Earn your next certification, guaranteed!

SCADA/ICS Security Training Boot Camp

This training is primarily targeted towards Information Technology and Information Security Professionals, Control Systems Engineers, and SCADA System Operators with a background in computer hardware and operating systems. It’s assumed that the average student will have beginner-level knowledge of a SCADA System.

Earn your CSSA, guaranteed!

Boot camp overview

SCADA controls our nation’s mission critical infrastructure, everything from the power grid to water treatment facilities Gain homeland security skills, by learning to assess and secure SCADA systems. This five-day boot camp covers everything from field based attacks to automated vulnerability assessments for SCADA networks.

Learn the best practices for security SCADA networks and systems inside and out. Infosec shows you how to defend against both internal and external attackers to provide holistic security for critical industrial automation systems.

Skill up and get certified, guaranteed

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included

93% pass rate — the best in the industry

  • Five days of training with an expert instructor
  • CSSA exam voucher
  • 90-day access to course replays (Flex Pro)
  • Curated videos from other top-rated instructors (add-on)
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee (Flex Pro)

Hands-on labs

Dozens of exercises in Infosec’s labs bring you up to speed with the latest threats to your SCADA systems. Learn subjects not found in books, on the Internet, or taught anywhere else in any other information security class.

Award-winning training that you can trust

Rising Star

Partner Award

G2 Crowd High Performer

Technical Skills Development Software

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Who should attend?

Prerequisites

  • Understanding of a SCADA system
  • Attendees can be anyone involved with protection of a SCADA system: SCADA supervisors, analysts, system administrators as well as SCADA vendors
  • Desire to learn how to protect the cyber critical infrastructure

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee

Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Course objectives

The CSSA certification provides professionals with an objective measure of competence as well as a recognizable standard of achievement. The CSSA credential is ideal for industrial network administrators and their managers, as well as IT professionals and their managers. The CSSA certification encompasses the following domains:

  • SCADA security policy development
  • SCADA security standards and best practices
  • Access Control
  • SCADA protocol security issues
  • Securing field communications
  • User authentication and authorization
  • Detecting cyberattacks on SCADA systems
  • Vulnerability assessment

Industry-leading exam pass rates

Infosec’s courseware materials are always up to date and synchronized with the latest exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

Can’t get away for a week?

Learn SCADA on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 400+ courses
  • 4 cyber range environments
  • 100+ hands-on labs
  • Certification practice exams
  • 50+ learning paths

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"The course not only met my expectations, but exceeded them. It was the most engaging online training I’ve ever had."

Val Vask

Commercial Technical Lead

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

FedEx
Microsoft
Bank of America
Defense Information Systems Agency
Symantec

Find your boot camp

SCADA Boot Camp details

Part 1
SCADA/ICS Overview

  • Introduction to CSSA
  • Industrial Control Systems (ICS)
  • Types of ICS
  • ICS components
  • BPCS & SIS
  • Control system strengths and weaknesses
  • ICS PCN & protocols
  • PCN evolution
  • Modbus / DNP3 / HART
  • Lab: modbus PLC lab
  • IT vs. ICS
  • RS-232 and RS-485
  • TASE 2.0 / ICCP
  • CIP
  • PROFIBUS / PROFINET
  • FOUNDATION fieldbus
  • Open vs. proprietary protocols
  • HMI applications
  • HMI/OIT implementations
  • OPC and OPC UA
  • Data historians
  • Integration software (ERP/MES)

Part 2
SCADA security governance

  • Threat to SCADA
  • SCADA attacks and threats case studies
  • Lab: attacking the infrastructure
  • SCADA security challenge
  • Security frameworks, strategy, policies
  • Standards, procedures and guidelines
  • SCADA security standards bodies (NIST / ISA / CFATS /
  • NERC CIP)
  • Risk management process
  • Lab: “theoretical” assessment with CSET
  • SCADA security assessment methodology
  • NESCOR guide to vulnerability assessment

Part 3
Pentesting SCADA systems

  • Security assessment strategy
  • Pentesting steps
  • Safety and security considerations
  • Information gathering
  • Architecture analysis
  • Host, application and platform fingerprinting
  • DNS and SNMP recon
  • Lab: SNMP recon
  • Host and port scanning
  • Security considerations
  • Scanning tools and techniques
  • Lab: scanning ICS/SCADA networks
  • Network communications capture and analysis
  • RF signal capture
  • Sniffing network traffic
  • Device functionality analysis
  • Lab: datasheet analysis
  • Vulnerability identification
  • Common SCADA vulnerabilities
  • Finding vulnerabilities
  • Physical access
  • Vulnerability scanning
  • Server OS testing
  • Patch levels
  • Default and insecure configurations
  • Authentication and remote access
  • Firmware analysis
  • Attacking ICS
  • Attacking standard services (HTTP, FTP)
  • Attacking server OS
  • Lab: Exploiting OS-level vulnerabilities (Shellshock Exploit)
  • Attacking ISC Protocols
  • Lab: capturing and manipulating protocol data
  • Attacking wireless communications
  • Lab: recovering ZigBee network keys
  • Lab: WEP/WPA2 password cracking

Part 4
SCADA security controls

  • Categorization of system controls
  • Physical security & safety
  • Identification, Authentication, & Authorization (IA&A)
  • IA&A and access control
  • Remote access security
  • Encryption
  • Logical security
  • Lab: firewall rule design
  • Monitoring, detection & protection
  • Secure SCADA architecture
  • Lab: security architecture (group discussion)
  • IDS/IPS (Introduction to Snort)
  • Log monitoring and management
  • Lab: SCADA honeypot (Conpot)
  • Lab: Snort SCADA rules (Quickdraw)
  • Incident response
  • Anti-malware
  • Application whitelisting
  • Patch management
  • Active directory & group policy
  • Summary of good security practices