Description

This curriculum spans the equivalent of a multi-workshop operational immersion, addressing the same network security challenges seen in ongoing service operations, from integrating security into change management and incident response to governing access and risk across hybrid environments and third-party connections.

Module 1: Security Architecture Integration in Service Operations

Define network segmentation boundaries based on service dependencies and compliance requirements, balancing isolation with operational continuity.
Select and deploy inline versus out-of-band security controls for critical service paths, considering fail-open versus fail-closed behaviors.
Integrate security zones (e.g., DMZ, internal, management) into service topology diagrams used by operations teams for incident response.
Map existing service workflows to zero trust principles, identifying legacy systems that require compensating controls.
Align firewall rule hierarchies with change management processes to prevent unauthorized rule proliferation.
Implement secure service-to-service authentication using mTLS or API gateways in hybrid cloud environments.

Module 2: Threat Detection and Monitoring in Production Networks

Configure IDS/IPS signatures to reduce false positives in high-volume service traffic without missing lateral movement patterns.
Deploy network TAPs or SPAN ports strategically to ensure full packet capture for critical service tiers without degrading performance.
Correlate NetFlow, firewall logs, and endpoint telemetry in SIEM to detect beaconing or data exfiltration from compromised services.
Establish thresholds for anomaly detection on service-level traffic baselines, adjusting for scheduled batch operations.
Integrate EDR telemetry with network detection tools to validate lateral movement hypotheses during investigations.
Manage retention policies for network metadata to comply with audit requirements while controlling storage costs.

Module 3: Firewall and Access Control Management

Enforce change windows and peer review for firewall rule modifications, especially for rules affecting production services.
Conduct quarterly firewall rule audits to decommission orphaned or overly permissive rules tied to retired services.
Implement role-based access controls on firewall management interfaces, separating duties between network and security teams.
Use application-aware firewalls to identify and control non-standard protocols used by legacy services.
Coordinate NAT and firewall policy updates during service migrations to avoid connectivity outages.
Document business justification for each allow rule, linking to service inventory and risk assessments.

Module 4: Secure Change and Configuration Management

Integrate security checks into CI/CD pipelines for infrastructure-as-code templates used in service deployment.
Enforce configuration baselines for network devices using tools like Ansible or Puppet, with drift detection alerts.
Require security impact assessments before approving network changes that affect service availability or exposure.
Implement rollback procedures for failed security configuration deployments affecting live services.
Track and version control all network device configurations, ensuring alignment with backup and recovery SLAs.
Coordinate change freeze periods with business units during peak service utilization times.

Module 5: Incident Response and Network Forensics

Preserve packet captures and flow logs immediately upon detection of suspicious service behavior for legal admissibility.
Isolate compromised service segments using dynamic firewall policies while minimizing impact on legitimate users.
Conduct post-incident network traffic analysis to identify initial access vectors and dwell time.
Coordinate with legal and compliance teams when collecting network evidence from regulated environments.
Use VLAN reassignment or ACLs to contain malware propagation during active incidents.
Document network-level actions taken during incidents for inclusion in root cause analysis reports.

Module 6: Identity and Access Governance in Network Services

Enforce 802.1X or MACsec for switch port access in data centers hosting sensitive services.
Integrate RADIUS/TACACS+ with identity providers to enforce MFA for administrative access to network devices.
Rotate shared service account credentials used for network device backups and monitoring tools.
Implement time-limited access grants for third-party vendors connecting to service networks.
Monitor for unauthorized VLAN hopping or rogue DHCP servers in service segments.
Enforce least privilege in SNMP community strings and API key scopes used by network management systems.

Module 7: Secure Service Lifecycle and Decommissioning

Verify removal of firewall rules, DNS entries, and load balancer configurations when retiring services.
Conduct network access reviews to identify residual permissions for decommissioned service accounts.
Sanitize configuration backups and network diagrams containing references to retired services.
Update network dependency maps to reflect service removal and prevent configuration drift.
Archive network traffic metadata for decommissioned services in accordance with legal hold policies.
Validate that monitoring and alerting rules for retired services are disabled to reduce noise.

Module 8: Third-Party and Supply Chain Risk in Network Operations

Assess network access requirements for cloud service providers, limiting ingress to specific service endpoints.
Monitor for unauthorized peering or BGP route announcements from partner networks.
Enforce encryption and integrity checks for software updates pushed to network devices from vendor sources.
Conduct security assessments of managed service providers with access to core network infrastructure.
Isolate IoT and OT devices used in service delivery through dedicated network segments and protocol filtering.
Negotiate SLAs with ISPs that include DDoS mitigation response times and traffic scrubbing capabilities.