rss feed link header graphic

Black Hat USA Training 2008

Caesars Palace Las Vegas • August 2-7

NSA InfoSec Evaluation Methodology Course (IEM) - IEM Level 2

Security Horizon

registration button

Note: This NSA IEM certification course has recently been updated. We strongly urge you to register for this course as quickly as possible as it has sold out in past years and seats are limited.

This course presents the methodologies used by the National Security Agency when conducting information security assessments on organizations. This is a tools-based course that walks students through the use of tools and manual processes designed to provide a baseline of activities for comprehensive security evaluations.

Specific Learning Objectives

  1. This is a methodology course. Although this course *does* utilize software tools and applications, our primary focus is the methodology being used to perform the evaluation. NSA provides this course as guidance for organizations wanting to ensure that all technical aspects of information security are addressed during the evaluation.
  2. The NSA IEM is comprehensive. Students will work within 10 different baseline activities, including port scans, vulnerability scans, password cracking, wireless enumeration, network sniffing, host evaluations, and high assurance device evaluations.
  3. A complete methodology. Students will work through everything involved in a comprehensive evaluation, from the customer request, the vetting process, how to scope the work, and instruction on providing a final product to the customer that is prioritized, understandable, and simple.
  4. Complete with metrics. How many times have you been asked by a customer, “How did we do?” Customers are constantly looking for a grade; a way to measure success. This course provides two simple metrics that can be used to provide an answer to customers and help them track their progress over multiple evaluations.
  5. Real world examples. This course will provide insight into some of the issues that arise when this type of work is conducted. Examples range from the educational world, the Department of Defense, the federal arena, utilities, healthcare, and financial.
  6. This is a certification course. Some students may be eligible to receive National Security Agency (NSA) certification on the IEM material. Attendees who feel they may meet the requirements outlined below will need to submit the appropriate registration documents proving eligibility.

What To Expect
Students will be involved in this course right from the start. Five separate exercises will walk the students through conducting the NSA IEM from start to finish.All hardware and software will be provided by Security Horizon. Students are only expected to bring themselves.

Hardware for the course:
Course laptops are dual boot, Windows® XP/Fedora Core®. The tools provided include commercial and freeware products on each operating system.

How It Will Work
Students will learn the NSA IEM by walking through the individual sections of the methodology within a group environment. Each group will be assigned a scenario organization (utility, healthcare, finance, military, research, etc) that they will use to perform the NSA IEM upon during the course. The students will start at the beginning of the process, conducting the scoping efforts, building a project plan, conducting the technical evaluation, and providing a first order prioritization of findings back to the customer.

The final test will be given at the end of the 2nd day of class.

Extras / Software:
Students in this course will receive evaluation versions of several popular security testing applications (when available), the course text, and a copy of Security Horizon’s popular book, "Network Security Evaluation: Using the NSA IEM".

NOTE: Certification is *not* required to attend this course, but attendance is limited, so enroll now.

Students wishing the NSA certificate must have completed the NSA IAM certificate class and demonstrate at least 6 months of security evaluation tool usage by filling out the application for the course. This course is also open to non-IAM certified individuals on a non-certification basis. Students are required to submit a registration package to NSA, via Security Horizon, in advance of the class. Submission of paperwork no later than 30 days prior to the class is highly recommended to ensure all paperwork is approved and the certification exam is issued by the National Security Agency.

Students wishing to be certified must meet the following requirements:
  • U. S. citizenship. It is recommended that anyone attending the course apply for certification and let NSA decide if they meet the qualifications. This includes the US Citizen Requirement.
  • Five years of demonstrated experience in the field of INFOSEC, COMSEC or computer security, with 2 of the 5 years of experience directly involved in analyzing computer system/network vulnerabilities and security risks.
We strongly urge that you register for this class no later than February 1 if you are seeking to be certified since all paperwork for certification must be approved PRIOR to the class. On-site or late registration for this class will not ensure that the necessary paperwork will be completed for certification.

After registering for this course with Black Hat, you can begin your NSA registration process by contact You will be sent the registration packet for this course which must be completed and faxed back to Security Horizon. For questions on the NSA registration paperwork or course content, please contact For information on payment for the course, please contact Black Hat directly.

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered in addition to IAM Certification (if you qualify). This course is required prior to taking the level two course, the NSA IEM.

We strongly urge that you register for this class no later than February 1 if you are seeking to be certified since all paperwork for certification must be approved PRIOR to the class. On-site or late registration for this class will not ensure that the necessary paperwork will be completed for certification.

Non-US Citizens who do not qualify for NSA Certification will receive a Certificate of Completion from Security Horizon and Black Hat.


Ed Fuller, COO, Security Horizon, Inc.

Greg Miles, President, Security Horizon, Inc.

Brian Kirouac, CTO, Security Horizon, Inc.

registration button