SEC401: Security Essentials – Network, Endpoint, and Cloud | SANS Institute

SEC401: Security Essentials – Network, Endpoint, and Cloud | SANS Institute
SEC401: Security Essentials - Network, Endpoint, and Cloud
SEC401
Cyber Defense
6 Days (Instructor-Led)
46 Hours (Self-Paced)
Course authored by:
Bryan Simon
Register Now
Course Preview
Course authored by:
Bryan Simon
Register Now
Course Preview
GIAC Security Essentials (GSEC)
Learn about certification
46 CPEs
Apply your credits to renew your certifications
In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Essential Skill Level
Course material is for individuals with an understanding of IT or cyber security concepts
20 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Jump to:
Overview
Syllabus
FAQs
Schedule & Pricing
Gain essential cybersecurity skills to quickly detect, respond to, and remediate threats. Learn how to protect critical information and technology assets, whether on-premises or in the cloud.
Featured Quote
Overall, my learning experience was vital, and I see practical steps and methods that I can use when I start back work. This course changed my perspective on Cyber Security and I’m thankful for the opportunity to be around leaders in the industry.
Course Overview
Information security is about focusing your defenses on the areas that matter most, particularly as they relate to the unique needs of your organization. In SEC401: Security Essentials – Network, Endpoint, and Cloud, you’ll learn foundational knowledge in information security, focusing on network, endpoint, and cloud defenses tailored to organizational needs. The course covers detecting and responding to threats to secure systems effectively and minimize impact.
What You'll Learn
Develop a security program focused on detection, response, and prevention
Prioritize and address critical security concerns effectively
Strengthen defenses against ransomware and implement robust authentication (IAM, MFA)
Design networks using VLANs, NAC, and Zero Trust principles
Secure multi-cloud environments with best practices
Apply a strong vulnerability management strategy using tools like tcpdump and Wireshark
Leverage command-line tools, scripting, and network mapping for enhanced monitoring and risk management
Business Takeaways
How to address high-priority security concerns
Leverage security strengths and differences among the top cloud providers
Build a network visibility map to help validate attack surface
Reduce an organization's attack surface through hardening and configuration managements
Meet Your Author
Bryan Simon
Senior Instructor
Bryan is a SANS Senior Instructor and author of SEC401. With 30+ years of cybersecurity experience and 22 GIAC certifications—including the prestigious GSE—he's trained professionals from the FBI, NATO, and the UN. He is the CEO of Xploit Security Inc.
Read more about Bryan Simon
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC401: Security Essentials - Network, Endpoint, and Cloud.
Syllabus Overview
Download full syllabus
Justify Training to Your Manager
Use this justification letter template to share the key details of this training and certification opportunity with your boss.
Download the letter
Section 1
Network Security and Cloud Essentials
This section covers the need for a defensible network architecture, emphasizing timely threat detection, sensitive data protection, and understanding protocol vulnerabilities. It also explores cloud security, AI, and adversarial tactics, equipping students with foundational knowledge in network, cloud, AI, and wireless security.
Topics covered
Defensible Network Architecture
Protocols and Packet Analysis
Virtualization, Cloud, and AI Essentials
Securing Wireless Networks
Labs
Tcpdump
Wireshark
AWS VPC Flow Logs
Section 2
Defense in Depth
This section addresses large-scale threats and defense-in-depth strategies, focusing on IAM, authentication, and password security as key components of cloud security. It covers frameworks like CIS, NIST, and MITRE ATT&CK® for network and data protection, and explores mobile device security, including BYOD and MDM.
Topics covered
Defense-In-Depth
IAM, Authentication, and Password Security
Security Frameworks
Data Loss Prevention
Mobile Device Security
Labs
Password Auditing
Data Loss Prevention
Mobile Device Backup Recovery
Section 3
Vulnerability Management and Response
This section covers identifying vulnerabilities and establishing a vulnerability assessment program, with a focus on modern attack methods and web application security. It also addresses detecting post-compromise actions through effective logging, followed by guidance on incident response planning.
Topics covered
Vulnerability Assessments
Penetration Testing
Attacks and Malicious Software
Web Application Security
Security Operations and Log Management
Labs
Network Discovery
Binary File Analysis and Characterization
Web App Exploitation
SIEM Log Analysis
Section 4
Data Security Technologies
This section explores cryptography as a key security tool, covering essential concepts to protect organizational assets. It then examines prevention and detection technologies, like firewalls, intrusion prevention, and detection systems, focusing on their application at both the network and endpoint levels.
Topics covered
Cryptography
Cryptography Algorithms and Deployment
Applying Cryptography
Network Security Devices
Endpoint Security
Labs
Hashing and Cryptographic Validation
Encryption and Decryption
Intrusion Detection and Network Security Monitoring with Snort3 and Zeek
Section 5
Windows and Azure Security
This section covers the essentials of Windows security, addressing modern complexities like Active Directory, PKI, BitLocker, and endpoint security. It provides tools for streamlining and automating security tasks across both on-premises and Azure environments, equipping you with a strong foundation in Windows security, automation, and auditing.
Topics covered
Windows Security Infrastructure
Windows as a Service
Windows Access Controls
Enforcing Security Configurations
Microsoft Cloud Computing
Labs
Windows Process Exploration
Windows Filesystem Permissions
Applying Windows System Security Policies
Using PowerShell for Speed and Scale
Section 6
Containers, Linux, and Mac Security
This section provides practical guidance on securing Linux systems, catering to both beginners and advanced administrators. It covers Linux security fundamentals, including containerization for cloud computing, and concludes with a review of macOS security, clarifying its capabilities and limitations within a UNIX-based environment.
Topics covered
Linux Fundamentals
Containerized Security
Linux Security Enhancements and Infrastructure
macOS Security
Labs
Linux Permissions
Linux Containers
Linux Logging and Auditing
Things You Need To Know
Relevant Job Roles
Data Analysis (OPM 422)
NICE: Implementation and Operation
Responsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.
Explore learning path
Systems Security Analyst (DCWF 461)
DoD 8140: Software Engineering
Ensures systems and software security from development to maintenance by analyzing and improving security across all lifecycle phases.
Explore learning path
Database Administrator (DCWF 421)
DoD 8140: Cyber IT
Manages and maintains databases or data systems for efficient storage, querying, and access to organizational data assets and records.
Explore learning path
Cyber Instructional Curriculum Developer (DCWF 711)
DoD 8140: Cyber Enablers
Develops and evaluates cyber training content and methods to ensure relevance, effectiveness, and alignment with organizational needs.
Explore learning path
Technical Support Specialist (DCWF 411)
DoD 8140: Cyber IT
Delivers technical support to users, helping them resolve issues with client hardware/software according to organizational service processes.
Explore learning path
Systems Administration (OPM 451)
NICE: Implementation and Operation
Responsible for setting up and maintaining a system or specific components of a system in adherence with organizational security policies and procedures. Includes hardware and software installation, configuration, and updates; user account management; backup and recovery management; and security control implementation.
Explore learning path
Systems Developer (DCWF 632)
DoD 8140: Cyber IT
Oversees full lifecycle of information systems from design through evaluation, ensuring alignment with functional and operational goals.
Explore learning path
Technology Portfolio Management (OPM 804)
NICE: Oversight and Governance
Responsible for managing a portfolio of technology investments that align with the overall needs of mission and enterprise priorities.
Explore learning path
Course Schedule and Pricing
Have Questions?
GIAC Certification Attempt
Add a GIAC certification attempt and receive two free practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Group and Private Pricing
Enroll your team as a group or arrange a private session for your organization. We’ll help you choose the format that fits your goals.
Contact Sales
Location & instructor
Date & Time
Course price
Registration Options
Location & instructor
Virtual (OnDemand)
Instructed by
Bryan Simon
Date & Time
OnDemand (Anytime)
Self-Paced, 4 months access
Course price
$8,780 USD
*Prices exclude applicable local taxes
Buy now for access on May 21. Use code Presale10 for 10% off course price!
Registration Options
Self-Paced
Location & instructor
SANS Rocky Mountain 2026
Denver, CO, US & Virtual (live)
Instructed by
Tim Garcia
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Security Central 2026
New Orleans, LA, US & Virtual (live)
Instructed by
Ross Bergman
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Security West 2026
San Diego, CA, US & Virtual (live)
Instructed by
Bryan Simon
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Amsterdam May 2026
Amsterdam, NL & Virtual (live)
Instructed by
Ian Reynolds
Date & Time
Fetching schedule..
Course price
€8,230 EUR
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS DC Metro June 2026
Arlington, VA, US & Virtual (live)
Instructed by
Bryan Simon
Matt Kennedy
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Chicago 2026
Chicago, IL, US & Virtual (live)
Instructed by
Bryan Simon
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Riyadh June 2026
Riyadh, SA & Virtual (live)
Instructed by
Tim Garcia
Date & Time
Fetching schedule..
Course price
$8,900 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Paris June 2026
Paris, FR
Instructed by
Ian Reynolds
Date & Time
Fetching schedule..
Course price
€8,230 EUR
*Prices exclude applicable local taxes
Registration Options
In-Person
Location & instructor
SANS Austin 2026
Austin, TX, US & Virtual (live)
Instructed by
Ted Demopoulos
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Showing
10
of
32
Learn Alongside Leading Cybersecurity Professionals From Around The World
Slide 1 of 3
SEC401 gives you a fantastic knowledge base to build on, and I would say it's essential for anyone working in cybersecurity.
Slide 2 of 3
Excellent material for security professionals wanting a deeper level of knowledge on how to implement security policies, procedures, and defensive mechanisms in an organization.
Slide 3 of 3
SEC401 has been an excellent experience all around. It is content-heavy and rich, and regardless of your technical ability and experience, you will leave with a far better understanding of many aspects of cybersecurity.
Slide 1 of 0
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources
Filter by: