Tuesday, August 13, 2013

Feedback from Network Security Monitoring 101 Classes

At Black Hat in Las Vegas I taught two Network Security Monitoring 101 (NSM101) classes. This is a new class that I developed this year, after retiring the third edition of my TCP/IP Weapons School. Once again I was glad to have Steve Andres from Special Ops Security there to help students with questions and lab issues.

I wanted to share some feedback from the classes, in case any of you are considering attending an upcoming edition. Currently I'm scheduled to teach at Black Hat Seattle on 9-10 December. I plan to continue offering my class through Black Hat as they expand their training location offerings.

Student feedback from NSM101 included:
  • Great tools, fun labs, very prepared -- a lot of experience from interesting real world scenarios.
  • This course was everything I hoped for and more. Very impressive considering the course is new.
  • One of the best training classes I have ever taken.
  • Richard hosted an exemplary class.
  • I thought the class was excellent, and the content was relevant and informative.
  • The instructor was there when help was needed. I can easily take what I learned here and apply it to my work.
  • Excellent instructor and class. It is nice to learn from true pros who are humble and willing to help.
  • Richard is an excellent speaker. His use of real world examples added value to each lab. The material was easy to understand and very well thought out.
  • The stories behind the scenes and the practical notes (i.e., how to create a team) really helped.
  • Great balance of hands-on and theory.
  • Easy to follow and inspiring, even for an NSM beginner like me.
  • Great companion to the new NSM book.
  • This class was fantastic. I wish I could send my whole department.
  • I look forward to using your book and teaching some of your techniques to my students.

In the "constructive criticism" category, several students recommended that I modify the class description to better suit the class structure. For example, some students didn't realize they would be using Security Onion in the class. A few students told me they would have sent more people from their team if they had a better sense of what the class was going to include. I will fix that for the Seattle edition and future events.

Overall I very much enjoyed teaching the new class. I will make a few tweaks to fix typos but otherwise I am ready to teach again in December. Once the registration form is active I will post it via Twitter.

If you have any questions, please post them as comments here or via Twitter to @taosecurity. Thank you.