Live Training Classes
Training week for BSidesAugusta 2021 is September 27-30. This year, there will be four live training classes at the Georgia Cyber Center. Hurry! Seats are limited. You can buy your tickets on the registration page starting August 2 at Noon Eastern Time.
Class Requirements
See the individual class descriptions below for pre-requisites and items you need to bring to training.
Included with Each Class
  • Coffee through 2 PM
  • Bottled water all day
  • Validated parking at the Georgia Cyber Center parking deck
  • Free non-transferable ticket to Security Onion Conference October 1
  • Free non-transferable ticket to BSidesAugusta October 2
Training Cancellation
Individual classes may be cancelled if they do not meet a minimum enrollment up to one week prior to the first day of class. If a class is cancelled due to lack of enrollment or for any other reason, training refunds (for the cost of the training only) will be automatically issued to registered students. For all other refund requests, please see the refund policy on the BSidesAugusta registration page.
COVID-19 Protocols
See for the latest information.

Course Name: Operationalizing PowerShell by Fernando Tomlinson

Date: September 30
Training Time: 9 AM – 5 PM
Trainer Name(s): Fernando Tomlinson (@Wired_Pulse)
Course Description: PowerShell is one of the most versatile languages in use today. Besides being resident on modern versions of Windows by default, the language is incorporated in nearly all Microsoft products from Exchange to even Azure. It was originally developed to assist in system administration tasks however, its use goes far beyond that. It is being used for threat hunting, forensics, attacker reconnaissance, escalation, exfiltration, lateral movement, and many other tactics. This enables entities to be able to complete vital tasks without the need for an additional toolset, adding agility to their actions. As such, the language continues to be the leading execution method during intrusions involving Windows systems and helps defenders with their visibility and detection efforts. This training event will provide hands-on exposure to the aforementioned areas all from within the PowerShell environment! Walking away, you will be better postured to identify these tactics or use them for your specific purposes without adding anything additional to the network. 
Target Audience: This workshop is for those learning PowerShell or for those who want to hone the skills they already have. 
What attendees need to bring: Laptop with Windows 10 (a VM suffices) with PowerShell 7.1.3 installed.


Course Name: Operation Purple by SCYTHE

Date: September 29 – 30
Training Time: 9 AM – 5 PM
Trainer Name(s): Tim Schulz (@teschulz)
Course Description: Ever wondered how purple teaming can supercharge your cyber capability? In this two day, hands-on course, attendees will learn the balance between threat understanding and detection understanding to run their own purple team exercises. Attendees will start by learning the underlying methodologies that make purple teaming successful and metrics for success before diving into leveraging the ATT&CK framework to create threat informed emulation plans. Once attendees have successfully built plans, they can leverage tools like SCYTHE or the Slingshot C2 VM to automate the emulation process. Finally, attendees will learn to identify and build detections to their emulated attacks.
Target Audience: This training is for security analysts, cyber threat intelligence analysts, red teams, and blue teams that want to add more purple teaming to their daily lives.
What attendees need to bring: Laptop with access to a web browser.
Discounts available for active duty US military, active US Federal civilian employees, full time students, and full time employees of nonprofits. Send an e-mail to for details.


Course Name: Security Onion 2 Fundamentals for Analysts and Administrators by Security Onion Solutions

Date: September 27 – 30
Training Time: 8 AM – 5 PM
Trainer Name(s): Bryant Treacle and John Bernal
Course Description: This course is geared for analysts and administrators of Security Onion 2 (formerly known as Hybrid Hunter). Students will gain a foundational understanding of this exciting platform – how to architect, deploy, and manage their Security Onion 2 grid. The course also covers major analyst workflows, reinforced through real-world case studies. The class will cover the following topics:
  • Security Onion Console
  • Security Onion 2 System Architecture
  • Deploying a Security Onion 2 Distributed Architecture
  • Common Administrative Tasks
  • Security Onion 2 Workflows
    • Alert Triage & Case Creation with SOC Alerts and TheHive
    • Ad hoc Hunting with Kibana and SOC Hunt
    • Detection Engineering with Playbook
  • Grid Management
    • Users
    • Firewalls
    • Updating
    • Monitoring
    • Troubleshooting
    • Hardening
  • Tuning the Grid
    • Berkeley Packet Filters
    • Performance Tuning – Zeek and Suricata
    • Alert Tuning – Suricata and Playbook
  • Integrating Endpoint Data with Osquery and Wazuh
  • Zeek
    • Logs
    • Scripts
    • Intel Framework
  • Creating Custom Dashboards with Kibana
  • Alternative Deployment Architectures
    • Airgap Deployments
    • Cloud Deployments
  • Multiple Labs and Case Studies
Target Audience: Network defenders, analysts, administrators and operators who want to learn to effectively operate, maintain, and use Security Onion to defend their enterprises. Students should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, SSL, etc. Knowledge/experience with Linux is recommended, but not required.
What attendees need to bring: Security Onion Solutions will provide student technology for the class. Prior to Day 1, students must review the content in the free 2-hour Security Onion Essentials training course located at
Discounts available for active duty US military, active US Federal civilian employees, as well as active members of ISSA and Infragard. Send an e-mail to for details.