Security School Course Catalog from

Check out SearchSecurity's catalog of free online security courses led by information security experts on today's most popular security topics.

Welcome to SearchSecurity's Security School course catalog. We offer a variety of free online information security...

training courses that you can take on your own time, at your own pace.

These lessons -- many of which feature full-length video seminars and review quizzes -- will arm you with the foundational and tactical information needed to keep your organization compliant and secure.

From cloud security and data protection to identity and access management and messaging security -- SearchSecurity has you covered.

Are you looking for more information on a topic not listed below? Email your Security School suggestions to us.

Featured lesson

Knock advanced malware out cold with network anomaly detection
The ability to detect network anomalies is now essential in the battle against advanced malware. In this Security School, expert Peter Sullivan explains why, and how to go about employing anomaly-detecting tools.

Cloud Security School

In these lessons brought to you by SearchCloudSecurity, the industry's foremost cloud security experts explain how to securely take advantage of the flexible infrastructure models and lower operating costs that make the cloud an attractive alternative for many enterprise IT organizations.

Solving enterprise cloud security challenges: In-house or CSPs?
Cloud providers have emerged to help fill the gaps for enterprises, making 2015 a significant year for cloud security. In this lesson, take a look at cloud security challenges enterprises today are facing and gain insight into the latest cloud secuyrity provider developments and improvements which aim to help enterprises tackle their problems.
Featuring Dave Shackleford, owner and principal consultant, Voodoo Security

Cloud-based identity and access management
Cloud security expert Dave Shackleford discusses the risks and rewards of cloud-centric identity and access management, outlines how to know if it's the best choice for your enterprise, and offers numerous tips for a successful cloud IAM implementation.
Featuring Dave Shackleford, owner and principal consultant, Voodoo Security

Understanding cloud-specific security technologies
How to understand and when to use traditional vs. cloud-specific security products.
Featuring Joseph Granneman, MBA, CISSP

Cloud application security best practices
How to secure cloud applications, especially in a PaaS environment.
Featuring Diana Kelley, partner, SecurityCurve

IAM control in the cloud
IAM policy, process and technology options for the cloud.
Featuring Phil Cox, former partner, SystemExperts

Data Protection Security School

In these lessons, SearchSecurity provides information security professionals with the tools and tactics they need to successfully secure data throughout the enterprise, whether in motion or at rest.

DLP deployments: Understanding your options
Learn the different DLP technologies to help ensure your organization has a successful DLP deployment.
Featuring Kevin Beaver, CISSP

Security visibility: Honestly assessing your security posture
Using technology to build a centralized collection of security intelligence.
Featuring Aaron Turner, co-founder, N4Struct

Network content monitoring must-haves
Focusing on what matters when investing in network content protection.
Featuring Mike Chapple, University of Notre Dame

Realigning your data protection priorities
Re-prioritizing to thwart the theft of credentials and attackers who want them.
Featuring David Sherry, CISO, Brown University

Watching the watchers
Monitoring trusted insiders with process, policy & technology.
Featuring Andreas Antonopoulos, senior VP, Nemertes Research

Mobile device policy: How to prevent data theft
Lock down smartphones to prevent sensitive data leakage.
Featuring Lisa Phifer, owner, Core Competence Inc.

Locking down database applications
Secure database apps via roles and privileges.
Featuring Andreas Antonopoulos, senior VP, Nemertes Research

How to build secure applications
Build security into the app-dev lifecycle.
Featuring Diana Kelley, partner, SecurityCurve

Mitigating Web 2.0 threats
How cloud computing and social networking threaten enterprise data integrity.
Featuring David Sherry, CISO, Brown University

Data loss prevention
How to protect intellectual data and implement DLP policies.
Featuring Rich Mogull, founder, Securosis LLC

E-discovery and security in the enterprise
FCRP, ESI and litigation preparation in the context of information security.
Featuring Frank Lagorio, JD, principal analyst, Contoural Inc.

Database defenses for a new era of threats
Defending databases against today's emerging and ever-present threats.
Featuring Rich Mogull, founder, Securosis LLC

Executing a data governance strategy
Implementing a data governance strategy amid disparate corporate data.
Featuring Russell L. Jones, partner AERS - Security & Privacy Services, Deloitte & Touche

Data encryption demystified
What to encrypt, how to encrypt it and other key considerations.
Featuring Tom Bowers, managing director, Security Constructs

Preventing data leaks
Policies and processes to contain threats from within.
Featuring Richard Bejtlich, founder, Tao Security

Enterprise strategies for protecting data at rest
Storage-security synergies and e-discovery tactics.
Featuring Perry Carpenter, security practitioner

Intrusion Defense School

These lessons help put the pieces of intrusion defense -- antivirus, antispyware, IDS/IPS, etc. -- in perspective to help you implement an intrusion defense strategy that meets your organization's needs.

Distributed denial-of-service attack defense
Learn the ins and outs of distributed denial-of-service attacks and how to defend against them.
Featuring Michael Cobb, CISSP-ISSAP

Performing an authenticated vulnerability scan
Learn why authenticated vulnerability scans matter and how to add them to your vulnerability assessment program.
Featuring Kevin Beaver, CISSP

How best to find and fend off malicious mobile apps
Learn where the most dangerous mobile threats are coming from and how to counter them. 
Featuring Michael Cobb, CISSP-ISSAP

Keeping Web malware out of enterprise systems
Learn how to keep your system's defenses strong against Web-borne malware.
Featuring Pete Lindstrom, principal, Spire Security

Architectural considerations for enterprise antimalware deployments
Learn how to effectively architect antimalware systems for your enterprise.
Featuring Diana Kelley, partner, SecurityCurve

Developing a defense-in-depth strategy for malware defense
Inside the state of malware & building an effective antimalware program.
Featuring Lenny Zeltser, SANS instructor, noted author

How DAM can help detect and trace attacks
Learn effective DAM configurations to best detect and trace attacks.
Featuring Adrian Lane, CTO, Securosis LLC

Reinventing defense in depth
Explore key elements of successful layered security architecture.
Featuring Mike Chapple, University of Notre Dame

Practical strategies to mitigate insider threats
Learn about monitoring strategies for detection of insider threats.
Featuring Dawn Cappelli, senior member of technical staff, CERT

Security-related enhancements in Windows Server 2008
An inside look at the security features of Windows Server 2008.
Featuring Elizabeth Quinlan, consultant, HynesITe

Anatomy of an attack
Be prepared for crimeware, social engineering and sophisticated data-mining attacks.
Featuring Markus Jakobsson, principal scientist, Palo Alto Research Center

The new threat landscape: Defending against next-gen attacks
Thwart sophisticated attacks featuring custom rootkits, Trojans and malware.
Featuring Lenny Zeltser, SANS instructor, noted author

Intrusion defense in the era of Windows Vista
Preparing for Vista's unique intrusion defense challenges.
Featuring Peter Gregory, author and infosec practitioner

Security information management systems
How information/event management can improve defense posture.
Featuring Tom Bowers, managing director, Security Constructs

Web attack prevention and defense
Checklists and best practices for Web server hardening, testing and monitoring.
Featuring Michael Cobb, managing director, Cobweb Applications Ltd.

Getting started with perimeter defense
Discover what you may not know about intrusion defense.

Network perimeter security
Getting started with perimeter-based intrusion defense.

ROI of intrusion defense
Getting management buy-in and making smart technology choices.

Network content security
Antivirus and antispyware from architectural and technological perspectives.

Defense beyond the network perimeter
Defending a perimeterless network.
Featuring Joel Snyder, senior partner, Opus One

Compliance School

Take a comprehensive look at ongoing information security compliance issues, regulations and practices.

Compliance metrics: Building a compliance scorecard
How to build a compliance scorecard that makes sense to executives.
Featuring Eric Holmquist, president of Holmquist Advisory.

How to pass a PCI assessment
How to make PCI compliance a continuous process.
Featuring Anton Chuvakin, principal of Security Warrior Consulting.

Compliance-driven role management
Integrate role and entitlement management with compliance processes.
Featuring Richard E. Mackey Jr., vice president, SystemExperts

Virtualization: Balancing emerging technology with existing demands
How to secure a virtualized environment and making sure it's compliant.
Featuring David Mortman, CSO-in-Residence for Echelon One.

Automated compliance in the enterprise
How to make compliance logging and documentation responsibilities easier.
Featuring Eric Holmquist, president of Holmquist Advisory

How to meet HIPAA compliance requirements
Do you have policies in place to pass a HIPAA audit?
Featuring Richard E. Mackey Jr., vice president, SystemExperts

Building a risk-based compliance program
Mitigate risks using standards, frameworks and end-user strategies.
Featuring Richard E. Mackey, vice president, SystemExperts

PCI DSS compliance: Two years later
Breaking down PCI DSS struggles to protect cardholder data.
Featuring Diana Kelley, vice president, Burton Group

Must-have compliance technologies
Emerging and battle-tested technologies that really work.
Featuring Trent Henry, senior analyst, Burton Group

Ensuring compliance across the extended enterprise
SLAs and best practices for partners and providers.

Compliance improvement: Get better as you go forward
Mixing technology, governance and policy for continuous process improvement.

Gauging your SOX progress
Understanding the various SOX-related security standards; SOX Scorecard.

SOX compliance basics: Taking action
SOX goals, COSO and COBIT, audits, provisioning, vulnerability management, and responsibilities.

Understanding compliance-related technology
SOX product requirements, validity and usage.
Featuring Richard Mackey, ISACA, CISM, vice president, SystemExperts

Identity and Access Management Security School

Explore critical topics to help establish and maintain an effective enterprise identity and access management plan within your enterprise.

The new school of enterprise authentication
Exploring technologies that redefine successful enterprise authentication.
Featuring Mark Diodati, identity/privacy analyst, Burton Group

Future authentication technologies: How to choose the right product
Innovative, cost-effective user authentication approaches.
Featuring Mark Diodati, identity/privacy analyst, Burton Group

Using IAM, password and provisioning management tools for compliance
Provisioning and password management tools that save money, ease complexity.
Featuring Tom Bowers, managing director, Security Constructs

Endpoint security protection: Polices for endpoint control
Endpoint defense tactics, policy controls and technology futures.
Featuring Ben Rothke, CISSP

VPNs and remote access: Secure deployment, setup and strategies
Innovations in VPN technology, including IPsec VPN identity and authentication.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Automated provisioing of hardware and Active Directory
Leverage directory services, policies and Active Directory automated provisioning.
Featuring Laura Hunter, CISSP, MCSE: Security, MCDBA, Microsoft MVP

How to build an identity and access management architecture
Foundational IAM, from the role of directories to effective approval workflows.
Featuring Richard E. Mackey Jr., ISACA, CISM, SystemsExperts

Secure user authentication: Regulations, implementation and methods
Authentication basics and developing an implementation strategy.
Featuring Tom Bowers, managing director, Security Constructs

Building network security: Evolution and vendor consolidation
A look behind the network/security evolution and how to harness it.
Featuring Mike Rothman, president, Security Incite

Integration of Networking and Security School

In these lessons, SearchSecurity and SearchNetworking offer you an in-depth look at how security-related and networking-related teams, products and processes are affecting enterprise network security.

Improving security management with SIEM
Learn how to effectively analyze SIEM data, improve SIEM collection, set responsible goals and more.
Featuring Mike Rothman, president of Securosis

Security analytics: The key to reliable security data, effective action
Learn how to develop a customized security analytics program that delivers insightful, actionable information.
Featuring Josh Sokol, CISSP

Next-generation firewalls: Must-have NGFW features
Explore best practices for making a next-generation firewall evaluation.
Featuring Joel Snyder, senior partner, Opus One

Managing BYOD endpoint security
Get help developing an over-arching security strategy to combat mobile security woes.
Featuring Craig Mathias, principal, Farpoint Group

Endpoint security controls: Moving beyond antivirus 
Learn which security controls are critical to ensuring successful threat protection.
Featuring Mike Rothman, president, Securosis

Strengthening policies for endpoint control
Strategies, policies, practices and tools to rein in unruly endpoints.
Featuring Lisa Phifer, president, Core Competence Inc.

How IDS/IPS enables business objectives
Map key network security technologies and practices to business needs.
Featuring Jennifer Jabbusch, CISO with Carolina Advanced Digital Inc.

Application log management program planning
Enable an application log management program for security and compliance.
Featuring Diana Kelley, partner with consulting firm SecurityCurve.

Securing the application layer
Identifying and defending against the most common application layer threats.
Featuring Cory Scott, regional consulting director, Matasano Security.

Back to basics: Endpoint security on a budget
Identifying and executing on key elements to secure devices and protect data.
Featuring Mike Chapple, University of Notre Dame

Getting the most out of your SIM deployment
How to get only the most relevant data from your SIM product
Featuring Adrian Lane, senior security strategist, Securosis

Using NAC to create a strong endpoint security strategy
NAC fundamentals and guidelines for implementation and policy management.
Featuring Mike Chapple, University of Notre Dame

Marrying security and network management
SIMs, performance management, anomaly detection and NOC/SOC integration.
Featuring Sasan Hamidi, CISO, Interval International

Securing the converged infrastructure
Staying secure while integrating email, IM, video, VoIP and voice messaging.
Featuring John Burke, principal research analyst, Nemertes Research

Integrating security and network fabric
Discovering how the network infrastructure can meet security needs.
Featuring David Piscitello, president, Core Competence Inc.

Using the network to secure the application layer
Protecting Layer 7 with new and existing network assets.
Featuring Michael Cobb, managing director, Cobweb Applications

How network access control (NAC) can boost host security
The latest endpoint options for network security.
Featuring Joel Snyder, senior partner, Opus One

Securing your first remote office: Solutions for less than $10k
Securing data and devices beyond corporate headquarters.
Featuring David Strom, noted network security expert/writer/speaker

Mitigating wireless security threats
Protecting the over-the-air network.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Virtualisation security for enterprise servers
Learn processes for implementing server virtualisation securely.
Featuring Ben Chai, Founding Director, Incoming Thought Limited

Messaging Security School

In these lessons, learn strategies and techniques for keeping email, IM and mobile device messaging systems secure.

Counterintelligence strategies for a new era of threats
Spear phishing, mail-borne Trojans, webmail protection and more.
Featuring Sandra Kay Miller, technical editor, Information Security

Spam 2.0: New threats and new strategies
Mitigation techniques for the new wave of spam-related threats.
Featuring Michael Cobb, managing director, Cobweb Applications

Essential practices for securing mobile devices
Locking down mobile platforms and thwarting emerging threats.
Featuring Lisa Phifer, vice president, Core Competence Inc.

Secure instant messaging
An IM security overview, plus the latest attacks and safe usage tips.
Featuring Michael Cobb, managing director, Cobweb Applications

Countermeasures for malicious email code
Learn how to thwart email malware and future email attacks.
Featuring Tom Bowers, managing director, Security Constructs

Securing Microsoft Exchange
Protect Exchange 2003 from spam, malware and Web-based attacks.
Featuring Lee Benjamin, Microsoft MVP, ExchangeGuy Consulting

Email security tools, systems and threats
A review of email security basics.
Featuring Joel Snyder, senior partner, Opus One

Financial Information Security School

In these lessons, students receive in-depth instruction on topics related to information security at financial services firms.

Biometrics: Banking on secure identity management
Debunking the myths, integrating with Active Directory, and securing data.
Featuring Joel Dubin, CISSP, independent computer security consultant

Data leak prevention: Controlling financial services threats
Finding leaks, implementing the right tools and controlling insider threats
Featuring Pete Lindstrom, senior analyst, Burton Group

Wireless Security School

Develop a thorough understanding of the network security risks posed by Wi-Fi and implement appropriate countermeasures.

How to counter wireless threats and vulnerabilities
Business risks posed by wireless LANs and best practices for design and deployment.

How to build a secure wireless infrastructure
Wi-Fi security standards, WPA2 migration and using vLANs.

How to implement secure access
Wi-Fi access control on a budget; uses for 802.1x.

How to use wireless IDS/IPS
Introduction to wireless IDS/IPS, choosing sensors and fighting off attacks.
Featuring Lisa Phifer, vice president, Core Competence Inc.

CISSP Certification Essentials Security School

Our exclusive CISSP Essentials trainings featuring expert exam trainer Shon Harris of Logical Security explore the fundamental concepts, technologies and practices of information systems security. Each lesson corresponds to a subject domain in the exam's "Common Body of Knowledge" -- the essential elements each CISSP-certified practitioner must know.

Lesson/Domain 1: Security management practices
Security management responsibilities and the core components of security management.

Lesson/Domain 2: Access control
Identification methods and technologies, biometrics and more.

Lesson/Domain 3: Cryptography
Cryptographic components and their relationships, and government involvement in cryptography.

Lesson/Domain 4: Security models and architecture
Outlining how security is to be implemented, and the framework and structure of a security system.

Lesson/Domain 5: Telecommunications and networking
How networks work, how data is transmitted from one device to another, and how protocols transmit information.

Lesson/Domain 6: Applications and system development
Different types of software controls and implementations, change-control methods and more.

Lesson/Domain 7: Business continuity
Critical aspects of availability, including business continuity planning and disaster recovery.

Lesson/Domain 8: Law, investigations and ethics
Computer crime investigation processes and evidence collection; incident-handling procedures.

Lesson/Domain 9: Physical security
Administrative, technical and physical controls pertaining to physical security.

Lesson/Domain 10: Operations security
Administrative and management responsibilities, product evaluation and operational assurance and change-configuration management.

This was first published in October 2014

Dig Deeper on Information Security Jobs and Training



Find more PRO+ content and other member only offers, here.

1 comment


Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: