GIAC Certified Intrusion Analyst (SEC503) is one of the most important courses that you will take in your information security career. While past students describe it as the most difficult class they have ever taken, they also tell us it is the most rewarding. This course isn't for people who are simply looking to understand alerts generated by an out-of-the-box Intrusion Detection System (IDS). It is for people who want to deeply understand what is happening on their network today, and who suspect that there are very serious things happening right now that none of their tools are telling them about. If you want to be able to find zero-day activities on your network before disclosure, this is definitely the class for you.

Learning Outcome

Gain technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about:

  • Underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP to intelligently examine network traffic for signs of an intrusion
  • Master a variety of tools, including tcpdump, Wireshark, Snort, Zeek, tshark, and SiLK
  • Daily hands-on exercises suitable for all experience levels that reinforces course book material
  • Apply course theory to real-world problems immediately with Evening Bootcamp sessions and exercises
    • Basic exercises include assistive hints, while advanced options provide a more challenging experience for students who may already know the material or who have quickly mastered new material

Who should Attend?

  • Intrusion detection (all levels), system, and security analysts: become more proficient in the use of traffic analysis tools for signs of intrusions
  • Network engineers/administrators: understand the importance of optimal placement of IDS sensors and how the use of network forensics such as log data and network flow data can enhance the capability to identify intrusions
  • Hands-on security managers: understand the complexities of intrusion detection and assist analysts by providing them with the resources necessary for success

Eligibility Criteria

Students must have at least:

  • Working knowledge of TCP/IP and hexadecimal
  • Familiarity and comfort with the use of Linux commands such as cd, sudo, pwd, ls, more, less
This course is endorsed under Critical Infocomm Technology Resource Programme Plus (CITREP+) Programme.
To find out more about CITREP+ Funding, please refer to Programme Support under CITREP+ page

Information is accurate as of 9 Jan 2020