Workshop: Cyber Security

Type : Workshop

Instructors : Haris Shamsi (Yottabyte), Abu Baker, Haris Lodhi & Ali Reza

Event : SANOG 42

Duration : 4 Days

Date : 22-25 October, 2024

Location : Islamabad, Pakistan

Venue : Islamabad Marriott Hotel

Level of Study : Beginner/Intermediate

Maximum number of attendees : 30 delegates

Synopsis

The SANOG Cybersecurity Workshop is a comprehensive four-day training designed to equip participants with in-depth knowledge and practical skills to address the growing challenges in cybersecurity. Through a combination of lectures and hands-on labs, the workshop will cover the full spectrum of cybersecurity, from the foundational importance of safeguarding organizational assets to advanced topics like Governance, Risk, and Compliance (GRC), network security, and cloud security. Participants will explore real-world attack life cycles, learning both defensive (Blue Team) and offensive (Red Team) strategies to enhance their ability to identify, respond to, and mitigate threats.

Special sessions will also focus on the application of Artificial Intelligence in cybersecurity operations, providing attendees with the latest insights into how AI can augment both defense and attack strategies. By the end of the workshop, participants will have gained critical skills and knowledge to secure enterprise environments and stay ahead in the evolving cybersecurity landscape.

Target Audience

The SANOG Cybersecurity Workshop is tailored for IT professionals, network engineers, cybersecurity analysts, system administrators, and anyone involved in securing digital infrastructures. It is ideal for both intermediate and advanced participants who are responsible for protecting enterprise environments, managing network security, or responding to cyber threats. This workshop is also highly beneficial for governance, risk, and compliance officers looking to strengthen their understanding of cybersecurity frameworks, as well as Red and Blue Team members seeking hands-on experience in real-world attack scenarios. Additionally, decision-makers and leaders who oversee cybersecurity strategies in their organizations will find value in understanding the latest trends and practices, including the application of AI in cybersecurity operations.

Pre-requisites

Before attending the Workshop, participants should have a foundational understanding of IT infrastructure and cybersecurity principles to maximize the learning experience. While the workshop is designed to cater to varying levels of expertise, having prior exposure to networking, system administration, and security tools will enable attendees to engage more deeply with the advanced topics and hands-on labs. Below are the key prerequisites to ensure participants are well-prepared:

o Basic understanding of networking and IT infrastructure.

o Familiarity with cybersecurity concepts and terminologies.

o Experience with system administration or network management is recommended.

o Knowledge of operating systems (Windows and Linux) and their security features.

o Exposure to governance, risk, and compliance (GRC) frameworks is beneficial but not mandatory.

o Hands-on experience with basic cybersecurity tools like firewalls, IDS/IPS, or SIEM would be advantageous.

Course outline may consist of:

Day 1: Introduction to Cybersecurity & Governance, Risk, Compliance (GRC)

• Introduction to Cybersecurity

• Importance of cybersecurity: Organizational reputation, downtime prevention, and compliance.

• Attack trends: Statistics on compromise, cost of recovery, and reputational impact.

• Introduction to GRC: Governance, risk management, and compliance as a business decision.

• Governance, Risk, and Compliance (GRC)

• Overview of laws, regulations, and frameworks (GDPR, HIPAA, National Cybersecurity Policy).

• Regulatory and technical frameworks (NIST, PCI DSS, ISO 27001, MITRE ATT&CK).

• Implementing and maintaining effective governance controls.

Day 2: Enterprise Security Architecture & Network Security

• Enterprise Security Architecture

• CIA triad (Confidentiality, Integrity, Availability) and security management.

• Identity management: Active Directory, Entra ID, and authentication mechanisms.

• Network security: IDS/IPS, WAF, network segmentation, Zero Trust, and SASE.

• Cloud security: CASB, SIEM/SOAR/TIP.

• Labs (Hands-on)

• Reconnaissance, resource development, initial access, and defense evasion.

Day 3: Attack Lifecycle & Exploitation Techniques

• Attack Lifecycle

• Credential access, lateral movement, data collection, and exfiltration.

• Command and control strategies for maintaining persistence in compromised systems.

• Labs (Hands-on)

• Web and infrastructure exploitation: Password attacks, Remote Code Execution (RCE), and server vulnerabilities.

• Establishing persistence and exfiltration of data in practical environments.

Day 4: AI in Cybersecurity & Future Skills

• AI in Cybersecurity

• Application of AI in Blue and Red Team operations.

• Enhancing security operations with AI tools and techniques.

• Upskilling and Summary

• Pathways for upskilling in cybersecurity.

• Summary and discussion of the MITRE framework for cybersecurity operations.

Other requirements

Participants are required to bring their own laptop, Administrative access to the devices will be required.