Browse opportunities

Join us for a deep dive into Systems Security Certified Practitioner (SSCP), the security operations and network security credential from ISC2, creator of the CISSP. As organizations continue to pursue digital transformation initiatives, the threat landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s where SSCP from ISC2 comes in — to help fill the gap. Once certified, the opportunities for certified professionals are near limitless. The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets. It shows you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures. In this 60-minute live virtual session, you’ll learn: - If SSCP is right for you - How Official ISC2 Training flexes with your learning style - What to expect on exam day - How to become endorsed and maintain your certification Plus! Get answers to your SSCP questions during the Q&A section. Register now and begin your SSCP certification journey today!

Artificial intelligence is rapidly reshaping the cybersecurity landscape, giving attackers new ways to automate, scale, and personalize cyberattacks while providing defenders powerful tools to detect and respond faster than ever. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he explores how AI is being used on both sides of the threat equation and what this escalating arms race means for organizations. Attendees will learn how AI-driven threats such as advanced phishing, deepfakes, and automated malware are changing attacker tactics, as well as how security teams can leverage AI for threat detection, response, and risk reduction. The session will highlight practical considerations for preparing defenses as AI continues to transform the future of cybersecurity.

Join us for a deep dive into Certified in Cybersecurity (CC), the entry-level cybersecurity credential from ISC2, creator of the CISSP. Cyberthreats continue to escalate worldwide, and the need for cybersecurity experts is critical. But talent is scarce. Research shows the workforce needs an influx of 3.4 million cybersecurity professionals to meet global demand. ISC2 seeks to help close the skills gap with CC by opening opportunities in the industry to a new pool of professionals. With no experience required, it creates a clear pathway and breaks down traditional barriers to entry, enabling candidates to build confidence and enter their first cybersecurity role ready for what’s next. In this 60-minute live virtual session, you’ll learn: - If CC is right for you - How Official ISC2 Training flexes with your learning style - What to expect on exam day - How to maintain your certification Plus! Get answers to your CC questions during the Q&A section. Register now and begin your CC certification journey today! CPE Credit 1 Group A CPE Credit

Cybersecurity is one of the fastest-growing and most in-demand fields—but breaking in can feel overwhelming. This crash course is designed for aspiring and early-career security professionals who want a clear, practical introduction to the cybersecurity industry. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he covers important topics that every cybersecurity newcomer ought to know, including: • Size and growth of the security industry • Useful vocabulary terms and buzz words • Five types of cyberthreat actors • Modern cyberthreats and tactics • Categories of security defenses • Common security job roles • Security industry ecosystem CPE Credit 1 Group A CPE Credit

What LLM-assisted triage actually delivers today (and where it bites you). Includes failure modes from real deployments, prompt-injection examples, and a checklist for safe rollout.

An end-to-end walkthrough of modern Zero Trust design: identity-aware proxies, micro-segmentation, continuous authorization, and how to evolve a legacy perimeter network without a forklift rewrite.

How appsec teams at high-velocity orgs run lightweight threat modeling during planning. Includes the STRIDE-per-element worksheet template and three real case studies.

Practical hardening for production Kubernetes: PSA, NetworkPolicies, admission webhooks, audit logging, and the most common CIS Benchmark gaps you'll find in a real cluster.

Three live sessions building an incident from initial alert to containment in a realistic enterprise lab. Includes Splunk queries, Velociraptor collections, and a graded final exercise.

How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix Understanding adversary tactics and techniques based on real-world observations are critical to building more effective threat detection and hunting capabilities. The context provided by data sources is what enables us to make actionable decisions. Still, it is limited to what raw data inputs we consume, as well as consuming enough of the right data to be able to mitigate, remediate and prevent future adversary activity. However, detecting malicious events is not the final solution to thwarting adversaries. Actions need to be taken, whether they are operational (e.g., stopping a malicious process) or strategic (e.g., securing an environment to prevent the execution of malicious processes). In this webinar, SANS and AWS Marketplace will discuss the exercise of applying the MITRE ATT&CK Matrix to the AWS Cloud. They will also explore how to enhance threat detection and hunting in an AWS environment to maintain a strong security posture. Attendees will learn how to:Apply the MITRE ATT&CK Matrix to classify and understand cloud-based techniquesCreate an effective detection strategy and uncover what data sources are requiredBreak down and recognize detections by security product capabilities and data sourcesLeverage threat intel for improved detectionUse AWS services and third-party solutions to support their threat detection and hunting strategy Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.WebinarDigital Forensics and Incident Response Presented: 1 Sep 2020 Technical Presentation View details

How to Protect All Surfaces and Services in the AWS Cloud Multiple layers of defense are required to protect your AWS environment. The first step is to reduce your overall attack surface to reduce exposure, in ways such as hardening your Amazon EC2 operating systems and configuring your containers. Organizations can then implement tools, such as a cloud security posture management (CSPM) solutions, to monitor and manage risk. In this prerecorded webcast, SANS instructor Dave Shackleford and AWS Marketplace explore best practices and provide practical guidance on how you can secure your entire AWS footprint. They will also present real-world use cases and examples of tools you can leverage to protect your investments. Attendees at this webcast will learn how to:Decrease their attack surface to limit exposureProtect their AWS environment with configuration management, real-time assessment, and access control mechanisms.Implement automation for monitoring and continuous protectionLeverage AWS services and seller solutions in AWS Marketplace to protect AWS services and surfaces Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.WebinarCloud Security Presented: 28 Jul 2020 Technical Presentation View details

How Are Remote Workers Working? A SANS Poll Remote work has quickly become the \new normal" with the COVID-19 pandemic. Organizations have been forced to rethink how they will get work done with their employees mandated to stay home. 'How are organizations handling working from home? How well were companies prepared for remote work? How have technological needs changed with this shift? How are teams communicating? How are devices and communications being secured? When a time like this does not allow for the mission to halt, employees and employers have scrambled to keep the work going. 'Ensuring that teams are equipped, communicating, and are safe at home is key during this time.'this webinar, led by Heather Mahalik SANS Senior Instructor, Author and Senior Director of Digital Intelligence at Cellebrite, covers how companies have adjusted to this new landscape as a workforce. How have things changed and how are we coping and keeping the ball rolling forward from home.WebinarCyber Defense Presented: 4 Jun 2020 Technical Presentation View details

SANS Top New Attacks and Threat Report As we move into 2020, news reports have been filled with reports of deepfakes, attacks against election systems, quantum computing advances and more. SANS instructors Heather Mahalik, Ed Skoudis and Johannes Ullrich present their analysis of the new attack techniques currently in use that will affect you and share their projections for future exploits in a highly rated keynote presentation moderated by Alan Paller at the annual RSA Conference in San Francisco.In this webcast, SANS Director of Emerging Security Trends John Pescatore will highlight key themes from that report and other sources to provide:Coverage of the top new attacks and threats as defined in that presentationDeeper insight into overall cybersecurity trends on both the offensive and defensive sidesAdvice from SANS on the steps enterprises must take to evolve critical skills, processes and controls to mitigate current and future risksBe among the first to receive the associated whitepaper written by John Pescatore, SANS Director of Emerging Security Trends.WebinarCyber Defense Presented: 28 Apr 2020 Technical Presentation View details

The 20 Critical Controls are quick wins that allow you to rapidly improve your cybersecurity without major procedural or technical change. International cybersecurity experts developed the 20 Critical Controls to be the most effective and specific set of technical measures to counter the most common and damaging computer attacks. The controls address the root causes of these attacks to ensure your security measures are effective. This presentation will also discuss how VA Tech is implementing the 20 Critical Controls as part of its overall security strategy.WebinarCybersecurity and IT Essentials Presented: 23 May 2013 Randy Marchany Technical Presentation View details

Implement a defense-in-depth security strategy for AI workloads across Microsoft's AI platform. Configure data security posture management in Microsoft Purview, secure agent identities in Microsoft Entra, and analyze AI identity risks in Microsoft Defender XDR. Then, enable real-time agent protection in Microsoft Defender, configure AI Gateway security in Microsoft Foundry, manage guardrails, protect AI workloads with Defender for Cloud, and govern agents with Microsoft Agent 365.

Implement security controls across Azure application platform services—from container workloads to the API layer. Configure Microsoft Defender for Containers, secure Azure Kubernetes Service (AKS), Azure Container Registry (ACR), Container Instances, and Container Apps. Then apply authentication, network access, and policy controls across Azure Function apps, Logic apps, App Services, Web Application Firewall, and Azure API Management.

Microsoft 365 Copilot accesses organizational data to generate responses, which introduces new risks for sensitive information exposure. Learn how to use Microsoft Purview audit, sensitivity labels, and data loss prevention to investigate, classify, and protect data in a Copilot-enabled environment.

A 10-minute video explaining why identity is the new perimeter, with three concrete control patterns: just-in-time access, conditional access, and continuous verification.

Build hands-on expertise with Microsoft Security Copilot. Start with enabling the solution and writing effective prompts to configuring enterprise workspaces and managing plugins and agents at scale.

A vendor-led learning path on Cisco's SSE and ZTNA stack, including ISE policy design and Umbrella DNS security. Three modules, hands-on with dCloud labs.

A guided lab applying IAM Roles for Service Accounts, OPA/Gatekeeper policies, and KMS-encrypted secrets to a 3-tier app running on EKS. Includes a downloadable Terraform module.

SC-100: Design security solutions for infrastructure

Learn to manage cloud security posture using Microsoft Defender for Cloud. You connect hybrid and multicloud environments, identify risks, and assess compliance—then protect your workloads with threat detection and vulnerability management.

A 15-minute primer on running Atomic Red Team tests safely against your own detections. Covers test selection, scoping, and how to feed results back into detection engineering.