NARI Training

NARI’s training philosophy is to train as we operate. You will use industrial testbeds and live networks to respond to real-world scenarios. Our training opportunities can be tailored to meet your needs or challenges.  We can customize any of our training courses to best suit your needs, or develop a completely new training to achieve your objectives.

All NARI courses are taught on-site at our Omaha, Nebraska facility. Laptops, training materials, and other training aids are fully provided, leaving attendees free to concentrate on the material presented. Courses are instructor led and include a mix of hands-on and lecture/discussion style training.  For more information on any of our courses, to discuss training customization, or to ask about training at your facility or another location, contact us here.

Watch to Learn More about NARI Training

ICS Security Awareness

NARI’s Cybersecurity Awareness training is the perfect starting point if you are looking to learn more about operational technology (OT) cybersecurity.  These courses are designed to give a high level look at a broad range of topics, and bring about awareness of some of today’s most pressing OT cybersecurity issues.  Expand the selections below to learn more. 

Cybersecurity Awareness for Everyone

NARI’s OT Cybersecurity Awareness course is our introduction to all things OT cyber-related. The course covers multiple aspects of cybersecurity from why cybersecurity is needed to walking through several real world cyberattacks and their impacts. Students will leave with a greater understanding of the current and future threat landscape, what types of things an attacker looks for when planning an attack, and some best practices that will improve their cybersecurity posture.

 

Topics Include:
  • Needs for Cybersecurity
  • Types of Attacks
  • Effects of an Attack or Incident
  • The Future of Threats
  • Cybersecurity Best Practices
  • IT and OT Security Applications
  • Cybersecurity Roles Responsibilities and Culture
  • Preparing for and Responding to an Attack
Who Should Attend:
  • New hire employees
  • Entry level personnel
  • Anyone who desires a greater understanding of the cybersecurity of OT systems
Attendees Will Be Able To:
  • Have a greater understanding for the needs of cybersecurity in OT systems
  • Understand the types of attacks that pose a threat to an organization
  • Better understand how cybersecurity applies to yourself and those around you
  • Know what can be done to prepare for a cyberattack

Cybersecurity Awareness for Managers

NARI’s OT Cybersecurity Awareness for Managers course discusses key concepts that are integral to managing a team or facility while dealing with OT cybersecurity. The class will discuss why your organization should be concerned with the cybersecurity of your OT systems while exploring topics tailored to help attendees manage risk, develop or refine an incident response program, and create a secure infrastructure from the ground up.

Topics Include:
  • A Managers Need for Cybersecurity
  • Introduction to Threats
  • Executive OT Security Program Development
  • Executive Risk Assessment and Management
  • Executive Incident Response Planning
  • Cyber Informed Engineering
Who Should Attend:
  • Newly appointed managers
  • Managers transitioning to a new role in ICS
  • Anyone in an executive or managerial role looking to bolster their OT cybersecurity program, or those who want to look at cybersecurity basics from a top-down approach.
Attendees Will Be Able To:
  • Understand the need for cybersecurity at an organizational level
  • Understand threats to your organization’s ICS cybersecurity
  • Know how to apply risk management strategies to ICS cybersecurity
  • Understand the importance of having an incident response plan
  • Understand why project planning should include cybersecurity

ICS Cyber Defense Essentials

Cyber Defense of industrial control systems (ICS) is a skill in high demand.  Whether you are part of your organization’s cybersecurity team, you work as an engineer with industrial control systems, or you are looking to get into the field, Utilizing a mix of lecture based training and hands-on activities, NARI’s Cyber Defense Essentials courses will prepare you for whatever comes your way.  Expand the selections below to learn more.

Network and Protocol Analysis

NARI’s Network and Protocol Analysis course is a first step into the world of ICS cyber defense.  In this course students will work hands on with open source tools while learning skills that serve as a primer to our more advanced courses.  Students will expand their understanding of network structure and traffic flow and leave with the confidence of knowing how to discover what really goes on behind the network curtain.

 

Topics Include:
  • Overview of IT and OT Networks
  • The TCP/IP and OSI Models
  • Firewalls
  • SCADA, DCS, PLC, and DC Systems
  • ICS Protocols
  • Common Tools
  • GrassMarlin
  • Wireshark
Who Should Attend:
  • Entry level IT employees
  • OT department employees looking to expand their IT knowledge
  • Anyone looking to broaden their knowledge on networking or cybersecurity tools 

Attendees Will Be Able To:
  • Know key differences between IT and OT networks
  • Understand what the TCP/IP and OSI models are and hwo they work
  • Understand common ICS network protocols
  • Understand commonly used network analysis tools
  • Use Wireshark and GrassMarlin to perform basic network Analysis

Defense in Depth for ICS

NARI’s Defense in Depth for Industrial Control Systems course takes known OT attacks and teaches strategies and layered security controls that are needed to actively defend and keep businesses resilient against them. This course is designed to cover aspects of procedural, technical, and physical security in creating an indepth approach.

Topics Include:
  • Overview of Defense In Depth 
  • OT Policies and Procedures 
  • Boundary Defense 
  • Network Security 
  • OT Endpoint Security 
  • Intrusion Detection 
  • Incident Response and Remediation  

 

Who Should Attend:
  • Operations Engineers 
  • Technical Operations Managers 
  • ICS and OT Security Personnel 
  • Security Architects (For OT support) 
  • Security Managers 

 

Attendees will be able to:
  • Understand administrative procedures and policy
  • Create OT topology and system process maps
  • Define OT system traffic flows
  • Deploy workstation hardening measures
  • Log and audit component and network activity
  • Create a patching plan
  • Create a backup plan

IT and OT Secure Integration

NARI’s IT and OT Integration course teaches proactive security controls that are used to create secure informational and operation systems. This course is designed to help traditional IT and OT personnel fully understand the design principles to support these systems.

Topics Include:
  • Inventory of OT Hardware and Software Topology 
  • Mapping OT Segmentation Zones 
  • Mapping OT Segmentation Conduits 
  • Continuous Monitoring 
  • Secure Remote Access  
  • Other Security Controls  

Who Should Attend:
  • System Administrators 
  • Network Engineers (For OT support) 
  • IT Security (For OT support) 
  • OT Engineers (For IT support) 
  • OT Operators (For IT support) 
  • Cyber Security Engineers 

 

Attendees will be able to:
  • Understand services, shares, HMI’s, computers, PLC’s, access points, routers, ect.
  • Define system process, security policies and security levels, access requirements and controls, threats and vulnerabilities
  • Work with communication paths, ports, and protocols
  • Create zone span ports, zone log aggregation
  • Implement VPNs, demilitarized zones, multifactor authentication
  • Set up data diodes, honeypots, historians, baselining

ICS Security Tactics

NARI’s ICS Security Tactics selection of trainings are geared towards those with more experience in the ICS Cybersecurity field.  The courses are comprised almost completely of hands-on activities and challenges. Come test your skills against other students as well as against the NARI instructors and curriculum.  Expand the selections below to learn more.

Red vs Blue

NARI’s Red vs Blue course pits attendees head-to-head in multiple exciting hands-on challenges.  Red team members will use a variety of tactics such as social engineering, and man in the middle attacks to attempt to breach the blue team’s various defenses.  Teams will then switch sides and experience everything from a different perspective.

Topics Include:
  • Social Engineering
  • Intrusion Detection
  • DDoS vs Firewalls
  • Data Manipulation vs Data Diodes
  • Script Kiddies vs System Hardening
  • Man in the Middle vs VPN
  • Attacker Pivoting vs Segmentation

Who Should Attend:
  • Incident Response Team Members
  • Information Security Professionals
  • OT Engineers
  • Cybersecurity Engineers

 

Attendees Will Be Able To:
  • Identify types of attacks and block them
  • Implement incident response procedures
  • Apply logs and SIEM alerts
  • Setup network segmentation
  • Use configuration and patch management
  • Write ICS protocol scripts
  • Create spear phishing attacks
  • Use Kali frameworks for information gathering, exploitation, sniffing, and spoofing

 

Control System Analysis and Defense

The Control System Analysis and Defense course takes a more in-depth look at some familiar topics.  Explore the core aspects of an Operational Technology (OT) network from the components in the building, to the protocols that run them.  Students will work hands-on with live ICS testbeds as they put to the test multiple aspects of ICS security.  

Topics Include:
  • ICS Protocols
  • Network Defense
  • Firewall
  • Network Segmentation
  • System Triage

Who Should Attend:
  • Incident Response Team Members
  • Information Security Professionals
  • OT Engineers
  • Cybersecurity Engineers

 

Attendees Will Be Able To:
  • Understand how ICS protocols can be manipulated and abused
  • Design and setup firewall rules
  • Implement a network segmentation plan
  • Defend against an incoming attack using basic system triage

 

Contact us here for scheduling