Hello all, this is my review of Security University and its Qualified Network Defender course. Security University is a security training company with its main product line being the Q/Information Security Professional (QISP) Program. What differentiates SU for me is its claim of hands on training, and its reviews from the community. Most of SU's students are government, This can be seen on the SU website, and indeed, I saw as much in my class. Before attending the class, I contacted one of the professionals listed on their site and spoke to him, he confirmed SU's high level of training and hands on methods. Now the QND is generally slotted as the last class in the QISP set of classes, combining experience received in the previous courses. However, in some cases if an individual has previous security knowledge/experience, it may be possible/advisable to take the QND when desired.
Approximately a week prior to the course I received the pre-class material, in this case a set of questions mapping to the course objectives. This was my first preview of what was to come. I must admit myself surprised, these were not your standard questions. I had everything from definition of terms, to the proper was to write a firewall rule. Not just a collection of true false questions, we were occasionally asked to examine network diagrams and evaluate security practices or setups. I enjoyed it, though it did confirm the gaps in my knowledge I hoped to fill. I arrived at the QND location early and met the Course Instructor and the CEO of SU. A complementary breakfast and snacks were provided. Worth noting here is that SU recently moved locations, but this really did not affect our experience at all. The staff had obviously insured everything was in working condition prior to the class. The materials are provided, including a laptop and training booklet, lab guide, ect. Of note is that you are advised to bring a separate laptop and an external drive to copy the tools, and vm's that you have the opportunity to receive, including your own SIEM that you will build over the course of the week. While initially I considered just putting things on my laptop, I found myself very glad I brought a large external when I saw the size of some of the vm's.
Our course Instructor was H. Morrow Long from Yale University (I HAVE A YALE INSTRUCTOR!!!!) his bio can be found here (http://www.educause.edu/Community/MemDi ... Long/43096) but basically he is the CIO for Yale, has worked with Carnegie Mellon University, Infragard, and teaches Computer Science.
EDIT: So, the executive review, for those who don't want to read the wall of text: Good course. The course is part of a series and designed to be taken at the end. I would advise following that model. You aren't going to read 5 huge books like with some other companies. One book, one lab guide. Labs are good, do them, maybe more than once. Do all the exercises during the class. You won't necessarily learn new network defense techniques if you already know how security is implemented in today's networks. what you will learn is what we have, why, and that they can work if implemented. The feedback from the students, companies just dont want to do it. They are going to make you integrate ipods and iphones and androids into your network. They are not going to let you implement NAC. So this course will give you the knowledge and some experience, its up to you to put it into action.
Day 1 starts off early and is slotted to cover Policy Auditing. The course starts with what in my opinion is an explanation of the need for CND Talking about the continued existence and explosion of Malware in recent years, the rise of client side exploits as the initial point of intrusion into the network, risk management, C&A, and the mission for our week. We are tasked with using the information presented during the week to build a secure Network Defense Architecture. We move right into our first lab. Honestly, it was interesting, we attempted to build a quick network diagram with what we have learned so far, so mine included the required networks, numerous firewalls, vpn connections, IDS placement, ect. It doesnt immediately seem to mesh with the focus on policy that we have had, but it does make you think about how policy should be implemented in the planning process. Rather than simply rolling out devices and trying to secure the network afterwards, you can see the benefit, and the work involved with trying to plan first, and then work off your diagrams.
The second part of the day goes into vulnerability analysis. I enjoyed this portion as it is something that wasnt specifically covered as I would have liked in previous training I received. Our second lab included looking up several vulnerabilities, find the CVE, and then use the CVSS calculator to determine the impact rating, and how they would effect your organization.
Anyway, a good first day. Thanks for reading!