SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
SEC510: Cloud Security Engineering and Controls
SEC510Cloud Security
- 5 Days (Instructor-Led)
- 38 Hours (Self-Paced)
Course authored by:
Brandon Evans & Eric Johnson
Course authored by:Brandon Evans & Eric Johnson
- GIAC Public Cloud Security (GPCS)
- 38 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- 19 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Prevent cloud incidents from becoming breaches with attack-driven controls. Explore real-world case studies, build multicloud defenses, and secure emerging GenAI workloads through hands-on labs.
Featured Quote
The course provided so much information and details about security misconfigurations and mistakes in the cloud that one would not believe fit into the week. Very comprehensive, but the scary thing is that it feels like it is barely scratching the surface! Awesome job by the course authors.
Course Overview
Protecting multicloud environments is tough but essential. Default controls often fall short, and what works for one CSP may fail in another. SEC510 delivers advanced training for engineering cloud security defenses across AWS, Azure, and GCP, emphasizing attack-driven strategies over compliance. Students also gain skills to secure modern data environments, from encryption and ransomware protection to defending GenAI workloads, learning practical controls that reduce risk and safeguard critical assets at scale.
What You'll Learn
- Make informed choices across AWS, Azure, and GCP with deep dives into PaaS and IaaS.
- Learn from real-world attack case studies.
- Test and validate security controls instead of relying on vendor documentation.
- Build layered IAM and integrate identity into network security.
- Automate encryption and compliance checks.
- Prevent, mitigate, and recover from ransomware.
- Secure FaaS, multicloud, IaC deployments, and GenAI workloads.
Business Takeaways
- Prevent incidents from becoming breaches with attack-driven, preventive controls—including defenses for emerging GenAI workloads
- Reduce the attack surface of your organization's cloud environments
- Control the confidentiality, integrity, and availability of data in the Big 3 CSPs
- Increase use of secure automation to keep up with the speed of today's business
- Resolve unintentional access to sensitive cloud assets
- Reduce the risk of ransomware impacting your organization's cloud data
Meet Your Authors
- Slide 1 of 2
Brandon Evans
Senior InstructorBrandon is a Partner at Cyverity and SANS Senior Instructor at the SANS Institute. He is lead author for SEC510: Cloud Security Engineering and Controls; GPCS holder #1, multi-year RSA Conference presenter, and cloud Bug Bounty collector.
Read more about Brandon Evans - Slide 2 of 2
Eric Johnson
FellowEric is a co-founder and principal security engineer at Puma Security, focusing on modern static analysis product development and DevSecOps automation. A SANS Fellow, he is co-author and instructor for three SANS Cloud Security courses.
Read more about Eric Johnson
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC510: Cloud Security Engineering and Controls.
Section 1Cloud Engineering and Identity Access Management (IAM)
SEC510 begins with cloud breach trends and the challenges of multicloud. Students explore IAM and machine identity risks, practice real-world attacks, and use tools like IAM analyzers to detect Broken Access Control. The section ends with strategies to prevent privilege escalation.
Topics covered
- Cloud Identity and Access Management
- Cloud Managed Identity and Metadata
- Broken Access Control and Policy Analysis
- IAM Privilege Escalation
Labs
- IAM Fundamentals
- Virtual Machine Credential Exposure
- Broken Access Control and Policy Analysis
- IAM Privilege Escalation
- Bonus Challenges (Section 1)
Section 2Cloud Private Networks and Endpoints
Section 2 focuses on securing cloud infrastructure and data by locking down network access. Students learn to restrict traffic, secure VMs, use private endpoints for PaaS, prevent RCE with data exfiltration, and analyze flow logs to detect malicious activity across all three major clouds.
Topics covered
- Cloud Virtual Networks
- Protecting Public Virtual Machines
- Private Endpoint Security and Abuse
- Enabling Traffic Monitoring
Labs
- Control Ingress Traffic
- Protecting Public Virtual Machines
- Control Egress Traffic with Private Endpoints
- Remote Code Execution via Private Endpoint Abuse
- Bonus Challenges (Section 2)
Section 3Cloud Data Security and GenAI Controls
Section 3 focuses on cloud data security, covering encryption, secure storage, ransomware defense, and access control. Students explore key management, in-transit encryption, and advanced storage protections like file versioning, data retention, and detecting sensitive data exposure.
Topics covered
- Cryptographic Key Management
- Encryption with Cloud Services
- Cloud Storage Platforms
- GenAI-Driven Mitigations
- Securing Cloud GenAI Infrastructure
Labs
- Detect and Prevent Improper Key Usage
- Recover From Ransomware
- GenAI-Driven Mitigations
- Securing Cloud GenAI Infrastructure
- Bonus Challenges (Section 3)
Section 4Serverless Workloads and End-User Security
Section 4 covers securing cloud app infrastructure and users, starting with serverless FaaS benefits and risks. Students harden real serverless functions, explore Customer Identity and Access Management (CIAM) threats like account takeover via Amazon Cognito, and protect the most critical services in Google Cloud’s Firebase platform.
Topics covered
- Cloud Serverless Functions
- Cloud Customer Identity and Access Management
- Firebase Databases and Google Cloud Implications
Labs
- Serverless Prey
- Harden Serverless Functions
- Using and Exploiting CIAM
- Broken Firebase Database Access Control
- Bonus Challenges (Section 4)
Section 5Multicloud, CSPM, and Third-Party Integrations
The final section covers multicloud operations, focusing on IAM risks, safe credential use, and Workload Identity Federation. Students automate security checks with CSPM tools, explore trust issues with third-party platforms, and study how to mitigate a real cloud security vendor vulnerability using Microsoft Defender as a case study.
Topics covered
- Multicloud Access Management
- Cloud Security Posture Management
- Vendor Integration and Multicloud Security
- Summary and Additional Resources
Labs
- Secure Multicloud Integration
- Automated Benchmarking
- Prevent Cross-Cloud Confused Deputy
- Bonus Challenges (Section 5)
Things You Need To Know
Relevant Job Roles
Cloud Security Engineer
Cloud SecurityBuilding security solutions for cloud workflows
Explore learning pathCloud Security Analyst
Cloud SecurityUsing cloud security solutions to respond to incidents and enable defenses
Explore learning pathCybersecurity Architecture (OPM 652)
NICE: Design and DevelopmentResponsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.
Explore learning pathTechnology Research and Development (OPM 661)
NICE: Design and DevelopmentResponsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning pathEnterprise Architecture (OPM 651)
NICE: Design and DevelopmentResponsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Explore learning pathSecure Systems Development (OPM 631)
NICE: Design and DevelopmentResponsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Location & instructorDate & TimeCourse priceRegistration Options
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$8,900 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price¥1,335,000 JPY*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price£7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout
- Date & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes
- Location & instructor
Madrid, ES
Date & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxesRegistration Options
Showing 10 of 13
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4One of the best SANS courses I have taken. I am going to recommend this training to other company InfoSec Professionals in our company.
- Slide 2 of 4I maintain that this is the single best SANS class available (and I just got my 8th cert). If you can only take one course - this is the one.
- Slide 3 of 4If you Cloud, you need this course - <period>.
- Slide 4 of 4I would definitely recommend this course. I consider the security topics covered to be critical knowledge for companies that are hosting in the cloud. The course content has been very well put together, well researched, and is very applicable.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources