Transcription
Washington, DC July 22-29P RO G R A M G U I D E@SANSInstitute#SANSFIRE
SANS OnDemand BundleAdd an OnDemand Bundle to your course to getan additional four months of intense training!OnDemand Bundles are just 689when added to your live course, and include: Four months of OnDemand access to our custome-learning platform Quizzes MP3s and Videos of lectures Labs Subject-matter-expert supportCOURSES FOR585Three ways to register!Visit the Registration Support desk onsiteCall (301) 654-SANSWrite to ondemand@sans.org
TA B L E O F CO N T E N TSNetWars Tournaments. . . . . . . . . . . . .1General Information. . . . . . . . . . . . . .2-3Course Schedule. . . . . . . . . . . . . . . .4-6GIAC Certifications. . . . . . . . . . . . . . .7Bonus Sessions . . . . . . . . . . . . . . . . . 8-21Vendor Events . . . . . . . . . . . . . . . . .22-24Future SANS Training Events . . . . . . . . .25Hotel Floorplans. . . . . . . . . . . . . . . .26-29Hosted by Jeff McJunkin & Tim MedinThursday, July 27 – Friday, July 286:30pm-9:30pm Marriott Ballroom Salon 2Hosted by Heather Mahalik & Philip HagenThursday, July 27 – Friday, July 286:30pm-9:30pm Marriott Ballroom Salon 1Hosted by Eric Conrad & Seth MisenarThursday, July 27 – Friday, July 287:15pm-10:15pm Washington 1All students who register for a 4-6 day coursewill be eligible to play NetWars for FREE.Space is limited. Please visit the Registration Supportdesk to register today.1
G E N E R A L I N F O R M AT I O NBadge & Courseware DistributionLocation: Convention Registration Desk (Lobby Level)Sat, July 22 – Sun, July 23 (SHORT COURSES ONLY). . . . . 8:00am-9:00amLocation: Exhibit Hall B (Exhibit Level)Sun, July 23 (WELCOME RECEPTION). . . . . . . . . . . . . . . . . . 5:00pm-7:00pmMon, July 24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7:00am-9:00amRegistration SupportLocation: Convention Registration Desk (Lobby Level)Mon, July 24 – Fri, July 28 . . . . . . . . . . . . . . . . . . 9:00am – 5:00pmSat, July 29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9:00am - 2:00pmInternet CaféLocation: Marriott Ballroom Foyer (Lobby Level)Mon, July 24 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Opens at noonTue, July 25 – Fri, July 28 . . . . . . . . . . . . . . . . . . . . . . Open 24 hoursSat, July 29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Closes at 2:00pmCourse TimesAll full-day courses will run 9:00am - 5:00pm (unless noted)Course BreaksMorning Coffee. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7:00am-9:00amMorning Break. . . . . . . . . . . . . . . . . . . . . . . . . . . 10:30am-10:50amLunch (ON YOUR OWN). . . . . . . . . . . . . . . . . . . . . . . . . . 12:15pm-1:30pmAfternoon Break. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3:00pm-3:20pmFirst Time at SANS?Please attend our Welcome to SANS talk designedto help you get the most from your SANS trainingexperience. The talk is from 8:00am-8:30am onMonday, July 24 in Marriott Ballroom Salon 1.2SANSFIRE 2017 Washington, DC July 22-29
Photography NoticeSANS may take photos of classroom activities for marketingpurposes. SANSFIRE 2017 attendees grant SANS all rights forsuch use without compensation, unless prohibited by law.Feedback Forms and Course EvaluationsThe SANS planning committee wants to know what we shouldkeep doing and what we need to improve – but we need yourhelp! Please take a moment to fill out an evaluation formafter each course day and bonus session and drop it in theevaluation box.Wear Your BadgeTo confirm you are in the right place, SANS door monitors willbe checking your badge for each course and event you enter.For your convenience, please wear your badge at all times.Bootcamp Sessions and Extended HoursThe following classes have evening bootcamp sessions orextended hours. For specific times, please refer to pages 4-6.Bootcamps (Attendance Mandatory)SEC401: Security Essentials Bootcamp StyleSEC511: Continuous Monitoring and Security OperationsSEC660: Advanced Penetration Testing, Exploit Writing, andEthical HackingMGT414: SANS Training Program for CISSP CertificationExtended Hours:SEC504: Hacker Tools, Techniques, Exploits, and IncidentHandlingSEC560: Network Penetration Testing and Ethical HackingMGT512: SANS Security Leadership Essentials for Managerswith Knowledge Compression SANSFIRE 2017 Washington, DC July 22-293
COURSE SCHEDULESTART DATE: Saturday,July 22Time: 9:00am - 5:00pm (Unless otherwise noted)SEC440: Critical Security Controls: Planning, Implementing,and AuditingRandy Marchany . . . . . . . . . . . . . . . . Location: Virginia Suite ASEC524: Cloud Security FundamentalsDave Shackleford. . . . . . . . . . . . . . . . . . . Location: Roosevelt 4SEC546: IPv6 EssentialsDr. Johannes Ullrich. . . . . . . . . . . . . . . . . Location: Maryland BSEC567: Social Engineering for Penetration TestersMicah Hoffman. . . . . . . . . . . . . . . . . . . . . Location: Maryland CSEC580: Metasploit Kung Fu for Enterprise Pen TestingChristopher Crowley. . . . . . . . . . . . . . . . Location: Roosevelt 1MGT415: A Practical Introduction to Cyber Security RiskManagementJames Tarala. . . . . . . . . . . . . . . . . . . . . . . . . Location: McKinleyMGT433: Securing The Human: How to Build, Maintain, andMeasure a High-Impact Awareness ProgramLance Spitzner. . . . . . . . . . . . . . . . . . . . . Location: Roosevelt 5DEV531: Defending Mobile Applications Security EssentialsGregory Leonard . . . . . . . . . . . . . . . . . . . Location: Roosevelt 2DEV534: Secure DevOps: A Practical IntroductionFrank Kim . . . . . . . . . . . . . . . . . . . . . . . . . Location: Roosevelt 3START DATE: Sunday,June 23Time: 9:00am - 5:00pm (Unless otherwise noted)MGT305: Technical Communication and Presentation Skillsfor Security ProfessionalsDavid Hoelzer. . . . . . . . . . . . . . . . . . . . . . . . . Location: CoolidgeSTART DATE: Monday,July 24Time: 9:00am - 5:00pm (Unless otherwise noted)SEC301: Intro to Information SecurityKeith Palmgren. . . . . . . . . . . . . . . . . . Location: Virginia Suite ASEC401: Security Essentials Bootcamp StyleBryan Simon. . . . . . . . . . . . . . . . . . . . . Location: Washington 2Bootcamp Hours: 5:00pm - 7:00pm (Course days 1-5)SEC501: Advanced Security Essentials – Enterprise DefenderPaul A. Henry . . . . . . . . . . . . . . . . . . . . . . . . . . Location: HooverSEC503: Intrusion Detection In-DepthDavid Hoelzer. . . . . . . . . . . . . . . . . . . . Location: Washington 64SANSFIRE 2017 Washington, DC July 22-29
SEC504: H acker Tools, Techniques, Exploits & Incident HandlingJohn Strand . . . . . . . . . . . Location: Marriott Ballroom Salon 3Extended Hours: 5:00pm - 7:15pm (Course Day 1 only)SEC505: Securing Windows and PowerShell AutomationJason Fossen. . . . . . . . . . . . . . . . . . . . . . . Location: Roosevelt 4SEC506: Securing Linux/UnixHal Pomeranz. . . . . . . . . . . . . . . . . . . . . . . Location: Madison ASEC511: Continuous Monitoring and Security OperationsEric Conrad. . . . . . . . . . . . . . . . . . . . . . Location: Washington 1Bootcamp Hours: 5:15pm - 7:00pm (Course days 1-5)SEC542: Web App Penetration Testing and Ethical HackingSeth Misenar . . . . . . . . . . . . . . . . . . . . . . . . Location: Balcony ASEC550: Active Defense, Offensive Countermeasures andCyber DeceptionBryce Galbraith . . . . . . . . . . . . . . . . . . . . . . . Location: Wilson ASEC560: Network Penetration Testing and Ethical HackingEd Skoudis . . . . . . . . . . . Location: Marriott Ballroom Salon 2Extended Hours: 5:00pm - 7:15pm (Course Day 1 only)Extended hours will be led by John Strand in the SEC504classroom located in Marriott Ballroom Salon 3SEC561: Immersive Hands-on Hacking TechniquesKevin Fiscus . . . . . . . . . . . . . . . . . . . . . . . . . . . Location: JacksonSEC566: Implementing and Auditing the Critical SecurityControls – In-DepthJames Tarala. . . . . . . . . . . . . . . . . . . . . . . Location: Roosevelt 5SEC573: Automating Information Security with PythonMark Baggett . . . . . . . . . . . . . . . . . . . . . . Location: Roosevelt 1SEC575: Mobile Device Security and Ethical HackingPeter Szczepankiewicz. . . . . . . . . . . . . . . . . Location: Wilson CSEC579: Virtualization and Software-Defined SecurityDave Shackleford. . . . . . . . . . . . . . . . Location: Virginia Suite BSEC642: Advanced Web App Penetration Testing, EthicalHacking, and Exploitation TechniquesAdrien de Beaupre . . . . . . . . . . . . Location: Maryland Suite CSEC660: Advanced Penetration Testing, Exploit Writing,and Ethical HackingTim Medin. . . . . . . . . . . . . . . . . . . . Location: Deleware Suite BBootcamp Hours: 5:15pm - 7:00pm (Course days 1-5)FOR500: Windows Forensic AnalysisRob Lee . . . . . . . . . . . . . . . . . . . . . . . . . Location: Washington 5FOR508: Advanced Digital Forensics, Incident Response, andThreat HuntingChad Tilbury. . . . . . . . . . . . . . . . . . . . . Location: Washington 3SANSFIRE 2017 Washington, DC July 22-295
COURSE SCHEDULEFOR526: Memory Forensics In-DepthAlissa Torres. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Location: TylerFOR572: Advanced Network Forensics and AnalysisPhilip Hagen. . . . . . . . . . . . . . . . . . . . . Location: Washington 4FOR578: Cyber Threat IntelligenceJake Williams . . . . . . . . . . . . . . . . . Location: Maryland Suite BFOR585: Advanced Smartphone ForensicsHeather Mahalik . . . . . . . . . . . . . . Location: Maryland Suite AFOR610: Reverse-Engineering Malware: Malware AnalysisTools and TechniquesLenny Zeltser. . . . . . . . . Location: Marriott Ballroom Salon 1MGT414: SANS Training Program for CISSP CertificationDavid R. Miller . . . . . . . . . . . . . . . . . . . . . Location: Roosevelt 3Bootcamp Hours: 8:00am - 9:00am (Course days 2-6) &5:00pm - 7:00pm (Course days 1-5)MGT512: SANS Security Leadership Essentials for Managerswith Knowledge Compression Ted Demopoulos. . . . . . . . . . . . . . . . . . . . . Location: Balcony BExtended Hours: 5:00pm - 6:00pm (Course days 1-4)MGT514: IT Security Strategic Planning, Policy, and LeadershipFrank Kim . . . . . . . . . . . . . . . . . . . . . . . . . . . . Location: Wilson BMGT517: Managing Security Operations:Detection, Response, and IntelligenceChristopher Crowley. . . . . . . . . . . . . Location: Virginia Suite CMGT525: IT Project Management, Effective Communication,and PMP Exam PrepJeff Frisk. . . . . . . . . . . . . . . . . . . . . . Location: Delaware Suite ADEV522: Defending Web Applications Security EssentialsJason Lam. . . . . . . . . . . . . . . . . . . . . . . . . . Location: Madison BDEV541: Secure Coding in Java/JEE: Developing DefensibleApplicationsGregory Leonard . . . . . . . . . . . . . . . . . . . . . Location: McKinleyDEV544: Secure Coding in .NET: Developing DefensibleApplicationsEric Johnson. . . . . . . . . . . . . . . . . . . . . . . . . . Location: JohnsonAUD507: Auditing & Monitoring Networks, Perimeters,and SystemsClay Risenhoover. . . . . . . . . . . . . . . . . . . Location: Roosevelt 2LEG523: Law of Data Security and InvestigationsBenjamin Wright . . . . . . . . . . . . . . . . . . . . . . Location: HardingICS410: ICS/SCADA Security EssentialsEric Cornelius. . . . . . . . . . . . . . . . . . . . . . . . . Location: Coolidge6SANSFIRE 2017 Washington, DC July 22-29
Add a GIAC Certificationwith your SANS training atSANSFIRE 2017 andSAVE 360!In the information security industry, certificationmatters. GIAC Certifications offer skills-basedcertifications that go beyond high-level theoryand test true hands-on and pragmatic skill setsthat are highly regarded in the InfoSec industry.Pay just 689 when you bundle your certificationattempt with your SANS training course duringSANSFIRE 2017 for a savings of 360! After this event isover, the alumni bundle price goes to 1,049.Stop by the Registration Support deskand add your GIAC-affiliated certificationbefore the last day of class for the discount.Find out more about GIAC atwww.giac.org or call 301-654-7267.7
BONUS SESSIONSEnrich your SANS experience!Morning and evening talks given by our faculty andselected subject matter experts help you broadenyour knowledge, get the most for your training dollar,and hear from the voices that matter in network andcomputer security.S U N D AY, J U LY 2 3Welcome ReceptionSunday, July 23 5:00pm-7:00pmLocation: Exhibit Hall BCheck in early and network with your fellow students!M O N D AY, J U LY 2 4SPECIAL EVENTGeneral Session – Welcome to SANSSpeaker: Dr. Johannes UllrichMonday, July 24 8:00am-8:30am Location: Marriott Ballroom Salon 1Join us for a 30-minute overview to help you get the most out ofyour SANS training experience. You will receive event informationand learn about programs and resources offered by SANS. This briefsession will answer many questions and get your training experienceoff to a great start. This session will be valuable to all attendees butis highly recommended for first time attendees.KEYNOTEState of the Internet Panel DiscussionSpeakers: Internet Storm Center HandlersMonday, July 24 7:15pm-9:15pm Location: Marriott Ballroom Salon 1SANSFIRE offers the greatest opportunity to meet Internet StormCenter handlers from around the world, and our most popular bonussession is their “State of the Internet” panel discussion. Duringthis session, you will have the chance to hear from our handlersand ask their opinions and insights on current threats. This is aunique opportunity you will only have at SANSFIRE – a dozen of theindustry’s brightest minds at your disposal for two
Lenny Zeltser Location: Marriott Ballroom Salon 1 MGT414: SANS Training Program for CISSP Certification David R Miller Location: Roosevelt 3 Bootcamp Hours: 8:00am - 9:00am (Course days 2-6) & 5:00pm - 7:00pm (Course days 1-5) MGT512: SANS Security Leadership Essentials for Managers
