Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

On This Page

Network Threat Defense, Countermeasures, and Controls

Joseph Karpenko & Randy Ivener & Cisco Systems, Inc. | July 27-28 & 29-30



Ends May 31



Ends July 24



Ends July 30


In this two day instructor-led hands-on training course, attendees will learn and perform two network security roles. First as a Security Practitioner who will secure and harden network infrastructure devices and second as a Security Incident Response Investigator, who must correctly detect, classify, and mitigate threats attacking a network by configuring and deploying advanced network threat defenses and countermeasures.

Network Security Practitioner Role
Increasingly botnets and denial of service attacks threaten the availability of every network, yet many security engineering teams focus on the security of networked workstations, servers, and applications, but may neglect the network's infrastructure routers and switches. Not realizing the security benefits that can be obtained by leveraging the infrastructure to respond to these attacks.

In the Security Practitioner role, attendees will learn about inherent network device security features and controls including Management Plane hardening, Infrastructure Access-lists, and Data Plane hardening. The attendees will acquire hands-on experience configuring and testing these inherent security features and techniques in simulated real world threat scenarios.

At the conclusion of this portion of the course, attendees will be better prepared to effectively implement and deploy inherent security features and techniques for increasing the security posture and preparedness of their network infrastructure, allowing them to detect and mitigate current threats.

Security Incident Response Investigator
Miscreants continue to evolve as does the cyber threat landscape. Miscreants target your business assets and disrupt the availability of your business operations. Why your organization is targeted depends on your resources and its value or who you may have negatively provoked. Questions to consider include:

In the Security Incident Response Investigator role, attendees will learn answers to these questions and many others while correctly detect, classify, and prevent threats targeting a network by configuring and deploying advanced network threat defenses and countermeasures, such as router control plane policing, network traffic flow monitoring, and Remotely-Triggered Black Hole (RTBH) Routing on network infrastructure devices. After these defenses and countermeasures are implemented, attendees will be responsible for validating their effectiveness and adjusting them to changing network conditions and attack profiles.


This is not an introductory level course. Requirements are a working knowledge of networking, network security principles, and TCP/IP. Familiarity configuring network devices using a command line interface is also necessary.

What Students Should Bring

Laptop with Ethernet connectivity (Wireless is not sufficient), working web browser, Telnet client, the ability to view PDF files, edit text files, and view MP4 and MPG videos.

What Students Will Be Provided With

USB drive with digital copy of training content and lab solutions


Randy Ivener, CCIE No. 10722 Emeritus, is a Security Manager with Cisco's Security Research and Operations Group. Randy has spent many years as a network security specialist helping companies secure their networks. Randy has presented security topics at industry events such as Blackhat and Cisco Live. Before becoming immersed in information security, he served in the Navy and spent time in software development and as a training instructor.

Joseph Karpenko is a Senior Security Engineer in Cisco's Security Research and Operations Group. Joseph is a 12-year veteran of technology with expertise in networking, security, data center, and the systems administration fields. Currently Joseph is responsible for developing security solutions that deter, detect, and prevent existing, current, and emerging threats and attacks. Joseph has also been a speaker at multiple conferences presenting on security topics. During his career, Joseph has worked with customers on the design and implementation of large-scale enterprise and data center network and security architectures. Prior to joining Cisco, Joseph worked as a system administrator and senior escalation engineer handling and troubleshooting complex security and network incidents.