This two-week course is focused on the methodologies and processes used by professional "Blue" teams in corporate and government spaces. Instructors use open-source tools to teach students methodologies of securing a network and its hosts. Students will learn the necessary skills to successfully identify: the customer's network, tools required and allowed, mission scope & key terrain, then map the network, and its hosts. They will learn to protect: verifying base-lines, check configurations, evaluate A/V & IDS systems. Student will detect: perform host based assessments, finding vulnerabilities and anomalies, helping the customer with continuous integrity monitoring. They will respond: develop and implement an incident response plan, suggest better sensor placements, help with log correlation, coordinate response activities, develop and apply risk mitigation response. Finally students will recover: developing a recovery plan and making final recommendations to their customers. Their final recommendations will take into account system hardening techniques, priority lists, and risk mitigation. Each of the segments will cover network devices, Unix and Windows Operating Systems and policy.