Applied Network Defense is an information security practitioner-focused company dedicated to developing and providing high quality, affordable training and education. We work with subject matter experts to create online training that can be taken ad-hoc, or integrated with your internal training programs. You can view our current training offerings here.

Our Teaching Approach

There is a long standing belief that the best way to learn is through intensive "crash courses" where you're trapped in a conference room while you're force fed information through a fire hose. While this style of training has its place, what we know about learning from a scientific standpoint tells us that effective high-rentention learning lends itself towards a different approach. The key to making learning stick is to make it deliberate and engaging. By apply a modern teaching approach, AND develops training geared towards tangible results. We achieve this by using a creative approach combining instructor-led lectures, peer discussions, creative lab scenarios, and opportunities to use applied knowledge. Our students show a much higher than average engagement rate. We know students love our courses, because many of them elect to take more than one!

Our Philosophy

Focus on Real Problems: We focus on real problems that help provide security to your organization in a more cost effective manner. No made up problems, no buzzwords, no excuses.

Online Flexibility: Traveling is expensive, and often not an option based on where on-site training is offered. We focus almost exclusiely on expert-led, online training to provide flexibility while still offering high quality interaction with subject matter experts.

High Engagement: For learning to be effective, it must be effortful and engaging. We apply unique and innovative techniques to ensure learners are drawn into our content, even when offered online.

Affordable: The good guys win when it costs less to defend a system than to attack it. Our pricing models scale for organizations of all sizes. You shouldn't have to be a Fortune 500 company to afford high quality training.

Community Responsibility: We take information security and our role in the community seriously. We devote a couple days each month to providing free security training and consulting to small businesses and non-profit organizations. We also contribute a portion of revenue to a number of worthy causes, and offer scholarships for human service organizations.

About Chris Sanders

Chris Sanders is the founder of Applied Network Defense and has extensive experience supporting multiple Fortune 500 companies and government/military agencies. He has authored several books and articles, including the international best seller "Practical Packet Analysis" from No Starch Press, currently in its third edition, and "Applied Network Security Monitoring" from Syngress. Both books have been translated to multiple languages and have collectively sold tens of thousands of copies. Chris currently holds several industry certifications, including the SANS GSE distinction.

Chris is originally from Mayfield, KY. Growing up in a rural area, he saw the transformative power that education could have on lives and its ability to end generational poverty. He started the Rural Technology Fund in 2008 with the mission of helping bridge the digital divide between rural and urban areas. In 2016, the RTF put computer science education materials in the hands of over 10,000 students. Applied Network Defense was founded with a similar goal as the Rural Tech Fund, but instead focuses on providing high quality information security training at a fair price. Chris is passionate about education and helping information security practitioners further their careers and positively impact the organizations they serve.

Take a Course

We pride ourselves in offering the most unique and engaging online training courses available in information security. Our courses are delivered completely online so that you can access the course material any time you like without expensive travel costs. Don't worry though, you're not alone! Even though our courses are online, they are facilitated by expert instructors who lead engaging discussions, provide feedback, and are available for any questions you may have. Training is only useful if it sticks with you and if you can apply it to the networks you are protecting.

Course Catalog

Investigation Theory

Designed to help you overcome the challenges commonly associated with finding and catching bad guys. If you’re a security analyst responsible for investigating alerts, performing forensics, or responding to incidents then this is the course that will help you gain a deep understanding how to most effectively catch bad guys and kick them out of your network.

Next Offering: 1/14/19

Practical Packet Analysis

Don't just stare at captured packets -- analyze them! This course will introduce you to packet analysis from the ground up. This course uses Wireshark, tcpdump, and tshark to demonstrate how you can use packet analysis techniques to troubleshoot real-world problem scenarios, fight network connectivity issues, and investigate malware and security incidents. Along the way, the course will introduce common network protocols and teach you the ability to spot abnormal network traffic through a better understanding of normal stimulus and response. This course is a perfect companion to the best-selling book of the same name.

Continuous - Always Open

ELK for Security Analysis

You must master your data If you want to catch bad guys and find evil. But, how can you do that? That’s where the ELK stack comes in.ELK is Elasticsearch, Logstash, and Kibana and together they provide a framework for collecting, storing, and investigating network security data. In this course, you’ll learn how to use this powerful trio to perform security analysis. This isn’t just an ELK course, it’s a course on how to use ELK specifically for incident responders, network security monitoring analysts, and other security blue teamers.

Continuous -- Always Open

Building Virtual Security Labs

Building Virtual Labs is a hands-on "choose your own adventure" style walkthrough for building an IT security lab for penetration testing, network security monitoring, and more. It will show you every step needed to build a robust lab for experimenting with and learning about network attack and defense.

Continuous -- Always Open

Effective Information Security Writing

Learn to write better penetration testing reports, compromise reports, and case notes by using a structured, repeatable system – complete with downloadable report templates! This course will help you become a better, more effective technical writer in the information security disciplines.

Continuous -- Always Open

Bro Scripting

Bro is a powerful network analysis framework used to generate network security data and support intrusion detection, network security monitoring, and incident response. This course is a mixture of expert-led demonstrations and hands on labs where you can practice writing Bro scripts that will help you find evil and generate data to support investigations. You should walk away from this course comfortable using and scripting in Bro, as well as several scripts you can put into your own Bro sensors to enhance detection and investigations on your network.

Continuous -- Always Open

Osquery for Security Analysis

Osquery is powerful a host investigation platform that lets use interrogate endpoints individually or at scale. This course will teach you how to use Osquery to find evil on your hosts.

Continuous -- Always Open

Network Monitoring with Suricata

Suricata is a free and open source, mature, fast and robust network threat detection engine capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. In this course you'll learn to deploy, configure, and use Suricata to detect network intrusions. This course is taught by the Suricata team at OISF, which means you'll learn about Suricata directly from the team that developed it. This course contains a mix of video demonstrations, and a hands on lab component where you'll be able to practice writing Suricata signatures and interpreting its output.

Continuous -- Always Open

Demystifying Regular Expressions

Reading and writing regular expressions is a critical skill for any security practitioner, but they can seem like magic. Whether you're reading and writing IDS rules, searching in a SIEM, or using grep to search through files, this course will help you get comfortable writing and interpreting regular expressions. You'll learn through a mixture of hands-on demonstrations and practical labs where you can test your skills using practical examples.

Continuous -- Always Open

Develop a Course

Have you ever thought about creating your own online course, but don't want to deal with the management headaches? We can help! You just develop the content, we handle the content platform, registration, payment processing, support, and everything else. Think of it like a book publisher, but for online training. However, unlike a book publisher you don't give up the copyright to your content and you keep the vast majority of the revenue generated. We also help you throughout the process of content development if you need it. We'll provide support for the development of the curriculum and creation of engaged learning activities like hands-on labs and discussion prompts.

How it Works

Step One: Submit a Proposal

A course begins with a strong outline. Send your proposal to and include a description and outline of the course. Also, don't forget to tell us a little about yourself and your background. Your course can be completely new, or it can be an online version of an in-person course you're already teaching.

Step Two: Develop Content

Once we've approved your course and agreed to terms, we'll pay you an advance against royalties. If you need help, we'll work with you to help enhance the course design. Then, you'll start developing content and we'll start preparing to market the course. We will strive to have a full roster of students registered by the time the course is ready to launch.

Step Three: Lead Courses

We expect our courses to be higher quality than most, so they are more than just a series of recorded videos. Our training platform is immersive and instructor led, complete with a student discussion forum and the ability to give and grade question-based exams. Your course materials will be available for students to view any time, but you're expected to be a presence in the course to answer questions and help further student discussions. These courses are all about connecting students with your expertise.

Step Four: Get Paid

Once your course is running, we'll process payments to you directly. We'll also provide feedback from your students so you can continually improve your course.

Why Teach With Us

Maximize Effectiveness

Teahing isn't easy, and in-person classes don't always translate well to online course delivery. You have to work much harder to engage online learners, and that's where our experience shines. We'll help you come up with creative ways to make sure people grasp your material through lab exercises, engaging discussions, and active learning. We are exclusively dedicated to information security training and are led by experts who not only excel in developing training content, but can also put their hands on the keyboard and do the job of catching bad guys. Simply put, we're a practitioner-led organization.

Build your Brand

When you teach someone in a way that genuinely impacts their life or career, you build a life-long bond with them. It's these connections that have the ability to further your personal brand and your career. Developing a course with AND will maximize the exposure of your course, and we'll work with you to ensure that you succeed.

Retain Ownership of your Content

We don't require you to sign over the rights of the content you've developed. With AND, you grant us a license to be the online delivery provider for your material for a negotiable period of time. We focus exclusively on online delivery, so you're free to teach your material in-person as you see fit.

Save Time and Focus on What Matters

Delivering online courses is cumbersome. You have to worry about the course management system, video production, registration, payment processing, marketing, student support, collecting feedback, and much more. If you try to do all this yourself, you can easily spend more time managing your course than developing content for it. We take all that headache away and let you focus on being the expert in your subject matter area.

Expand Internationally

It's hard to provide training opportunities internationally because of restrictive local requirements and the expense of traveling. We've had students from dozens of countries attend our courses, and teaching online is a great way to increase your international exposure. In some of our classes, we've had over 50% of the attendance come from outside the country the instructor is located in. This is a reach you can't achieve through in person teaching.

Maximize Revenue

We don't accept proposals from courses we don't expect to be successful, and we'll do everything in our power to make sure your course is well-designed and marketed to the right people. Most of our courses often lead to course authors being requested to teach private in-person courses at very high rates. Starting with an online course is a great way to pivot into more in-person teaching. If you already teach in-person, developing an online course is a great way to broaden your reach.

Custom Training

In information security, it's hard to find time to build training exercises when you're constantly buried in alerts or dealing with incidents. We will work with you to build a comprehensive training program that includes an initial course for new hires, and periodic refresher training to keep your staff on their toes. This can include existing courses from our catalog, or new courses customized to your environment.

We can help you build custom training programs focused on these areas:

  • SOC Alert Review
  • Network Security Monitoring
  • Incident Response
  • Threat Hunting
  • Digital Forensics
  • Security Reporting
Our training is delivered online and includes engaging content that is customized to focus on the threats you're concerned about. Using our Investigation Ninja platform we can match the technologies and data types available in your network and create investigation scenarios designed to develop and assess competency in using your toolset. We can also go a more traditional route and provide proven question-based assessments. We guarantee that a customized training platform will increase the skill and efficiency of your analysts.

If you'd like to discuss your training needs and get a quote, contact us at

Investigation Ninja

Investigation Ninja is a training and evaluation platform designed to simulate the security investigation process in a tool-agnostic manner. This tool is a core component of our Investigation Theory course, but is also available as a hosted solution and can be offered for individual access to pre-built simulations, or as a platform for the development of custom training or assessment. Investigation Ninja is used by security operations centers, managed secuity service providers, and universities to facilitate investigation training and simulation. If you'd like to learn more about Investigation Ninja, see a demo, or receive a quote, please contact us.

Train Analysts How to Investigate Security Threats

It's difficult to create meaningful training situations in a production environment. Investigation Ninja was built to facilitate simulations used to train analaysts while focusing on what matters: data-based evidence. Users are presented with an input like an IDS alert, a hunting observation, or suspicious log file. They are given an array of data source options, and have the ability to query those data sources for evidence relevant to the investigation. The environment promotes concepts like strategic questioning, hypothesis generation, and data pivoting. Users work through the available data en route to making a decision about whether an incident occurred. They report their findings, and Investigation Ninja tells them if they are correct, incorrect, or partially correct. If the analyst gets stuck, a hinting system can provide a nudge along the way.

Evaluate Security Job Applicants

Hiring security investigators is a difficult job. Every SOC is different, and everyone uses different tools. Investigation Ninja provides a mechanism for evaluating candidates on a level playing field by introducing them to scenarios that exist in a data-drive format that is tool independent. Analyst actions while investigating alerts are logged, and presented in a clear, easy to follow report that logs every step the analyst took in a timeline. Not only that, the analyst's efforts are timed for comparison to others of similar skill levels. Using Investigation Ninja, you can move past hypothetical tabletop discussions and evaluate candidates using measurable outcomes.

Build Custom Simulations with your Data

Investigation Ninja doesn't just deliver the simulations to analysts, it also provides the ability to build simulations right in the interface. You can create flexible scenarios using any data type, provide a structured set of multiple choices to help someone proceed through a structured investigation, or increase the skill level required by requiring users to type exact commands or searches to sift through data. This makes Investigation Ninja ideal for organizations that want to develop custom training scenarios based around the real data and tools they have available. This feature set is also well suited to university professors who want to create real-world exercises for their cyber security program students.


Mailing List Signup

Sign Up for Course Updates

If you're interested in upcoming courses, consider signing up for our mailing list. We also occasionally provide course giveaways and discounts via e-mail. Don't worry, we won't spam you with stuff you don't care about and you can unsubscribe anytime.

* indicates required

Click here to return to the course catalog.



This is bold and this is strong. This is italic and this is emphasized. This is superscript text and this is subscript text. This is underlined and this is code: for (;;) { ... }. Finally, this is a link.

Heading Level 2

Heading Level 3

Heading Level 4

Heading Level 5
Heading Level 6


Fringilla nisl. Donec accumsan interdum nisi, quis tincidunt felis sagittis eget tempus euismod. Vestibulum ante ipsum primis in faucibus vestibulum. Blandit adipiscing eu felis iaculis volutpat ac adipiscing accumsan faucibus. Vestibulum ante ipsum primis in faucibus lorem ipsum dolor sit amet nullam adipiscing eu felis.


i = 0;

while (!deck.isInOrder()) {
    print 'Iteration ' + i;

print 'It took ' + i + ' iterations to sort the deck.';



  • Dolor pulvinar etiam.
  • Sagittis adipiscing.
  • Felis enim feugiat.


  • Dolor pulvinar etiam.
  • Sagittis adipiscing.
  • Felis enim feugiat.


  1. Dolor pulvinar etiam.
  2. Etiam vel felis viverra.
  3. Felis enim feugiat.
  4. Dolor pulvinar etiam.
  5. Etiam vel felis lorem.
  6. Felis enim et feugiat.





Name Description Price
Item One Ante turpis integer aliquet porttitor. 29.99
Item Two Vis ac commodo adipiscing arcu aliquet. 19.99
Item Three Morbi faucibus arcu accumsan lorem. 29.99
Item Four Vitae integer tempus condimentum. 19.99
Item Five Ante turpis integer aliquet porttitor. 29.99


Name Description Price
Item One Ante turpis integer aliquet porttitor. 29.99
Item Two Vis ac commodo adipiscing arcu aliquet. 19.99
Item Three Morbi faucibus arcu accumsan lorem. 29.99
Item Four Vitae integer tempus condimentum. 19.99
Item Five Ante turpis integer aliquet porttitor. 29.99


  • Disabled
  • Disabled