Dragos Training

For Dragos Platform and WorldView Customers


Assessing, Hunting and Monitoring Industrial Control System Networks is an intensive 5-day, hands-on course that covers ICS basics and security best practices, assessing industrial environments, ICS threat hunting, and industrial network monitoring. In addition to its classroom component, this course includes many hands-on labs and activities to reinforce the concepts learned.

The training is only available for registration to Dragos customers, partners, and the asset owner and operator community as well as full time employees of government agencies with a focus on industrial defense.

Why Dragos Training?

Who Should Attend

  • IT and OT security professionals seeking to increase their knowledge of ICS security best practices and Dragos’ industrial security methodologies and technologies
  • IT security professionals who want to expand their knowledge of industrial environments and how securing them differs from IT environments

Facility and Instructions

  • State-of-the-art Training Center includes multiple ICS cyber ranges and individual training stations with mini control system kits that enable true hands-on learning
  • Course instructors are drawn from Dragos’ team of ICS cybersecurity experts


  • Linux operating system fundamentals, including basic command line usage
  • Conceptual knowledge of programming/scripting
  • Solid grasp of essential networking concepts (OSI model, TCP/IP, networking devices, and transmission media)
  • Understanding of basic security concepts (e.g. malware, intrusion detection systems, firewalls, and vulnerabilities)
  • Some familiarity with network traffic inspection tools (Wireshark, TShark, or tcpdump) is highly recommended.

Our Instructors

Ben MillerLinked In Icon


Ben leads Dragos’ team of analysts in performing active defense, threat hunting, incident response, and malware analysis missions for the industrial community inside of ICS/SCADA networks. > FULL BIO

Daniel Michaud-SoucyLinked In Icon


Daniel Michaud-Soucy is a Principal Consultant, Threat Operations Center at the industrial cyber security company Dragos, Inc. > FULL BIO

Austin ScottLinked In Icon


Austin joined Dragos in 2018 as a Principal ICS Security Analyst and is part of the Dragos Threat Operations Center (TOC). Austin is a published author with two books on PLC Programming. > FULL BIO

Lesley CarhartLinked In Icon


Lesley Carhart is recognized as a subject matter expert in cybersecurity incident response, regularly speaking on the topic at industry conferences and universities, as well as to news media. > FULL BIO

Vern McCandlishLinked In Icon


Long term law enforcement geek that still likes to chase bad people and help victims, just doing it on a computer now.          > FULL BIO



Nick TsamisLinked In Icon


Nick Tsamis works as a Principal Threat Analyst within Dragos’ Threat Operations Center, where he focuses on hunting malicious activities on the world’s critical infrastructure. > FULL BIO

Course Details

Students will receive hands-on and instructor-led training incorporating real-world case studies and exercises designed to reinforce concepts learned. Students will be placed in various roles designed to give context to the learning, as well as frame hands-on activities. As security and OT personnel for Acme Water & Power (AWP), students will face scenarios including an OT engineer role, a Red Team role, and a Security Operations Center (SOC) analyst role, using real control systems and industrial data through labs and exercises. The course spans four modules over 5 days.

Register Now

Dragos ICS Training is available to Dragos customers and partners, as well as asset owners and operators.

As a thank you for your patience during this uncertain time, we have added additional training dates to accommodate your requests. The May and June classes will be online only in accordance with guidelines.  We will continue to monitor the situation and update as needed.

Hanover, Maryland Location

Where: Course takes place at Dragos headquarters

1745 Dorsey Rd, Suite R Hanover, Maryland 21076

Customer Course Fee:* $3,000 / per student
Non-Customer Course Fee:* $4,500 / per student

Upcoming Classes:

  • Jun 15, 2020 (SOLD OUT)
  • Aug 17, 2020 (VIRTUAL ONLY)
  • Sep 14, 2020 (VIRTUAL ONLY)

  • Nov 6, 2020 



Houston, Texas Location

Where: Course takes place at Dragos regional office

2500 Summer Street, Suite 3204 Houston, TX 77007

Customer Course Fee:* $3,000 / per student
Non-Customer Course Fee:* $4,500 / per student

Upcoming Classes:

  • July 13, 2020 (SOLD OUT)
  • Oct 5, 2020 (VIRTUAL ONLY)

* Excluding Dragos CyberLens and Dragos Training.  Continuing professional education credits are provided upon completion of the course.

Course Syllabus

Module 1: Introduction to Industrial Control Systems and Networks

Students will learn about the various types of ICS environments, as well as their functions and compositions. Other topics covered will include: ICS network architectures, various types of devices, industrial programming languages such as ladder logic, and ICS communication protocols such as ModbusTCP, DNP3, and Profinet.

Module 2: Assessing the Industrial Environment

Students will act as a Red Team member and learn how to safely assess ICS environments. Four types of assessments will be covered: architecture review, vulnerability assessment, penetration testing, and red team. Students will use purpose-built red team virtual machines to assess their environments.

Module 3: Tools, Strategies and Techniques for Successful Hunting in ICS

Students will learn Dragos’ threat hunting methodologies, including: planning, hypothesis generation, collecting and analyzing data, and automating lessons learned post hunt. They will then act as threat hunters through a variety of scenarios covering industrial networks and network/host artifacts.

Module 4: ICS Monitoring and Security Operations

Students will be exposed to attacks modeled off of real-world advanced threats while acting as SOC analysts, performing continuous monitoring, investigation, case management and other SOC-related responsibilities.

Contact Us for a Demo