Security Devops Training

by Alex Radocea & Philip Olaussonr

Date: November 7th (TUE) - 8th (WED), 2017
Venue: BELLE SALLE Shinjuku Grand 5F- Room C
Price: 200,000 JPY (Inc.TAX)(*Include 2day conference ticket for training attendee)
Capacity: 20 students (*Minimum students count is six)
* Talks in English.

Security Devops Training

Do you and your team have the security monitoring capabilities to detect and stop a real world attack? Learn to defend your organisation using open source technologies with concepts that can be applied to any environment.
In this training you’ll be given Linux servers to defend, and as your systems are being actively attacked you will learn to use operating system security features and tools such as ELK, ElastAlert, OSQuery, Auditd, inotify, and Bro to monitor them. The environment runs attack simulations based on real world intrusions that have breached F500 companies in recent history. Along with a newfound system visibility, you’ll also learn how to automate security alerting and analyze data at scale and perform anomaly detection. And to wrap things up we’ll run an incident response scenario and we’ll see if you have what it takes to find out what happened.
This training is based on experience defending 15,000+ Linux systems for a large organization where our then-handful sized team built monitoring infrastructure to detect and prevent breaches and stop intrusions.

Day 1: Security Features & Setup
Day 2: Hands on Attack & Defense

11/7 09:00-17:00 @Room D (08:30 reg start)
11/8 09:00-16:00 @Room D+C (08:30 reg start)

Day 1 - 11/7
Topics: Collecting Telemetry, Alerting, and Security Disaster Incident Response Training (SDIRT) exercises
09:00 - 09:30 Introduction & Schedule
09:30 - 10:00 Working with the environment, testing access,
10:00 - 10:05 5 minute break
10:05 - 12:00 Collecting Telemetry, Visualising & SDIRT Exercise #1, Alerting
12:00 - 13:00 Lunch
13:00 - 14:00 Collecting Network Data & SDIRT Exercise #2
14:00 - 14:15 15 minute break
14:15 - 15:00 Network Data Exercises, Alerting
15:00 - 15:15 15 minute break
15:15 - 16:00 SDIRT Exercise #3
16:00 - 17:00 Wrap up, Q&A, Team Preparation for Day #2

Day 2 — 11/8
Topics: Evasion, defence Simulation, Attack & Defence Simulation
09:00 - 10:00 Explanation of Today’s Schedule & Evasion Topics
10:00 - 10:10 10 min break
10:10 - 10:45 Group Practice Run
10:45 - 12:00 Team preparation, questions
12:00 - 13:00 Lunch Break
13:00 - 14:00 Phase 1: Defence
14:00 - 14:15 15 minute break
14:15 - 15:45 Phase 2: Attack & Defence Phase 2
15:45 - 16:00 Wrap up & Summary

Who should take this course
Security Operations teams, IT & Infrastructure teams responsible for systems security, red teams running attack simulations, blue teams defending systems, forensics analysts, and people working with incident response.

Student requirements
Basic understanding of scripting concepts, basic computer network knowledge, Linux/UNIX OS fundamentals.

What students should bring
- Laptop with at least 8GB of RAM and 20GB of free disk space
- Virtualization software capable of running VMDKs (VirtualBox)
- Desire to learn how to protect and monitor computer networksbr>

What students will be provided with
- Git repository with scripts for data collection
- Docker configuration for all tools and training systems
- ELK configuration files

Alex Radocea

Trainer: Alex Radocea

Alex Radocea started in Security by testing firms from an office on Wall St at Matasano. He's worked on Product Security at Apple, Crowdstrike, and most recently the Security team at Spotify before cofounding Longterm Security, Inc.

Philip Olausson

Trainer: Philip Olausson

Philip Olausson leads over a decade of experience in computer security. After working as a consultant, he started his own company improving the security posture of internet and finance companies.