders

20 Coolest Careers

Security Glossary

SCORE (Security Consensus Operational Readiness Evaluation)

www.sans.org/account