Skip to main content

Dragos Training

Strengthen your team’s ICS cybersecurity skills with hands-on training from our world-class experts and improve their ability to prevent, detect, and respond to cyber attacks in your OT environment


Assessing, Hunting, and Monitoring Industrial Control System Networks is an intensive 5-day, hands-on course that covers ICS basics and security best practices, assessing industrial environments, ICS threat hunting, and industrial network monitoring. In addition to its classroom component, this course includes many hands-on labs and activities to reinforce the concepts learned.

The training is only available for registration to Dragos customers, partners, and the asset owner and operator community, as well as full-time employees of government agencies with a focus on industrial defense.

Why Dragos Training

Who Should Attend
  • IT and OT security professionals seeking to increase their knowledge of ICS security best practices and Dragos’ industrial security methodologies and technologies
  • IT security professionals who want to expand their knowledge of industrial environments and how securing them differs from IT environments
Dragos Classroom
Facility and Instruction
  • State-of-the-art training center includes multiple ICS cyber ranges and individual training stations with mini control system kits that enable true hands-on learning
  • Course instructors are drawn from Dragos’ team of ICS cybersecurity experts
Dragos Laptop and Board
  • Linux operating system fundamentals, including basic command line usage
  • Conceptual knowledge of programming/scripting
  • Solid grasp of essential networking concepts (OSI model, TCP/IP, networking devices, and transmission media)
  • Understanding of basic security concepts (e.g. malware, intrusion detection systems, firewalls, and vulnerabilities)
  • Some familiarity with network traffic inspection tools (Wireshark, TShark, or tcpdump) is highly recommended.

Our Instructors

Mark Heard

Mark was previously a co-instructor for Red Tiger Security’s “SCADA Security Advanced Training” course and for Mandiant’s “DFIR for PLC” before moving to Dragos as an ICS Instructor…

Daniel Michaud-Soucy

Daniel Michaud-Soucy is a Principal Consultant for the Dragos Professional Services team…

Austin Scott

Austin joined Dragos in 2018 as a Principal ICS Security Analyst and is part of the Dragos Professional Services team. Austin is a published author with two books on PLC Programming…

Lesley Carhart

Lesley Carhart is recognized as a subject matter expert in cybersecurity incident response, regularly speaking on the topic at industry conferences and universities, as well as to news media…

Vern McCandlish

Long term law enforcement geek that still likes to chase bad people and help victims, just doing it on a computer now…

Jim Gilsinn

Jim Gilsinn is a Principal Industrial Consultant for the Professional Services group at the industrial cyber security company Dragos, Inc. where he primarily focuses on industrial…

Course Details

Students will receive hands-on, instructor-led training, incorporating real-world case studies and exercises designed to reinforce concepts learned. Students will be placed in various roles designed to give context to the learning.

Register Now

Dragos ICS Training is available to Dragos customers and partners, as well as asset owners and operators in an online classroom environment. More details can be found below.

Virtual Training

Online Classroom
Customer Course Fee
* $3,000 / per student
Non-Customer Course Fees
* $4,500 / per student
Upcoming Classes
Apr 19-23, 2021 | 9-5 CST (10-6 EST) | Virtual
Jun 21-25, 2021 | 9-5 CST (10-6 EST) | Virtual
Oct 31-Nov 4, 2021 | 10-6 EST | Onsite MD

*Excluding Dragos CyberLens and Dragos Training. Continuing professional education credits are provided upon completion of the course.

Course Syllabus

Students will learn about the various types of ICS environments, as well as their functions and compositions. Other topics covered will include: ICS network architectures, various types of devices, industrial programming languages such as ladder logic, and ICS communication protocols such as ModbusTCP, DNP3, and Profinet.

Students will act as a Red Team member and learn how to safely assess ICS environments. Four types of assessments will be covered: architecture review, vulnerability assessment, penetration testing, and red team. Students will use purpose-built red team virtual machines to assess their environments.

Students will be exposed to attacks modeled after real-world advanced threats while acting as SOC analysts, performing continuous monitoring, investigation, case management and other SOC-related responsibilities using the Dragos Platform.

Students will learn Dragos’ threat hunting methodologies, including: planning, hypothesis generation, collecting and analyzing data, and automating lessons learned post-hunt. They will then act as threat hunters through a variety of scenarios covering industrial networks and network/host artifacts.

Contact Us for a Demo