Confidence - (19-20.11 2009 Warszawa)
Język: polski | english

OPSA – OSSTMM Professional Security Analyst

Training Date: 23.11.09 – 24.11.09

Price for training: 1200 Euro/4800 PLN for trainingRegistration

Price for certification exam: 450 Euro/1800 PLN

Trainer: ISECOM certified trainer

Language: English

Target audience: The following professional profiles have been targeted by ISECOM and @ as ‘Suggested Targeted Audience’:

  • CTO’s, CIO’s, CSO’s, and CISO’s
  • Security consultants, security testing team leads, and security analysts
  • Security Auditor, ISO/BSI Lead Auditor
  • Security Managers
  • NOC and SOC security team leads
  • System, Network & Security Technical Administrator
  • Also any other individual that will actively participate in Security Consultancy field

Program: This is a two days long of intensive training course. The official OPSA exam will take place day after training, on 25th November and it will last four hours since 10:00 a.m.

The course is divided into three main modules. All of three are based on the most recent OSSTMM’s version and will give you a complete and practical window into the methods and practices of world-wide professional security analysts. The three modules are: Security Analysis, Red Team Strategies and Security Project Management.

Security Analysis. Security Analysis provides the baseline for understanding security test results such as log files, security tool output, and protocol dumps as well as the application of the OSSTMM modules by expected results and practical solutions with business justifications in mind. Also applied are strategies for risk assessment, system and network survivability, and solutions in network security architecture.

Red Team Strategies. Red Team Strategies provides an in depth review of the security consulting rules of engagement from pre-sales and the preparation phase through to the final reporting and workshop with a team of testers. Students will also analyze various Red Team and Blue Team strategies for best results including various attack- net structure deployment both for internal and external testing.

Security Project Management. Security Project Management provides insight and knowledge transfer in the realm of OSSTMM testing projects and their applications. The focus of this component will be project management: time reporting, estimations, team management, contracts, client interaction, testing efficiency, and cost controls including Return of Security Investment (ROSI) management using the OSSTMM. The final exam is 4 hours long of open book, hands on skills assessment of 50 multiple choice questions based on what students have learned during the training and on OSSTMM’s methodology, and BSTA’s workbook. The final exam is divided into three main sessions: Data Test and Log Analysis, Security Testing Projects, and Professional Consulting

Requirements: Unlike the ISECOM’s OPST certification, the OPSA one doesn’t require any specific skills and technical knowledge.

To be more precise, any individual who is semi-technical and is interested in working in the Security field as an analyst or a manager, can attend the OPSA training without any particular and mandatory technical skills.

Those with management experience will have the advantage on the project planning and team management side where those with technical experience will have the advantage on the analysis side. However both could take the class and find it insightful, beneficial, and challenging.

If all you want to do is pass the exam, we recommend the following:

  • Read the newest versions of the OSSTMM Internal, and the BSTA Workbook
  • Take a few MBA classes in business information and security
  • Read books on intrusion detection, honey pots, secure programming, and anything else you can see how attacks arrive
  • Learn how to get what you need for security analysis off the Internet. Know where you can get the needed trend information, solutions, CVE info, hacks, exploits, etc. to do an OSSTMM security test
  • Learn how TCP, UDP, ICMP, IP, RIP, OSPF, BGP and various application level protocols work like FTP, DNS, SNMP, BOOTP, HTTP, HTTPS, etc. and how to analyze them
  • Learn how to analyze and categorize information leaks, privacy breaches, and competitive intelligence
  • Learn where to look in the Security presence to find weaknesses and deficiencies
  • Calculate risk assessment based on the current version of the OSSTMM
  • Understand how to calculate and execute project plans while upholding proper legal and ethical testing
  • Know how to follow the security tester’s rules of engagement as per the most recent OSSTMM
  • Work with an efficient red team either internal or as a consultancy to learn efficient teamwork and project requirements
  • Read what you can about security policies and security architecture to be able to design secure network topographies with associated process controls.

full description

Price: 1200 Euro/4800 PLN Registration