Document Sample
brochure Powered By Docstoc
					                                      San Francisco, CA • November 7 - 12, 2010
                                     Hands-on immersion training programs:

                                     SANS Security Essentials Bootcamp Style
                                           Hacker Techniques, Exploits,
                                             and Incident Handling
                                           Computer Forensic Essentials
                                    Auditing Networks, Perimeters, and Systems
                                          SANS® +S™ Training Program for
                                           the CISSP® Certi cation Exam
                                                Network Forensics

                                          “SANS courses equip you with
                                       knowledge you can use immediately!
                                          They are worth every penny!”
                                            -BARRY LYONS IV, NORTHROP GRUMMAN

   GIAC Approved Training

          Register at
   Dear Colleagues,
   SANS is bringing six of our most popular courses to SANS San Francisco
   2010, November 7 - 12. Enhance your skills by taking advantage of this
   hands-on security training loaded with practical tools and cutting-edge
   information. Learn about network security, hacker techniques and incident
   handling, auditing networks, and computer and network forensics.
   SEC401: SANS Security Essentials Bootcamp Style * – (GSEC) – Stephen Sims
   SEC504: Hacker Techniques, Exploits & Incident Handling * – (GCIH) – John Strand
                                                                                                           Stephen Northcutt
   AUD507: Auditing Networks, Perimeters, and Systems * – (GSNA) – Rick Smith, SAIC
   MGT414: SANS® +S™ Training Program for the CISSP® Certi cation Exam * – (GISP) – Tanya Baccam
   FOR408: Computer Forensic Essentials – (GCFE) – Michael Murr
   FOR558: Network Forensics – Alan Ptak
   * Courses in alignment with DoD Directive 8570 requirements for Baseline IA Certifications.

   If you’ve been thinking about GIAC Certification, now is a great time to move forward with that
   goal, as four of our courses qualify for GIAC attempts. Not sure what you need to help advance
   your chosen career path? The Roadmap included in the brochure provides valuable information
   about which course will help you meet your career goals.
   Looking to get more value out of your San Francisco experience? Enhance your training with our
   evening events, which are included as part of your registration fee. Watch the SANS Web site for
   information on SANS@Night talks as they are added to the event schedule.
   Register by September 22, and save $400 on tuition fees. You’ll see why SANS is the most trusted
   source in computer security training, certification, and research. SANS training is well-known
   for being relevant and pragmatic. Our award-winning faculty has proven they understand the
   challenges you face on a daily basis. Their real-world experience increases the practical value of
   the course material. Here’s what SANS San Francisco 2009 attendees had to say about the value of
   SANS training:
            “It opened my eyes to the potential dangers our users face every day.” -ALBERT CISNEROS, FRANCHISE TAX BOARD
    “The class (SEC504) sends you home with the tools you need to do your job better.” -KEVIN MEADOWS, NORTHRUP GRUMMAN
   From our host hotel, the Hilton San Francisco Union Square, you will have easy walking access
   to famous San Francisco neighborhoods like Chinatown and Nob Hill. Cable cars can take you to
   Fisherman’s Wharf and all the dining and shopping that you could ever want. Picture yourself on
   a bench at Fisherman’s Wharf enjoying some Ghirardelli chocolate or clam chowder in a bread
   bowl while watching the seals or the picturesque bay.
   Come see for yourself - register today for SANS San Francisco 2010.
   Kind Regards,
                                                                                   “Hands-on experience –
                                                                                there is no substitution for it!”
   Stephen Northcutt                                                                -LUCAS SWEANY, COUNTY OF MONTEREY
   The SANS Technology Institute, a postgraduate computer security college

Courses-at-a-Glance                                                                             SUN MON     TUE   WED   THU   FRI
                                                                                                11/7 11/8 11/9 11/10 11/11 11/12

AUD507 Auditing Networks, Perimeters, and Systems                                               PAGE 1

MGT414 SANS® +S™ Training Program for the CISSP® Cert Exam                                      PAGE 2

SEC401 SANS Security Essentials Bootcamp Style                                                  PAGE 3

SEC504 Hacker Techniques, Exploits, and Incident Handling                                       PAGE 4

FOR408 Computer Forensic Essentials                                                             PAGE 5

FOR558 Network Forensics                                                                        PAGE 6

Registration Information . . . . . . . . . . . . . . . . . . . 7          SANS Training and Your Career Roadmap . . . . .8-9
Hotel Information. . . . . . . . . . . . . . . . . . . . . . . . . . 7    Future SANS Training Events . . . . . . . . . Back Cover
   Auditing Networks, Perimeters,
            and Systems                                                                     AUD507
One of the most significant obstacles facing many                                               Six-Day Course
auditors today is how exactly to go about auditing the                                  Sun, Nov 7 - Fri, Nov 12, 2010
security of an enterprise.                                                                    9:00am - 5:00pm
What systems really matter? How do we prioritize the audits that                               36 CPE Credits
need to be performed and determine the scope of each? How do                                  Laptop Required
you validate the security of the perimeter? What settings should                           Instructor: Rick Smith
be checked on the various systems under scrutiny? Which set of
processes can be put into place to allow an auditor to focus on                      Who Should Attend
the business processes rather than the security settings?                            • Auditors seeking to identify key
This course is organized specifically to provide a risk-driven                          controls in IT systems
method for tackling the enormous task of designing an                                • Audit professionals looking for
enterprise security validation program. After covering high-                           technical details on IT auditing
level audit issues and general audit best practices, students                        • Managers responsible for
                                                                                       overseeing the work of an IT audit
will have the opportunity to dive into the technical how-to for
                                                                                       or security team
determining the key controls that can be used to provide a
                                                                                     • Security professionals newly tasked
level of assurance to an organization. Tips on how to repeatedly                       with audit responsibilities
verify these controls and techniques for automatic compliance
                                                                                     • System and network administrators
validation will come from real-world examples.                                         looking to better understand what
One of the struggles that IT auditors face is helping                                  an auditor is trying to achieve,
management understand the relationship between the technical                           how they think, and how to better
                                                                                       prepare for an audit
controls and the risks to the business. The instructor will use
                                                                                     • System and network administrators
validated information from real-world situations to explain how
                                                                                       seeking to create strong change
they can be used to raise the awareness of management and                              control management and detection
others within the organization to understand why these controls                        systems for the enterprise
specifically, and auditing in general, are important. Each student
is invited to bring a Windows XP Professional or higher laptop for
use during class. Macintosh computers running OS X may also
be used with VMware Fusion.
A great audit is more than marks on a checklist; it is the
understanding of the underlying controls, knowing what
                                                                                              GIAC Certification
the best practices are, and having enough information to                              
understand why. Sign up for this course and experience the mix
of theory, hands-on, and practical knowledge.

                               Rick Smith SANS Certified Instructor                            DoD 8570 Required
                                 Rick Smith is a Principal Cyber Security Engineer
                                 for Science Application INternational Corporation
                                 (SAIC) where he provides information security
                                 consulting services to Department of Defense,
                                 other federal civilian government agencies, and
                                 commercial organization. He previously worked
in SAIC’s Common Criteria and Cryptographic Module Testing Laboratories. Rick
holds the GIAC Security Expert certi cation and several other GIAC certi cations             STI Masters Program
including GSNA, G7799, GCFA, GPEN, and GWAPT. His other IT certi cations
include CISSP, ISSEP, CISA and, MCSE+I. Rick has been active within the SANS                    Register at
community, he serves as: a member of the GIAC Advisory Board and as an
instructor in the Community SANS and SANS Stay Sharp Programs. He completed
the Masters of Information Security Engineering degree from The SANS
Technology Institute (STI) in September 2009.                                                                             1
                                            SANS® +S™ Training Program for
    MGT414                                   the CISSP® Certi cation Exam
       Six-Day Course                   Over the past four years, 98% of all respondents who studied
Sun, Nov 7 - Fri, Nov 12, 2010          our SANS® +S™ Training Program for the CISSP® Certification
   9:00am - 7:00pm (Day 1)              Exam and then took the exam passed, compared to a
 8:00am - 7:00pm (Days 2-5)             national average of around 70% for other prep courses.
   8:00am - 5:00pm (Day 6)              This is an accelerated review course           Obtaining your CISSP®
        51 CPE Credits                  that assumes the student has a basic certification consists of:
  Instructor: Tanya Baccam              understanding of networks and                  • Ful lling minimum requirements
                                                                                         for professional work experience
                                        operating systems and focuses solely
                                                                                       • Completing the Candidate
Who Should Attend                       on the 10 domains of knowledge as                Agreement
• Security professionals who are        determined by (ISC)2:                          • Periodic audit based on submission
  interested in understanding the       Domain 1 - Information Security Governance of resume
  concepts covered in the CISSP®                                                       • Passing the CISSP® 250 multiple-
  exam as determined by (ISC)2
                                                   & Risk Management
                                                                                         choice question exam with a scaled
• Managers who want to
                                        Domain 2 - Access Controls                       score of 700 points or greater
  understand the critical areas of      Domain 3 - Cryptography                        • Submitting a properly completed
  network security                                                                       and executed Endorsement Form
                                        Domain 4 - Physical (Environmental) Security
• System, security, and network
                                        Domain 5 - Security Architecture & Design
  administrators who want to
  understand the pragmatic              Domain 6 - Business Continuity & Disaster Recovery Planning
  applications of the CISSP® 10         Domain 7 - Telecommunications & Network Security
                                        Domain 8 - Application Security
• Security professionals and
  managers looking for practical        Domain 9 - Operations Security
  ways the 10 domains of                Domain 10 - Legal, Regulations,
  knowledge can be applied to their     Compliance & Investigations
  current job
• In short, if you desire a CISSP or    Each domain of knowl-
  your job requires it, MGT414 is the   edge is dissected into its
  training for you                      critical components. Every       BOOT CAMP
                                        component is discussed           This session has extended hours.
                                        in terms of its relationship       Evening Bootcamp Sessions:
                                                                             5:15pm - 7:00pm days 1 - 5.
                                        to other components and
                                                                           Morning Bootcamp Sessions:
                                        other areas of network               8:00am - 9:00am days 2 - 6.
                                        security. After completion
                                        of the course, the student will have a good working knowledge
                                        of the 10 domains of knowledge and, with proper preparation,
      GIAC Certification                 be ready to take and pass the CISSP® exam.                    Note: The o cial (ISC)2 courseware and the CISSP® exam are NOT provided as part of the training.

                                                         Tanya Baccam Senior Instructor
                                                         Tanya is a SANS senior instructor as well as a SANS courseware
                                                         author. She provides many security consulting services for clients,
                                                         such as system audits, vulnerability and risk assessments, database
     DoD 8570 Required                                   audits, and Web application audits. Tanya has previously worked as
                                                         the director of assurance services for a security services consulting
                                                           rm and the manager of infrastructure security for a healthcare
                                                            organization. She also served as a manager at Deloitte & Touche
                                                              in the Security Services practice. Throughout her career she’s
                                                                consulted with many clients about their security architecture,
                                                                  including areas such as perimeter security, network
                                                                    infrastructure design, system audits, Web server security,
                                                                    and database security. She has played an integral role in
                                                                    developing multiple business applications and currently
                                                                    holds the CPA, GCFW, GCIH, CISSP, CISM, CISA, CCNA, and
2                                                                   Oracle DBA certi cations.
             SANS Security Essentials
                Bootcamp Style                                                                   SEC401
This course is endorsed by the Committee on National Security                                        Six-Day Course
Systems (CNSS) NSTISSI 4013 Standard for Systems Administrators in                            Sun, Nov 7 - Fri, Nov 12, 2010
Information Systems Security (INFOSEC).
                                                                                               9:00am - 7:00pm (Days 1-5)
Maximize your training time and turbo-charge your career                                        9:00am - 5:00pm (Day 6)
in security by learning the full SANS Security Essentials                                            46 CPE Credits
curriculum needed to qualify for the GSEC certification.                                             Laptop Required
Security Essentials is designed to give anyone interested in net-                               Instructor: Stephen Sims
work security the skills required to be an effective player in this
arena. This in-depth, comprehensive course provides the essen-                             Who Should Attend
tial, up-to-the-minute knowledge and skills required for securing                          • Security professionals who want to
systems and organizations, and equips you with the language                                   ll the gaps in their understanding
and theory of computer security. Learn all of this and more from                             of technical information security
the best security instructors in the industry.                                             • Network engineers wanting to
                                                                                             enter the eld of security
                                                                                           • Security engineers, admins, man-
       B O O T                                 C A M P                                       agers, and others wanting a more
                                                                                             detailed understanding of the
                                                                                             technical components of security
                                                                                           • Anyone new to information secu-
                  Security 401 PARTICIPANTS ONLY                                             rity with some background in infor-
                                                                                             mation systems and networking
         5:15pm - 7:00pm - Required — Course Days 1-5
                                                                                           • Individuals with operational
Attendance is required for the evening bootcamp sessions as the information presented        responsibility for a rewall, VPN, or
appears on the GIAC exams. These daily bootcamps give you the opportunity to apply           Internet-facing device
the knowledge gained throughout the course in an instructor-led environment. It
helps ll your toolbox with valuable tools you can use to solve problems when you go
back to work. The material covered is based on Dr. Eric Cole’s “cookbook for geeks,” and
most students nd it to be one of the highlights of their Security Essentials experience!
Students will have the opportunity to install, con gure, and use the tools and
techniques they have learned. CDs containing the software required will be provided
for each student. Students should arrive with a laptop properly con gured. A working                GIAC Certification
knowledge of each operating system is recommended but not required. For students            
who do not wish to build a dual boot machine, SANS will provide a bootable Linux CD
for the Linux exercises.

Stephen Sims SANS Certified Instructor
Stephen Sims is an information security consultant currently working for
Wells Fargo in San Francisco, California. He has spent the past eight years in
San Francisco working for several large nancial institutions on network and
systems security, penetration testing, exploitation development,
risk assessment and management. Prior to San Francisco,                                     Cyber Guardian Program
Stephen worked in the Baltimore/DC area as a network
security engineer for companies such as General Motors and
Sylvan Prometric. He is one of only a handful of individuals
who hold the GIAC Security Expert (GSE) Certi cation and
also helps to author and maintain the current
version of the exam. He is a SANS                                                                DoD 8570 Required
certi ed instructor and the
course author of SANS’ rst
and only 700-level course,
SEC709: Developing Exploits for
Penetration Testers and Security
Researchers. Stephen also holds
the CISSP, CISA, and Network
O ense Professional (NOP)
                                                                                                 STI Masters Program
certi cation, amongst others.                                                             
                                                Hacker Techniques, Exploits,
        SEC504                                    and Incident Handling
         Six-Day Course                 If your organization has an Internet connection or
  Sun, Nov 7 - Fri, Nov 12, 2010        a disgruntled employee (and whose doesn’t!), your
        9:00am - 5:00pm                 computer systems will get attacked.
         36 CPE Credits                 From the five, ten, or even one hundred daily probes against your
        Laptop Required                 Internet infrastructure to the malicious insider slowly creeping
    Instructor: John Strand             through your most vital information assets to the spyware your
                                        otherwise wholesome users inadvertently downloaded, attackers
 Who Should Attend                      are targeting your systems with increasing viciousness and stealth.
 • Incident handlers                    By helping you understand attackers’ tactics and strategies in de-
 • Leaders of incident handling teams   tail, giving you hands-on experience in finding vulnerabilities and
                                        discovering intrusions, and equipping you with a comprehensive
 • System administrators who are
   on the front lines defending their   incident handling plan, the in-depth information helps you turn
   systems and responding to attacks    the tables on computer attackers. This course addresses the latest
 • Other security personnel who are     cutting-edge insidious attack vectors, the ‘oldie-but-goodie’ at-
    rst responders when systems         tacks that are still so prevalent, and everything in between. Instead
   come under attack                    of merely teaching a few hack attack tricks, this course includes
                                        a time-tested, step-by-step process for responding to computer
                                        incidents; a detailed description of how attackers undermine
                                        systems so you can prepare, detect, and respond to them; and a
                                        hands-on workshop for discovering holes before the bad guys.
                                        This workshop also includes the unique SANS Capture-the-Flag
                                        event on the last day where you will apply your skills developed
       GIAC Certification                throughout the session to match wits with your fellow students
                                        and instructor in a fun and engaging learning environment. You’ll
                                        get to attack the systems in our lab and capture the flags to help
                                        make the lessons from the whole week more concrete. Addition-
                                        ally, the course explores the legal issues associated with respond-
                                        ing to computer attacks, including employee monitoring, working
                                        with law enforcement, and handling evidence.
                                        This challenging course is particularly well suited to individuals
 Cyber Guardian Program
                                        who lead or are a part of an incident handling team. Furthermore,             general security practitioners, system administrators, and security
                                        architects will benefit by understanding how to design, build, and
                                        operate their systems to prevent, detect, and respond to attacks.

                                        John Strand SANS Certified Instructor
     DoD 8570 Required
                                        John Strand currently is the owner and senior security researcher with Black Hills                  Information Security, and a consultant with Argotek, Inc for TS/SCI programs. As a
                                        certi ed SANS instructor he teaches: 504 “Hacker Techniques, Exploits and Incident
                                        Handling,” 517, “Cutting Edge Hacking Techniques,” and 560 “Network Penetration
                                          Testing.” He is a contributing author of Nagios 3 Enterprise Network Monitoring,
                                               and a regular contributor to SearchSecurity’s “Ask the Expert” series on
                                                   the latest information security threats. He also regularly posts videos
                                                   demonstrating the latest computer attacks and defenses at
                                                   album/26207. He started the practice of computer security with Accenture
                                                   Consulting in the areas of intrusion detection, incident response, and
     STI Masters Program
                                                                vulnerability assessment/penetration testing. John then
                                                                               moved on to Northrop Grumman specializing
                                                                                in DCID 6/3 PL3-PL5 (multi-level security
                                                                                solutions), security architectures, and program
                                                                                certi cation and accreditation. He has a
                                                                                master’s degree from Denver University and is
                                                                                currently also a professor at Denver University.
                                                                                In his spare time he writes loud rock music and
 4                                                                              makes various futile attempts at y- shing.
       Computer Forensic Essentials                                                                 FOR408
Master computer forensics.                                                                             Six-Day Course
Learn essential investigation techniques.                                                       Sun, Nov 7 - Fri, Nov 12, 2010
With today’s ever-changing technologies and environments,                                             9:00am - 5:00pm
it is inevitable that organizations will deal with some form of                                        36 CPE Credits
cyber crime, such as computer fraud, insider threat, industrial                                       Laptop Required
espionage, or phishing. As a result, many organizations are hir-                                   Instructor: Mike Murr
ing digital forensic professionals and are callling cybercrime law
enforcement agents to help fight and solve these types of crime.                               Who Should Attend
FOR408: Computer Forensic Essentials focuses on the essentials                                • Information technology
that a forensic investigator must know to investigate core com-                                 professionals who wish to learn
puter crime incidents successfully. You will learn how computer                                 core concepts in computer forensics
forensic analysts focus on collecting and analyzing data from
computer systems to track user-based activity that could be                                   • Law enforcement o cers, federal
                                                                                                agents, or detectives who desire
used internally or in civil/criminal litigation.
                                                                                                to be introduced to core forensic
This course covers the fundamental steps of the in-depth com-                                   techniques and topics
puter forensic methodology so that each student will have the                                 • Information security managers who
complete qualifications to work as a computer forensic investi-                                  need a digital forensics background
gator in the field helping solve and fight crime. This is the first                                in order to manage investigative
course in the SANS Computer Forensic Curriculum. If you have                                    teams and understand the
                                                                                                implications of potential ligation-
never taken a SANS forenscis course before, we recommend that                                   related issues
you take this introductory course first to set a strong foundation
                                                                                              • Information technology lawyers
for the full SANS Computer Forensic Curriculum.                                                 and paralegals who need to
                                                                                                understand the basics of digital
FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME.                                           forensic investigations
With this course, you will receive a FREE SANS Investigative                                  • Anyone interested in computer
Forensic Toolkit (SIFT) Essentials with a Tableau Write Block                                   forensic investigations with
Acquisition Kit. The entire kit will enable each investigator to                                some background in information
accomplish proper and secure examinations of SATA, IDE, or                                      systems, information security, and
Solid State Drives (SSD). The toolkit consists of:
• One Tableau T35es Write Blocker (Read-Only)
   - IDE Cable/Adapters
   - SATA Cable/Adapters
   - FireWire and USB Cable Adapters
   - Forensic Notebook Adapters (IDE/SATA)
   - HELIX Incident Response & Computer Forensics Live CD            GIAC Certification
                                                                             STI Masters Program
• SANS Windows XP Forensic Analysis VMware Workstation
   - Fully functioning tools that include working with Access Data’s Forensic Toolkit (FTK)
• Course DVD: Loaded with case examples, tools, and documentation

Mike Murr Certified Instructor
Michael has been a forensic analyst with Code-X Technologies for over ve years,
has conducted numerous investigations and computer forensic examinations,
and has performed specialized research and development. Michael has taught
SANS Security 504 (Hacker Techniques, Exploits, and Incident Handling), SANS
Security 508 (Computer Forensics, Investigation, and Response), and SANS
Security 601 (Reverse-Engineering Malware); has led SANS@Home
courses; and is a member of the GIAC Advisory Board. Currently,
Michael is working on an open-source framework for developing
digital forensics applications. Michael holds the GCIH, GCFA, and GREM
certi cations and has a degree in computer science from California
State University at Channel Islands. Michael also blogs about Digital
forensics on his Forensic Computing blog.                                                                     5
                                                              Network Forensics
       FOR558                             Laptop not required – each student will receive a FREE 10” mini laptop
                                              loaded with Network Forensics tools that you can take home.
       Five-Day Course                    “CATCHING HACKERS ON THE WIRE.”
Sun, Nov 7 - Thu, Nov 11, 2010            Enterprises all over the globe are compromised remotely by
  9:00am - 6:30pm (Day 1)                 malicious hackers each day. Credit card numbers, proprietary
 9:00am - 5:00pm (Days 2-5)               information, account usernames, passwords, and a wealth of
      31.5 CPE Credits                    other valuable data are surreptitiously transferred across the
    Instructor: Alan Ptak                 network. Insider attacks leverage cutting-edge covert tunneling
                                          techniques to export data from highly secured environments.
Who Should Attend                         Attackers’ fingerprints remain throughout the network in
• Network and/or computer forensic        firewall logs, IDS/IPS, Web proxies, traffic captures, and more.
                                          This course will teach you how to follow the attacker’s footprints
• Computer incident response team
  members                                 and analyze evidence from the network environment. Every
• Security architects                     student will receive a SNIFT Kit, which is a fully-loaded, portable
• Security administrators                 forensics workstation, designed by network forensics experts.
• Law enforcement
                                          Network equipment, such as Web proxies, firewalls, IDS, routers
                                          and switches, contains evidence that can make or break a case.
• Anyone responsible for
  orchestrating a corporate or            Forensic investigators must be savvy enough to find network-
  government network for evidence         based evidence, preserve it, and extract the evidence. You will
  acquisition in the face of a criminal   gain hands-on experience analyzing covert channels, carving
  or civil investigation                  cached Web pages out of proxies, carving images from IDS packet
As a part of this course you              captures, and correlating the evidence to build a solid case. We
will receive a SANS Network               will dive right into covert tunnel analysis, DHCP log examination,
Investigative Forensics Toolkit           and sniffing traffic. By day two, you’ll be extracting tunneled
(SNIFT). With your SNIFT Kit, you         flow data from DNS NULL records and extracting evidence from
will gain rst-hand experience in          firewall logs. On day three, we analyze Snort captures and the
collecting and analyzing evidence         Web proxy cache. You’ll carve out cached Web pages and images
recovered from a network under            from the Squid Web proxy. The last two days, you’ll be part of a
investigation—and you can take            live hands-on investigation. Working in teams, you’ll use network
it home with you! For contents of         forensics to solve a crime and present your case.
toolkit, please visit                     During hands-on exercises, we will use tools, such as tcpdump,
http://computer-forensics.                Snort, ngrep, tcpxtract, and Wireshark, to understand attacks                  and trace suspect activity. Each student will be given a virtual
forensics-1227-1                          network to analyze and will have the opportunity to conduct
                                          forensic analysis on a variety of devices. Underlying all of our
PREREQUISITE: Students should
                                          forensic procedures is a solid forensic methodology. This course
have some familiarity with basic
networking fundamentals, such as          complements FOR 508: Computer Forensic Investigations and
the OSI model and basics of TCP/          Incident Response, using the same fundamental methodology
IP. Please ensure that you can pass       to recover and analyze evidence from network-based devices.
the SANS TCP/IP & Hex Knowledge
quiz. Students should also have
basic familiarity with Linux or           Alan Ptak SANS Instructor
willingness to learn in a Linux-based     Alan is an information security professional and senior security consultant at Source-
environment.                                re. Alan has led the successful deployment of security architectures, intrusion pro-
                                          tection systems, incident response teams and IT infrastructure design and operations
                                          for global Fortune 500 companies, the Canadian Space Agency’s operations center
                                          for the International Space Station (ISS), and Universal Space Networks, a start-up
                                          founded by Apollo astronaut Charles “Pete” Conrad, to support NASA, Air Force, Sirius
                                          Satellite Radio and commercial spacecraft missions. My goal is to help each student
                                          understand the key concepts of a solid forensic methodology, and to gain hands-on
                                          experience with the tools and techniques available to discover and analyze evidence
                                          from network and security devices and systems.” Alan’s current certi cations include
                                          the GIAC GCIH and GCIA, the GREM certi cate, Source re Certi ed Professional (SFCP),
                                          and CISSP. Alan earned Bachelor and Masters degrees in computer and electrical
                                          engineering. Prior to specializing in information security, Alan’s career focused on
6                                         software R&D for real-time, embedded and secure distributed systems.
                    Registration Information
      We recommend you register early to ensure you get your first choice of courses.
                To register, go to

                                        Plan Ahead and Save
                                                         DATE         DISCOUNT               DATE          DISCOUNT
     Register & pay by                                9/22/10         $400.00             10/6/10          $250.00

  Group Savings (Applies to tuition only)
  15% discount if 12 or more people from the same organization register at the same time
  10% discount if 8–11 people from the same organization register at the same time
   5% discount if 4–7 people from the same organization register at the same time
                  To obtain a group discount, complete the discount code request form at
              prior to registering.

To register, go to                    Look for E-mail Confirmation –
Select your course or courses and indicate whether you plan to        It Will Arrive Soon After You Register
test for GIAC certi cation.                                           We recommend you register and pay early to ensure
How to tell if there is room available in a course:                   you get your rst choice of courses. An immediate
If the course is still open, the secure, online registration server   e-mail con rmation is sent to you when the registra-
will accept your registration. Sold-out courses will be removed       tion is submitted properly. If you have not received
from the online registration. Everyone with Internet access           e-mail con rmation within two business days of
must complete the online registration form. We do not take            registering, please call the SANS Registration o ce
registrations by phone.                                               at 301-654-7267 9:00am - 8:00pm Eastern Time.

     SANS Voucher Credit Program                                      You may substitute another person in your place at
     Expand your Training Budget! Extend your                         any time by e-mail: or faxing
      Fiscal Year. The SANS Discount Program                          to 301-951-0140. There is a $300 cancellation fee per
    that pays you credits and delivers exibility                      registration. Cancellation requests must be received
                                       by Wednesday, October 13, 2010 by fax or mail-in
                                                                      order to receive a refund.

Hotel Information
                                      Hilton San Francisco
                                                                                    A special discounted rate of
                                      Union Square                                  $179.00 S/D will be honored
                                      333 O’Farrell Street                         based on space availability. To
                                      San Francisco, CA 94102                      obtain a government per diem
                                      Tel: 415-771-1400                           room, available with proper ID,
                                      Web:                       you will need to call reservations
Top 5 reasons to stay at the Hilton San Francisco                                and ask for the SANS government
Union Square:                                                                    rate. All rates include high-speed
1 All SANS attendees receive complimentary high-speed Internet
                                                                                   Internet in your room and are
  when booking in the SANS Block.                                                      only available through
2 No need to factor in daily cab fees and the time associated with                   October 16, 2010. To make
  travel to alternate hotels.                                                         reservations, please call
3 By staying at the Hilton San Francisco Union Square, you gain                   1-415-771-1400 and ask for the
  the opportunity to further network with your industry peers and                     SANS San Francisco 2010
  remain in the center of the activity surrounding the conference.                           group rate.
4 SANS schedules morning and evening events at the Hilton San                       Note: You must mention that you are
  Francisco Union Square that you won’t want to miss!                               attending the SANS Institute training
5 Everything is in one convenient location!                                              to get the discounted rate.
S A N S                              T R A I N I N G                                          A N D                            Y O U R                  C A R E E R                                     R O A D M A P
                                                                    S E C U R I T Y                       C U R R I C U L A                                                                 SEC301 NOTE:            FORENSICS
                   Incident Handling Curriculum
                                                                                                                                                            If you have experience in the eld, please              CURRICULUM
     SEC501                     SEC504                  FOR508                                                                                          consider our more advanced course – SEC401.
 Advanced Security         Hacker Techniques,       Computer Forensic
    Essentials –              Exploits, and         Investigations and                          SEC301                                                                                                                               FOR408
Enterprise Defender        Incident Handling        Incident Response                     Intro to Information                                                                                                                       Computer
                                                                                                 Security                                                                                                                             Forensic
          GCED                       GCIH                 GCFA                                                                                      Intrusion Analysis Curriculum                                                    Essentials
                                                                                                                                        SEC501                  SEC502                     SEC503                                      GCFE
Additional Incident Handling Courses
                                                                                                                                    Advanced Security           Perimeter                  Intrusion
SEC517: Cutting-Edge Hacking Techniques                                                        SEC401                                  Essentials –             Protection                 Detection
                                                                                             SANS Security                         Enterprise Defender           In-Depth                  In-Depth
SEC550: Information Reconnaissance: Competitive Intelligence and Online Privacy                Essentials                                 GCED                     GCFW                       GCIA
                                                                                            Bootcamp Style                                                                                                                        FOR508
                                                                                                   GSEC                                                                                                                       Computer Forensic
                   Penetration Testing Curriculum                                                                                  Additional Intrusion Analysis Courses                                                      Investigations and
        SEC540                  SEC542                   SEC560                                                                    SEC577: Virtualization Security Fundamentals                                               Incident Response
          VoIP               Web App Pen               Network Pen                                                                                                                                                                     GCFA
        Security           Testing and Ethical      Testing and Ethical
                                 Hacking                  Hacking
                                                                                                                                                 System Administration Curriculum
                                 GWAPT                    GPEN
                                                                                                                                        SEC501                   SEC505                     SEC506                       FOR558                FOR563
                                                                                  Network Security Curriculum                       Advanced Security            Securing                   Securing                     Network              Mobile Device
                                                                                               SEC501                                  Essentials –              Windows                   Linux/Unix                    Forensics             Forensics
                  SEC617                      SEC709                                       Advanced Security                       Enterprise Defender
               Wireless Ethical         Developing Exploits for                               Essentials –                                GCED                     GCWN                      GCUX
             Hacking, Pen Testing,      Penetration Testers and                           Enterprise Defender
                and Defenses             Security Researchers
                                                                                                  GCED                             Additional System Administration Courses                                                          FOR610
                                                                                                                                   SEC434: Log Management In-Depth                                                                 REM: Malware
                                                                            Additional Network Security Courses                                                                                                                   Analysis Tools &
Additional Penetration Testing Courses                                                                                             SEC509: Securing Oracle                                                                          Techniques
                                                                            SEC440: 20 Critical Security Controls: Planning,
DEV538: Web App Pen Testing Immersion                                               Implementing, and Auditing                     SEC531: Windows Command-Line Kung Fu                                                               GREM
SEC561: Network Penetration Testing: Maximizing the E ectiveness            SEC556: Comprehensive Packet Analysis                  SEC546: IPv6 Essentials
        of Reports, Exploits, and Command Shells                                                                                   SEC564: Hacker Detection for System Administrators                             Additional Forensics Courses
                                                                            SEC565: Data Leakage Prevention - In Depth
SEC567: Power Packet Crafting with Scapy                                    SEC566: Implementing & Auditing the Twenty             SEC569: Combating Malware in the Enterprise:                                   FOR526: Advanced Filesystem Recovery
SEC580: Metasploit Kung Fu for Enterprise Pen Testing                               Critical Security Controls - In-Depth                  Practical Step-by-Step Guidance                                                and Memory Forensics

 A P P L I C AT I O N S E C U R I T Y                                            AUDIT                                              LEGAL                                                     MANAGEMENT
          CURRICULUM                                                          CURRICULUM                                         CURRICULUM                                                   CURRICULUM
     Design & Test                          Secure Coding                        SEC301                   SEC401                           SEC301                                  SEC301                        SEC301                    SEC401
                                                                           Intro to Information     SANS Security Essentials         Intro to Information                    Intro to Information          Intro to Information      SANS Security Essentials
        DEV522                   DEV530                   DEV541                  Security             Bootcamp Style                       Security                                Security                      Security              Bootcamp Style
     Defending Web            Essential Secure          Secure Coding                                                                       GISF                                    GISF                          GISF                        GSEC
       Applications              Coding in               in Java/JEE              GISF                       GSEC
    Security Essentials           Java/JEE               GSSP-JAVA

                                                                                                                                          SEC401                               MGT512                          MGT414                       MGT525
                                 DEV544                   DEV545                             AUD507                                     SANS Security
         SEC542                Secure Coding            Secure Coding                    Auditing Networks,                               Essentials                         SANS Security                     SANS® +S™                    Project Mgt
      Web App Pen                 in .NET                  in PHP                      Perimeters, and Systems                         Bootcamp Style                     Leadership Essentials            Training Program                and E ective
    Testing and Ethical          GSSP-.NET               GSSP-PHP                                 GSNA                                      GSEC                             For Managers                    for the CISSP®             Communications for
          Hacking                                                                                                                                                           with Knowledge                    Certi cation             Security Professionals
         GWAPT                                                                                                                                                               Compression™                         Exam                    and Managers
                                      Additional Secure Coding Courses                                                                    LEG523                                   GSLC                           GISP                         GCPM
                                                                          Additional Audit Courses                                      Legal Issues in
Additional Design and                 DEV533: Essential Secure Coding
                                                                          AUD305: Technical Communication &                        Information Technology
                                              in .NET                             Presentation Skills                                  and Information                 Additional Management Courses
Test Courses                                                                                                                               Security
                                      DEV536: Secure Coding for           AUD423: Training for the ISACA® CISA®                                                        MGT305: Technical Communication and Presentation Skills
DEV304: Software Security                     PCI Compliance                                                                               GLEG
        Awareness                                                                 Cert Exam                                                                            MGT404: Fundamentals of Information Security Policy
                                      DEV543: Secure Coding in C & C++    AUD429: IT Security Audit Essentials Bootcamp                                                MGT405: Critical Infrastructure Protection
DEV320: Introduction to the
        Microsoft Security                                                AUD521: Meeting the Minimum: PCI/DSS 1.2:                                                    MGT421: SANS Leadership and Management Competencies
        Development Lifecycle                                                     Becoming and Staying Compliant                               GIAC certi cation       MGT431: Secure Web Services for Managers
                                                 Code Review                                                                                     available for
DEV538: Web App Pen                                                       SEC440: 20 Critical Security Controls: Planning,                                             MGT432: Information Security for Business Executives
        Testing Immersion                          DEV534                         Implementing, and Auditing                                   courses indicated       MGT438: How to Establish a Security Awareness Program
                                             Secure Code Review                                                                                   with GIAC
                                              for Java Web Apps           SEC566: Implementing & Auditing the Twenty                                                   MGT568: Information Security Risk Management
8                                                                                 Critical Security Controls – In-Depth                           acronyms             MGT570: Social Engineering Defense                                                       9