On This Page

The Security Automation Lab

Threat Intelligence Pty Ltd | August 4-5 & August 6-7


The security industry is running fast towards security automation to increase the capability and capacity of security teams so they can effectively and efficiently stay on top of the constantly evolving threats, attacks and security breaches that occur every day!

We will take your security capabilities from "Tedius" to "Turbo" in 2 days flat! Learn how to implement streamlined security operations and optimize budgets through security automation, including:

  • Automating the collection and analysis of internal and external intelligence data
  • Automating targeted attacks to more frequently and efficiently identify security weaknesses and attack techniques
  • Automating security testing of applications to enforce a continuous security baseline
  • Automating incident response processes, data collection, analysis and response to efficiently contain security breaches
  • Automating preventative and responsive controls through integration with security devices and infrastructure
  • Automating the generation of real-time security visualization dashboards, threat reports, and alerts for critical operational security team actions
  • Automating the orchestration of end-to-end intelligence and security controls and analysis for immediate capability enhancements

Students are provided with their own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches. The aim of this course is to teach students how to automate the discovery and protection of security weaknesses whilst automatically responding to incidents and gaining visibility into the areas where further security automation can be enhanced.

Day 1:

  • Introductions
  • What is the demand for security automation?
  • Other Industries' Automation Achievements
  • Security Automation and Orchestration Introduction
  • Difference between Automation and Orchestration
  • Business Benefits from Security Automation
  • Automation in Different Organizations
  • Automatable Security Operations Areas
Lab 1 - Virtual Security Automation Environment
Lab 2 - Security Automation Tools
  • Automated Intelligence Collection and Analysis
  • External Intelligence Types and Sources
  • Internal Intelligence Types and Sources
  • Intelligence Collection Techniques
  • Transformation of Intelligence Data
  • Aggregation, Correlation and Analysis of Intelligence Data
Lab 3 - Orchestration and Automation of External Intelligence Collection and Transformation
Lab 4 - Orchestration and Automation of Internal Intelligence Collection and Transformation
Lab 5 - Automated Correlation of Intelligence Data
  • Automated Penetration Testing as Intelligence Collection
  • Orchestrating Repeatable Penetration Testing
  • Automating the Prioritization of Vulnerability Mitigation
  • Integrating Penetration Test Results with Ticketing Systems
  • Integrating Automated Security Testing into CI/CD Systems
Lab 6 - Automated Exploit Identification for Vulnerability Prioritization
Lab 7 - Automated Internal Penetration Testing
Lab 8 - Orchestrating Automated CI/CD Security Testing

Day 2:

  • Automated Incident Detection Techniques
  • Incident Detection through Intelligence Correlation
  • Automated Incident Investigation Intelligence Collection
  • Types of Incident Investigation Data
  • Automated Incident Investigation Intelligence Analysis
  • Automatically Extracting Indicators of Compromise
  • Automatically Searching for Indicators of Compromise
  • Automated Incident Response Actions
Lab 9 - Automated Incident Detection
Lab 10 - Automated Incident Data Collection
Lab 11 - Automated Extraction of IoCs
Lab 12 - Automated Incident Response Actions
  • Automated Security Infrastructure Orchestration
  • Types of Intelligence and Security Infrastructure
  • Automating Integration of Intelligence Data into Security Infrastructure
Lab 13 - Automated Security and Intelligence Infrastructure Orchestration
  • Operational Security Team Communication Types (Slack, Jira, etc)
  • Automating Security Alerts into Communication Channels
  • Automating Real-Time Charts and Visualizations
  • Automating Real-Time Tables
  • Automating Real-Time Dashboards
  • Automating Security Reporting - Intelligence
  • Automating Security Reporting - Vulnerability Tracking
  • Automating Security Reporting - Incident Response
  • Automating Security Reporting - Infrastructure Events
  • Automating Security Reporting - Automation Events
Lab 14 - Automating Security Alerts to Chat Channels
Lab 15 - Orchestrating Real-Time Dashboards
Lab 16 - Automated Security Reporting
  • Automated Security Operations Orchestration
  • Chaining Workflows for Repeatable Security Orchestration
Bonus Lab 17 - Chaining Workflows for Orchestrating Automation

Get ahead of the hackers and start automating the protection of your organization! Register now to secure your spot!

Who Should Take this Course

  • Penetration Testers, Security Officers, Security Auditors, System Administrators and anyone else who wants to automate the breaking or protection of an organisations network.

  • Anyone who is interested in security automation or looking to streamline their security operations are prime candidates for this course. Students will be taught from scratch everything they need to know to complete this course successfully and walk away with a thorough knowledge and practical skills on how to implement security automation.

  • Developers who want to learn how to integrate automated security testing into their CI/CD systems.

  • Managers who want to gain a more in depth understanding of how their organisations can leverage security automation to streamline security operations and budgets whilst enhancing their capabilities to get the most out of their security team.

Student Requirements

We will teach you everything you need to know from scratch! The course is designed to hold your hand at every step.

As long as you can "double-click" in Windows and use basic command line navigation in Linux, then we can take you from "Tedius" to "Turbo" in 2 days!

What Students Should Bring

  • A working laptop with a remote desktop client to RDP to their dedicated security automation environment
  • Wireless network adapter for internet access

What Students Will Be Provided With

Students are provided with their own dedicated cloud-based Security Automation environment consisting of servers and applications with a range of vulnerabilities that need protection from an onslaught of ongoing attacks and security breaches, as well as access to a security automation platform to automate the collection, identification, detection, analysis and response that is required to keep the environment secure.

On top of this, students will be provided with:

  • The Security Automation Lab workbook
  • Lab instructions and solutions


Ty Miller is the Managing Director of Threat Intelligence (www.threatintelligence.com) who are specialists in the area of security automation, penetration testing, cyber threat intelligence, and specialist security consulting. Ty has run "The Shellcode Lab" for the last 7 years at Black Hat USA, created the "Practical Threat Intelligence" course for Black Hat USA, and has now launched his latest Black Hat USA training being "The Security Automation Lab". Ty is a member of the Black Hat Asia Review Board and has presented at Black Hat on his development of "Reverse DNS Tunnelling Shellcode" and "The Active Directory Botnet". He also presented at Ruxcon on his development of the "BeEF Bind Shellcode" where he demonstrated how to force your web browser to exploit internal servers from the Internet. Ty also developed the Core Impact Pro covert DNS Channel for Core Security and was a co-author of "Hacking Exposed Linux 3rd Edition". Ty is on the CREST Australia and New Zealand Board of Directors, runs the CREST Australia and New Zealand Technical Team and is a CREST Certified Tester and Assessor. Ty's experience not only covers penetration testing and specialist security, it also expands into traditional and cloud security architecture designs, regulations like PCI, developing and running industry benchmark accreditations, performing forensic investigations, as well as creating and executing a range of specialist security training.

Ian Latter is the Chief Technology Officer at Threat Intelligence (www.threatintelligence.com). A 25 year veteran of the IT industry, Ian has spent over 20 years working in security in a number of positions including Penetration Tester, Security Architect, and a Security Governance role at a blue chip corporate. Ian has taught the Practical Threat Intelligence course at Black Hat USA and has spoken at key international hacking and security conferences including Defcon (USA), BSides (USA), COSAC (Ireland), Ruxcon (Australia), and Kiwicon (New Zealand). If he had spare time, Ian would be pursuing a number of private software and robotics projects, including the Barbie Car that he promised his daughter (wiser friends have advised that I finish this project before she's old enough to ask for a real Corvette).