On This Page

The Security Automation Lab

Threat Intelligence Pty Ltd | December 3 - 4



Overview

The security industry is running fast towards security automation to increase the capability and capacity of security teams so they can effectively and efficiently stay on top of the constantly evolving threats, attacks and security breaches that occur every day!

We will take your security capabilities from "Tedius" to "Turbo" in 2 days flat! Learn how to implement streamlined security operations and optimize budgets through security automation, including:

  • Automating the collection and analysis of internal and external intelligence data
  • Automating targeted attacks to more frequently and efficiently identify security weaknesses and attack techniques
  • Automating security testing of applications to enforce a continuous security baseline
  • Automating incident response processes, data collection, analysis and response to efficiently contain security breaches
  • Automating preventative and responsive controls through integration with security devices and infrastructure
  • Automating the generation of real-time security visualization dashboards, threat reports, and alerts for critical operational security team actions
  • Automating the orchestration of end-to-end intelligence and security controls and analysis for immediate capability enhancements

Students are provided with their own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches. The aim of this course is to teach students how to automate the discovery and protection of security weaknesses whilst automatically responding to incidents and gaining visibility into the areas where further security automation can be enhanced.

Day 1:

  • Introductions
  • What is the demand for security automation?
  • Other Industries' Automation Achievements
  • Security Automation and Orchestration Introduction
  • Difference between Automation and Orchestration
  • Business Benefits from Security Automation
  • Automation in Different Organizations
  • Automatable Security Operations Areas
  • Automated Intelligence Collection and Analysis
  • External Intelligence Types and Sources
  • Internal Intelligence Types and Sources
  • Intelligence Collection Techniques
  • Transformation of Intelligence Data
  • Aggregation, Correlation and Analysis of Intelligence Data
  • Automated Penetration Testing as Intelligence Collection
  • Orchestrating Repeatable Penetration Testing
  • Automating the Prioritization of Vulnerability Mitigation
  • Integrating Penetration Test Results with Ticketing Systems
  • Integrating Automated Security Testing into CI/CD Systems


Day 2:

  • Automated Incident Detection Techniques
  • Incident Detection through Intelligence Correlation
  • Automated Incident Investigation Intelligence Collection
  • Types of Incident Investigation Data
  • Automated Incident Investigation Intelligence Analysis
  • Automatically Extracting Indicators of Compromise
  • Automatically Searching for Indicators of Compromise
  • Automated Incident Response Actions
  • Automated Security Infrastructure Orchestration
  • Types of Intelligence and Security Infrastructure
  • Automating Integration of Intelligence Data into Security Infrastructure
  • Operational Security Team Communication Types (Slack, Jira, etc)
  • Automating Security Alerts into Communication Channels
  • Automating Real-Time Charts and Visualizations


Get ahead of the hackers and start automating the protection of your organization! Register now to secure your spot!

Who Should Take this Course

  • Penetration Testers, Security Officers, Security Auditors, System Administrators and anyone else who wants to automate the breaking or protection of an organization's network.
  • Anyone who is interested in security automation or looking to streamline their security operations are prime candidates for this course. Students will be taught from scratch everything they need to know to complete this course successfully and walk away with a thorough knowledge and practical skills on how to implement security automation.
  • Developers who want to learn how to integrate automated security testing into their CI/CD systems.
  • Managers who want to gain a more in depth understanding of how their organizations can leverage security automation to streamline security operations and budgets whilst enhancing their capabilities to get the most out of their security team.

Student Requirements

Although we will support you as much as possible, you are expected to be able to use Linux and command line text editors to be able to complete the labs in the available time frame

What Students Should Bring

  • A working laptop with a remote desktop client to RDP to their dedicated security automation environment
  • Wireless network adapter for internet access

What Students Will Be Provided With

Students are provided with their own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches, as well as access to a security automation platform to automate the collection, identification, detection, analysis and response that is required to keep the environment secure.

On top of this, students will be provided with:
  • The Security Automation Lab workbook
  • Lab instructions and solutions

Trainers

Ty Miller is the Director of Threat Intelligence (www.threatintelligence.com) who are specialists in the area of penetration testing, cyber threat intelligence, and specialist security consulting. Ty developed and runs "The Shellcode Lab" each year at Black Hat USA, he presented at Black Hat on his development of "Reverse DNS Tunnelling Shellcode", and is the creator of the "Practical Threat Intelligence" course at Black Hat. Ty is a member of the Black Hat Asia Review Board. He also presented at "Ruxcon" where he demonstrated his cutting edge attack technique to force your web browser to exploit internal servers from the Internet, and also developed the Core Impact Pro covert DNS Channel for Core Security. Ty Miller was a co-author of "Hacking Exposed Linux 3rd Edition". Ty is on the CREST Australia and New Zealand Board of Directors, runs the CREST Australia and New Zealand Technical Team and is a CREST Certified Tester and Assessor. Ty's experience not only covers penetration testing and specialist security, it also expands into traditional and cloud security architecture designs, regulations like PCI, developing and running industry benchmark accreditations, performing forensic investigations, as well as creating and executing a range of specialist security training.