High-value penetration testing doesn't involve just throwing a bunch of hacks at a target environment and declaring victory when a shell prompt magically pops up. Instead, the best penetration testers focus on understanding their craft in-depth, providing significant value to organizations by improving their security stance through technical excellence and implementation of a well-understood and repeatable methodologies, which will deliver rea...

IT modernization has been a federal priority for years, but many agencies still struggle to turn that goal into a practical plan of action. Securing multi-year funding is one challenge, but the fundamental obstacle is often the sheer complexity of transforming government-scale systems. Smart, successful modernization demands a holistic approach that addresses several essential pillars: security, network infrastructure, multi-cloud architecture...

SANS is committed to delivering high-quality cyber security training so you can keep your skills sharp and stay ahead of cyber threats. Join us for interactive trainings during SANS Cyber Security West 2021 - Live Online (Feb 1-6, PST), and receive relevant, applicable training from wherever you are. Choose your course and register now for practical training taught by top industry practitioners. SANS Live Online events offer live-stream, instr...

Acquisition Training for the Real World Winter 2021 Why: Become an expert on the tools and digital services available on the Acquisition Gateway and how they can help improve your acquisitions Gain skills to improve the government’s buying power and reduce contract duplication Find out the latest information on Federal Marketplace initiatives Earn CLPs to maintain your certifications Acquisition Training for the Real World Winter 2021 is...

Most government agencies have made the journey to cloud since the Cloud First and Cloud Smart strategies came from OMB starting in 2010. Many organizations have more than one cloud. The challenge becomes blending the different types of cloud and service models to provide access to needed data, while at the same time protecting a much enlarged attack surface created by the large number of workers who are accessing the data remotely. If there is...

OVERVIEW By the beginning of 2021, NIST will have released the finals of many Risk Management Framework (RMF) standards: SP800-53 Rev 5 – Security Controls SP800-53B – Security Control Baselines, Privacy Framework SP800-160 Vol 2 – Systems Security Engineering SP800-161 Rev 1 – Supply Chain Risk Management SP800-171 Rev 2 – Controlled Unclassified Information (CUI) and High Valued Assets (HVA) Revisions to the NIS...

Defending against attacks is an ongoing challenge with new threats emerging all the time. Are you looking to quickly level up your blue team skills? Do you want to enhance your current skill set and become even better at defending your organization? Are you looking for the latest ways to mitigate the most recent attacks? SANS Stay Sharp: Blue Team Operations 2021 - Live Online (Jan 18-22, MST) offers short courses designed to equip you with cy...

The global information technology supply chain has been hit with a growing and unprecedented number of attacks as adversaries attempt to compromise systems with various forms of malware in an attempt to steal or compromise or hold for ransom sensitive information. Federal executives realized how complex the question of supply chain security was in 2017 when officials tried to implement the Department of Homeland Security’s order to remov...

At SANS, our mission remains steady. We continue to deliver relevant cyber security knowledge and skills, empowering students to protect people and their assets. Join us online for SANS Security East 2021 - Live Online (Jan 11-16, CST), and continue to build practical cyber security skills you can implement immediately. Choose from over 20 courses taught by real-world practitioners, plus two NetWars Tournaments delivered Live Online. SANS Live...

SANS Cloud Defender 2021 – Live Online (Jan 11-16, EST) provides immersion training designed to help you master the practical steps necessary for defending systems and applications in the cloud against the most dangerous threats. The courses are full of important and immediately useful techniques that you can put to work as soon as you return to your office. Register now for interactive training taught by top industry practitioners. SANS...