|What to bring:
We recommend that
students bring their own laptop
and suitable note taking material
to enhance their learning experience.
No laptops are provided
What we cover:
Security Testing Project
Analysis provides the baseline for
understanding security test results
from sources such as log files,
security tool output, protocol dumps
and the output from the OSSTMM test
modules. Also applied are strategies
for risk assessment, system and
network survivability, and design
solutions in network security
architecture. Some exposures and solutions are covered using basic examples. Other exposures or attacks will be presented using data gathered previous to the class.
Team Strategies provides an in depth
review of the security consulting
rules of engagement; from the
marketing, pre-sales, and test
preparation phase through the final
reporting and workshop phase.
Students will also analyze various
Red Team and Blue Team strategies
for best results including various
attack-net structure deployments
both for internal and external
Testing Project Management provides
insight and knowledge transfer in
the realm of OSSTMM testing projects
and their applications. The focus of
this component will be project
management: time reporting,
estimations, team management,
contracts, client interaction,
testing efficiency, and cost
controls including Return of
Investment management using the
student will analyze real test data,
understand how/why it was generated,
and if it's complete. The final exam is
working with scope information and
test data to answer analysis,
policy, and risk planning questions.
In passing the exam the student will
ISECOM's OSSTMM Professional
Security Analyst Certification (OPSA).
What to expect:
The premise of
the training course is to provide a
variety of hard and soft skills to
the security professional. The
training course focuses on the
analytical skills and security
knowledge necessary for security and
risk analysis and the business
skills required for successful
security team and project
management. The course is designed
to bring the combined international knowledge and
experiences of security team leaders
and security consultants together.
management experience will have the
advantage on the project planning
and team management side where those
with technical experience will have
the advantage on the analysis side.
However both could take the class
and find it insightful, beneficial,
If all you want to do is pass an
exam, we recommend the following:
- Read the newest versions of
OSSTMM, OSSTMM Internal, and
- Take a few MBA classes in
business information and security.
- Read books on intrusion
detection, honey pots, secure
programming, and anything else you
can to see how attacks arrive.
- Learn how to get what you need
for security analysis off the
Internet. Know where you can get
the needed trend information,
solutions, CVE info, hacks,
exploits, etc. to do an OSSTMM
- Learn how TCP, UDP, ICMP, IP,
RIP, OSPF, BGP and various
application level protocols work
like FTP, DNS, SNMP, BOOTP, HTTP,
HTTPS, etc. and how to analyze
- Learn how to analyze and
categorize information leaks,
privacy breaches, and competitive
- Learn where to look in the
Security presence to find
weaknesses and deficiencies.
- Calculate risk assessment
based on the current version of
- Understand how to calculate
and execute project plans while
upholding proper legal and ethical
- Know how to follow the
security tester's rules of
engagement as per the most recent
- Work with an efficient red
team either internal or as a
consultancy to learn efficient
teamwork and project requirements.
- Read what you can about
security policies and security
architecture to be able to design
secure network topographies with
associated process controls.
Otherwise, you may be interested
in the training course.
Who Should Attend?
The target audience for this class includes
security testing team leads,
security analysts, security
managers, CTO's, CIO's, CSO's,
CISO's and any other individual that
will actively participate in
analyzing of data received from a
Course Length: 2 days
Cost: US $2100 before September 5, 2003 or US $2300 after September 5, 2003
NOTE: this is a two day course.
The OPSA certification test will be conducted at the end of the 2nd day. Once
reviewed the test results,
the certificate will be
mailed to the student.