ＨｉｄｅＺｅｒｏＯｎｅ

SEC488 provides foundational knowledge for securing cloud environments across various platforms, including AWS, Azure, and Google Cloud. This course is designed for security professionals seeking to understand cloud-specific risks, security controls, and compliance requirements. Participants will explore core topics such as identity and access management (IAM), secure configuration, data protection, and monitoring in cloud-native environments. With hands-on labs and practical exercises, students will gain the skills needed to identify vulnerabilities, implement security best practices, and safeguard cloud infrastructure. SEC488 is the ideal starting point for building a strong cloud security strategy and ensuring a secure adoption of cloud technologies.

“Security” is arguably one of the most challenging disciplines to move from being an individual contributor (IC) to being a manager. While security ICs can perform most tasks in isolation, a manager needs to regularly interact with people both inside and outside of the team. Further, “security” has its own language which can be completely foreign to people outside of the discipline. How do you take security concerns and convert them into a language that senior leaders and “C” levels can understand? Honing these skills will be the primary objective of this course. In this course, we will cover all of the steps needed to stand up and lead a security team within an organization. We start with a clean slate so that every aspect gets covered. If you are in an environment that already has a security team, this can help fill in the gaps. This course will have a heavy focus on how to integrate the security team with the rest of the business units. We’ll look at strategies for increasing funding, as well as converting “security risks” into “business risks” so they are better understood by the organization’s leadership. The course includes a lot of collateral like a full set of pre-written security policies. The goal is to help you build an effective security team in as little time as possible.

Antisyphon: Security Leadership and Management w/ Chris Brenton

Security Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.

The preparation phase will walk students through the creation of specific IR playbooks that can be utilized in any environment as well as during later parts of the class. The next phase introduces the gamification of the TTXs. The students split up into separate “corporations” with assigned verticals, hit points, armor class, budgets, strengths, and weaknesses. Selection of departments and skills allow the players to further their modifiers. Throughout the exercise, each company will take turns rolling their way through decisions such as large purchases, attack severity, defense capability, and incident response decisions.

 Antisyphon: Security Defense and Detection TTX w/ Amanda Berlin and Jeremy Mio

This will be a high level exploration of the Payment Card Industry Security Standards Council. Students will receive a strong understanding of the organization’s history, structure, the standards they maintain, qualified professional certifications, and the lists of validated solutions. This course is a great starting off point for IT or security professionals who reference “PCI” but don’t fully understand everything that entails.

Antisyphon: Introduction to PCI (PCI 101)

In the Intro to Offensive Tooling class, you will learn about many of the tools used by attackers to identify vulnerabilities and exploit them. This hands-on course covers a variety of offensive tools, such as Nmap, Recon-ng, Metasploit, Proxychains, Responder, and many more. Through a series of practical labs, you will gain experience in using these tools to assess the security of systems and networks. In addition to learning how to use these tools effectively, you will also explore the ethical considerations surrounding offensive tooling, how to responsibly use these tools to protect sensitive information, and prevent cyber attacks. By the end of this course, you will have a strong foundation in offensive tooling and be well-equipped to apply your knowledge to a wide range of security challenges.

Antisyphon: Offensive Development w/ Greg Hatcher & John Stigerwalt