Training

At Arhont, we are passionate about training and mentoring. We aspire to ensure that the best practices and recommendations on protecting your information and systems are supplied to those in need. We have published the very first books on Cisco and Wireless penetration testing and continue to author books and publish articles on latest security information matters. Our pivotal work entitled "Assessing Information Security. Strategies. Tactics. Logic and Framework" is going to be released by the end of February 2010.

The training courses we provide are designed to provide practical hands-on skills that will allow the delegate to become quickly proficient at protecting data and systems. Bespoke training courses can be developed, however we have three main specialist courses available:

  • Security Auditing – Technical & Tactical Level
  • Security Auditing - Management & Strategic Level
  • Wireless 802.11 Security

Detailed training course information can be downloaded here training.pdf

Security auditing course: technical level

Tactics and strategy of professional technical security risk assessments of networks, systems, appliances, applications and communication protocols.

Course description

Technical security audit procedures usually involve defining the assessment aims, scope and responsibilities, selecting testing targets and methodologies, performing penetration tests and other hands-on security reviews, estimating and prioritising risks, and generating a proper audit report supplemented with remedial recommendations. Many courses dedicated to technical security auditing and offered on the current market concentrate on a single aspect or area of these assessments, for example, ethical hacking. We cover all important facets and phases of hands-on security audits, from defining the initial scope to writing the audit reports properly and working with a client company or organisation after the report has been submitted. Our course is built upon the “teach the man to fish rather than feed him every day” principle, and centred on a highly realistic, judicious approach to risk analysis and estimation. The latter should strongly help the IT personnel in interacting with outsourced teams of specialist auditors. The differences between methods and techniques of external versus internal security assessments are strongly emphasized. While we do cover some crucial issues of wireless security, we view this highly specific topic as deserving a dedicated course on it's own, which is provided separately.

Course objectives

Upon completion of this course the delegates will be able to

  • carefully plan, design and execute all major types of technical information security audits at least on a basic level
  • comprehend the vast arsenal of methodologies and tools used by professional security auditors
  • find security flaws in systems, networks, applications, operations and procedures
  • understand different limitations and complications faced by both attackers and defenders alike
  • develop a thorough synthetic approach to hands-on risk and threat level analysis
  • write accomplished and consistent audit reports that will satisfy both management and technical personnel of a client company or organisation
  • efficiently collaborate with external teams of highly skilled security auditors

Target audience

IT consultants, network and systems administrators, systems auditors, information security officers and other IT professionals involved or interested in different flavours of hands-on information security audits.

Course pre-requisites

Common server and workstation systems, as well as TCP/IP networks administration skills are required; general background in information security is desirable.


Security auditing course: management level

Everything a senior manager wanted to know about information security audits, but did not know whom to ask.

Course description

Information security audits are the only realistic way to estimate relevant risks faced by your company or organisation, and are increasingly demanded by various compliance and regulatory bodies. The flood of contradictory and openly promotional information covering this important topic is highly confusing, even for the dedicated professionals. This course is aiming to provide top management with all the applicable knowledge they may ever need regarding information security assessments and their outcome. The important areas covered include workable costs and benefits of security auditing, legal and compliance issues, different types and classes of security assessments, what to expect and not to expect from the auditors, how to select and manage them properly, and how to react to the audit reports with utmost prudence. Along the way, popular misconceptions and myths about information security assessments are dispelled.

Course objectives

Upon completion of this course the delegates will be able to

  • understand when a security audit is needed, what types of assessments must be performed, and in which particular sequence they should proceed
  • efficiently interact with, and manage a team of professional in-house or outsourced security auditors
  • choose the auditors with all needed and appropriate specific knowledge and skills, while avoiding even the most cunning “snake oil” sellers
  • comprehend even the complex and technically savvy security assessment reports, and get the most out of them
  • avoid common errors and pitfalls related to information security audits and their results

Target audience

Chief Information and Technical Officers, IT Managers and Technology Directors, Risk Managers, Chief Information Security and Compliance Officers, other senior personnel who might deal with information security issues within a company or organisation

Course pre-requisites

General background in IT and information security management is desirable.


Wireless (802.11) security course

Where the borders of networks are blurred, imminence lurks.

Course description

Wireless security is a hot topic, and will rightfully remain so. Wireless attacks can circumvent secure perimeters of otherwise well-protected networks, and catch you completely off guard. Telecommuters and business travellers are at the great risk of their computers being tricked into associating with the attacker's laptop and being hacked into with further opportunities to extend illicit access to internal corporate nets. Different implementations of the 802.11i standard solve many wireless security issues, but are by no means infallible, especially against a highly determined adversary. This course provides a full cover of modern wireless security, ranging from designing protected and stable networks to performing wireless penetration tests and writing applicable security policies. Layer One (radiophysical) wireless safeguards get their fair share, and client side security issues are reviewed in a great depth. The course is well-balanced between attack and defence by offering practical insights into wireless hacking methodologies, thus being of a value for security auditors and network administrators alike. Wireless intrusion detection, incident response and attacker traceback are scrutinized. Apart from the purely technical perspective, we also dwell on various aspects of wireless networks security management and planning.

Course objectives

Upon completion of this course the delegates will be able to

  • plan, design, build and integrate secure wireless networks
  • perform wireless site surveys
  • understand and implement efficient wireless security countermeasures
  • grasp different wireless attack approaches and methodologies
  • perform security reviews and assessments of wireless networks
  • vigorously react to wireless attacks and other related security incidents
  • write proper wireless security policies and guidelines

Target audience

IT consultants, network and systems administrators, integrators and architects, systems auditors, information security officers and other IT professionals concerned with current wireless security issues. CWNA, CWSP and CWNE certification candidates.

Course pre-requisites

Common server and workstation systems, as well as TCP/IP networks administration skills, are required; general background in information security and wireless networking is desirable.