ICS515: ICS Active Defense and Incident Response will help you deconstruct industrial control system (ICS) cyber attacks, leverage an active defence to identify and counter threats in your ICS, and use incident response procedures to maintain the safety and reliability of operations.

No events to show


In association with SANS Institute, PwC is pleased to showcase SANS Information security training within our course portfolio.

This course will empower students to understand their networked industrial control system environment, monitor it for threats, perform incident response against identified threats, and learn from interactions with the adversary to enhance network security.
This process of monitoring, responding to, and learning from threats internal to the network is known as active defence. An active defence is the approach needed to counter advanced adversaries targeting an ICS, as has been seen with malware such as Stuxnet, Havex, and BlackEnergy2. Students can expect to come out of this course with the ability to deconstruct targeted ICS attacks and fight these adversaries and others.
The course uses a hands-on approach and real-world malware to break down cyber attacks on ICS from start to finish. Students will gain a practical and technical  understanding of leveraging active defence concepts such as using threat intelligence, performing network security monitoring, and utilising malware analysis and incident response to ensure the safety and reliability of operations. The strategy and technical skills presented in this course serve as a basis for ICS organisations looking to show that defence is do-able.

Who Should Attend

  • ICS incident response team leads and members
  • ICS and operations technology security personnel
  • IT security professionals
  • Security Operations Center (SOC) team leads and analysts
  • ICS red team and penetration testers
  •  Active defenders

This course will prepare you to:

  • Examine ICS networks and identify the assets and their data flows in order to understand the network baseline information needed to identify advanced threats
  • Use active defence concepts such as threat intelligence consumption, network security monitoring, malware analysis, and incident response to safeguard the ICS
  • Build your own Programmable Logic Controller using a CYBATIworks Kit and keep it after the class ends
  • Gain hands-on experience with samples of Havex, BlackEnergy2, and Stuxnet by participating in labs and deconstructing these threats and others
  • Leverage technical tools such as Shodan, Security Onion, TCPDump, NetworkMiner, Foremost, Wireshark, Snort,Bro, SGUIL, ELSA, Volatility, Redline, FTK Imager, PDF analysers, malware sandboxes, and more
  • Create indicators of compromise (IOCs) in OpenIOC and YARA while understanding sharing standards such as STIXand TAXII
  • Take advantage of models such as the Sliding Scale of Cybersecurity, the Active Cyber Defence Cycle, and the ICS Cyber Kill Chain to extract information from threats and use it to encourage the long-term success of ICS network security

For more information click HERE

When registering please enter the registration code PWCNZ18

Course Information

Five-Day Program
Monday, 3 September - Friday, 7 September
9:00am - 5:00pm
30 CPEs
Laptop Required
Instructor: Kai Thomsen

Similar courses

Register interest Managing digital and cyber security risks
Elearning Anti-money laundering
SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling