Tuesday:

Confidently present your OT cybersecurity strategy to the board with tips from Rob Lee and Koch's Philip Ellender

Skip to main content
Dragos Academy

Dragos Academy

Strengthen your team’s ICS cybersecurity skills with training from our world-class experts and improve their ability to prevent, detect, and respond to cyber attacks in your OT environment. Hands-on training is instructor-led and in a classroom or virtual setting. On-demand training is available to Dragos customers anytime, anywhere.

On-Demand Courses

To ensure your team has the fundamental ICS/OT knowledge and proficiency with the tools they need, Dragos Academy helps to improve your team’s understanding of industrial networks and accelerate your time to value with the Dragos Platform.

Where

Online in the Customer Portal.

Organizations who are interested in upskilling their IT security teams to broaden their focus to OT networks.

Learn about the various types of ICS environments, as well as their functions and compositions, and how they apply to your facilities and sector.

Quickly understand how to use the solution to perform tasks like building and maintaining an asset inventory, assessing and prioritizing vulnerabilities, and OT security monitoring

Instructor-Led Courses

“Assessing, Hunting, and Monitoring Industrial Control System Networks” is an intensive 5-day course covering ICS basics and security best practices, assessing industrial environments, ICS threat hunting, and industrial network monitoring. In addition to the classroom component, this course includes many hands-on labs and activities to reinforce the concepts learned.

Where

Online and In-Person

Course Fee

$3,000 / per student for customers*

$4,500 / per student for non-customers*

Dragos ICS Training is available to Dragos customers as well as asset owners and operators in a classroom environment.

  • IT and OT security professionals seeking to increase their knowledge of ICS security best practices and Dragos’ industrial security methodologies and technologies
  • IT security professionals who want to expand their knowledge of industrial environments and how securing them differs from IT environment
  • Please note: COVID-19 vaccination is required for attendees.

  • State-of-the-art training center includes multiple ICS cyber ranges and individual training stations with mini control system kits that enable true hands-on learning
  • Course instructors are drawn from Dragos’ team of ICS cybersecurity experts
  • During the class, students will apply concepts learned using various tools during labs. One of the tools covered is the Dragos Platform.

  • Linux operating system fundamentals, including basic command line usage
  • Conceptual knowledge of programming/scripting
  • Solid grasp of essential networking concepts (OSI model, TCP/IP, networking devices, and transmission media)
  • Understanding of basic security concepts (e.g. malware, intrusion detection systems, firewalls, and vulnerabilities)
  • Some familiarity with network traffic inspection tools (Wireshark, TShark, or tcpdump) is highly recommended.

* Excluding Dragos CyberLens and Dragos Training. Continuing professional education credits are provided upon completion of the course.

Instructors are subject to change.

Course Enrollment

Please note, the course held on Mar 21-25, 2022 is now virtual.

Virtual
COURSE FULL

Feb 7-11, 2022

10-18 AEDT

Instructors

Seth Enoka, Vern McCandlish

Virtual

Mar 21-25, 2022

10-18 EDT

Instructors

Mark Heard, Vern McCandlish

In-Person

Apr 18-22, 2022

Melbourne, AU

9-17 AEST

Instructors

Julian Gutmanis, Seth Enoka

In-Person

May 23-27, 2022

Houston, TX

8-16 CDT

Instructors

Mike Hoffman, Lesley Carhart

In-Person

Jun 20-24, 2022

Hanover, MD

9-17 EDT

Instructors

Jim Gilsinn, Vern McCandlish

In-Person

Jul 25-29, 2022

Melbourne, AU

9-17 AEST

Instructors

Julian Gutmanis, Seth Enoka

Virtual

Aug 22-26, 2022

Melbourne, AU

10-18 EDT

Instructors

Austin Scott, John Guptill

In-Person

Sep 19-23, 2022

Houston, TX

8-16 CDT

Instructors

Mark Heard, Vern McCandlish

Virtual

Oct 31-Nov 4, 2022

Houston, TX

9-17 EDT

Instructors

Jim Gilsinn, Mark Heard

Virtual

Dec 5-9, 2022

Houston, TX

10-18 EST

Instructors

Mike Hoffman, Lesley Carhart

Course Syllabus

Students will learn about the various types of ICS environments, as well as their functions and compositions. Other topics covered will include: ICS network architectures, various types of devices, industrial programming languages such as ladder logic, and ICS communication protocols such as ModbusTCP, DNP3, and Profinet.

Students will act as a Red Team member and learn how to safely assess ICS environments. Four types of assessments will be covered: architecture review, vulnerability assessment, penetration testing, and red team. Students will use purpose-built red team virtual machines to assess their environments.

Students will be exposed to attacks modeled after real-world advanced threats while acting as SOC analysts, performing continuous monitoring, investigation, case management and other SOC-related responsibilities using the Dragos Platform.

Students will learn Dragos’ threat hunting methodologies, including: planning, hypothesis generation, collecting and analyzing data, and automating lessons learned post-hunt. They will then act as threat hunters through a variety of scenarios covering industrial networks and network/host artifacts.

Dragos Academy Instructors

Austin Scott
Austin Scott Principal Industrial Penetration Tester

Austin Scott started his career in the early 2000’s as a software developer working on Supervisory Control and Data Acquisition (SCADA) products for Schneider Electric. In 2006,…

View full bio

Daniel Michaud-Soucy
Daniel Michaud-Soucy Principal Industrial Pentester

Daniel Michaud-Soucy is a Principal Industrial Pentester on the Dragos Professional Services team. Daniel is focusing on penetration testing, red teaming, architecture and vulnerability assessment services within…

View full bio

Jason D. Christopher
Jason D. Christopher Principal Cyber Risk Advisor

Jason D. Christopher is a Principal Cyber Risk Advisor at the industrial cybersecurity company Dragos, Inc., where he blends innovative approaches for risk management with state-of-the-art…

View full bio

Julian Gutmanis
Julian Gutmanis Principal Industrial Incident Responder

Julian Gutmanis is a Principal Industrial Incident Responder within the Dragos Threat Operations Center, currently based out of Australia. He has over 10 years of experience…

View full bio

Lesley Carhart
Lesley Carhart Principal Threat Hunter

Lesley Carhart is a Principal Industrial Incident Responder at the industrial cybersecurity company Dragos, Inc. She has spent more than a decade of her 20+ year…

View full bio

Mark Heard
Mark Heard ICS Instructor

Mark Heard is a native Tennessean and graduate of Auburn University with a degree in electrical engineering. Mark was previously a co-instructor for Red Tiger Security’s…

View full bio

Seth Enoka
Seth Enoka Senior Industrial Incident Responder

Seth Enoka is a Senior Industrial Incident Responder in the Threat Operations Center. Seth provides tailored compromise assessment, threat hunting, incident response, and digital forensic services.…

View full bio

Vern McCandlish
Vern McCandlish Principal Security Analyst

Vern McCandlish works as a Principal Security Analyst in Dragos’ Threat Operations Center, where he focuses on using digital forensics to do incident response and help…

View full bio

Frequently Asked Questions

Phoenix Contact and Schneider Electric

During class students are lead through realistic scenarios that use the Phoenix Contact and Schneider Electric PLCs in the same way they might be used in an operating environment. A particular hands-on exercise for the Phoenix Contact requires participants to review a PCAP for the Modbus protocol, as well as 41 100 and 1962. A variety of other protocols are found and discussed as well: IEC 14, DN3, ProfiNet, CIP, and S7com.

The labs allow participants to perform various tasks independently with open source tools that are commonly used in the industry, and then at the end of class, participants perform an end-to-end capstone hunt in the Dragos Platform to simulate tasks that occur in real-life, daily operations and illustrate how those tasks could be accomplished.

Students will receive a copy of the manual with the slides and our notes, as well as the student workbook that has all the labs, questions and answers, and work that the student will do. In-person classes get a physical book, virtual classes get a PDF of each book.

Ready to Get Started?