Major Update

SEC488: Cloud Security Essentials™

GIAC Cloud Security Essentials (GCLD)
GIAC Cloud Security Essentials (GCLD)
  • In Person (6 days)
  • Online
36 CPEs

Even if your organization excels at securing on-premises environments, the transition to the cloud presents unique challenges that may leave you unprepared. Globally, organizations are rapidly adopting cloud technologies without fully grasping key security issues such as configuring environments to protect sensitive data, maintaining compliance with regulations, and detecting unauthorized access. Many cloud security courses fall short by focusing too much on theory. SEC488: Cloud Security Essentials addresses these challenges with over 20 practical, hands-on labs, a Capstone Capture the Flag event, and top-tier content to help you build a secure cloud foundation.

What You Will Learn

Essential knowledge for a secure cloud environment

Imagine becoming the cloud security expert your organization desperately needs. With attackers relentlessly targeting cloud vulnerabilities, it's crucial to have robust defenses in place. SEC488 is your gateway to mastering cloud security and ensuring a seamless, secure cloud migration. This course doesn't just teach you the theory--it immerses you in real-world, technical challenges, equipping you with the skills to tackle identity guardrails, cloud storage, virtual machines, automation, remote management, and more. Dive into critical issues like Identity and Access Management (IAM) and securing S3 Buckets and emerge with the confidence to mitigate risks during lift-and-shift transitions.

SEC488 goes beyond conventional learning. You'll engage in dynamic, hands-on labs within actual cloud service provider (CSP) environments on AWS and Azure. Experience the thrill of live-fire exercises and a Capstone Capture the Flag event that puts your skills to the test. Learn to effectively limit and mitigate the impact of cloud security breaches and prevent costly disruptions like service shutdowns or unauthorized bitcoin mining operations. This course not only enhances compliance and protects your organization's reputation and assets, but also boosts employee retention and team knowledge. Elevate your cloud security expertise with SEC488 and become the defender your organization relies on.

"Solid content, good pace, and great explanations, plus it's helpful to see how all of these cloud and security concepts can be integrated and applied in real life." Craig Harris, SMBC

What Is Cloud Security?

Cloud security involves adapting traditional security practices to the public cloud environment by leveraging the shared responsibility model. It requires applying vendor-provided controls to protect applications, data, and brand within the cloud environment. Effective cloud security includes Identity and Access Management (IAM), data protection, network security, and continuous monitoring to safeguard cloud resources and maintain a strong security posture.

Business Takeaways

  • Minimize Your Cloud Risk: Proactively secure your cloud environments to significantly reduce vulnerabilities.
  • Safeguard Computational Resources: Ensure your budget remains intact by protecting your computing power.
  • Enhance Compliance: Elevate your cloud security compliance to meet and exceed regulatory standards.
  • Boost Efficiency: Leverage automation to streamline operations and enhance overall productivity.
  • Strengthen Workforce Retention: Enhance organizational security, leading to increased employee satisfaction and retention.
  • Protect Brand Reputation: Maintain and enhance your organization's brand by securing your cloud operations.
  • Build Customer Trust: Increase customer confidence with robust and reliable cloud security measures.

Skills Learned

  • Uncover Cloud Security Weaknesses: Gain the expertise to identify gaps in your organization's cloud security posture.
  • Master Cloud Security Communication: Confidently discuss cloud security concepts with both technical experts and leadership.
  • Guide Through Cloud Challenges: Skillfully navigate your organization through the evolving landscape of cloud security issues and opportunities.
  • Identify Cloud Service Risks: Recognize and assess risks associated with different cloud service provider (CSP) offerings.
  • Choose Effective Security Controls: Select the right security measures for various cloud network security architectures.
  • Critically Evaluate CSPs: Assess CSPs based on their security documentation, controls, and audit reports.
  • Leverage Leading CSP Services: Use services from top CSPs like AWS, Azure, and GCP with confidence.
  • Safeguard Sensitive Information: Protect secrets and sensitive data within cloud environments.
  • Ensure Accountability with Cloud Logging: Utilize cloud logging capabilities to establish event accountability.
  • Assign Risk Control Responsibility: Determine risk control ownership based on CSP deployment and service models.
  • Evaluate CSP Trustworthiness: Assess the reliability of CSPs using their security documentation, features, and third-party attestations.
  • Secure CSP Management Access: Effectively manage secure access to CSP management consoles and environments.
  • Conduct Comprehensive Pen Testing: Perform penetration testing following AWS and Azure guidelines to secure full-stack cloud applications.
  • Implement Native Network Controls: Deploy native network security controls in AWS and Azure.

Hands-On Cloud Security Training

Just like advanced flight simulators for commercial pilots, the SEC488 lab environment immerses students in practical, real-world exercises to apply the theory and skills learned during lectures. With 15 hours dedicated entirely to hands-on keyboard experiences, students gain the ability to "fly the plane" rather than just read the manual. Students rave about the SEC488 exercises because they are effective! Continuously updated to match vendor changes, the SEC488 labs are resilient, and students get extended access to lab content via the course lab workbook.

This multicloud, immersive lab environment features a variety of cloud resources such as virtual machines, storage services, and security tools, all configured to simulate real-world scenarios. This setup gives students comprehensive exposure to different cloud service providers. The "choose your own adventure" format allows students to select their preferred cloud vendor for each lab, whether it's AWS or Azure, across 20 labs and a gamified capture the flag in Section 6.

Labs offer a vital opportunity to apply theoretical knowledge in a controlled setting, helping students solidify their understanding of cloud security principles. By actively engaging in these repeatable labs, students can practice and hone their skills, ensuring they are well-prepared to tackle cloud security challenges in their organizations from day one back in the office.

"As a relative cloud newb, this course has really allowed me to understand how to best secure the cloud. My day to day role doesn't allow for hands on work so I've particularly enjoyed the labs." - Will Hotard, State of Louisiana OTS

"The labs serve to both break up a fairly intensive academic upskilling, and also to teach you how to apply the knowledge correctly and safely, allowing you to secure your cloud environment with confidence and ease." - Matt Hunter, National E-Crime Team

"I appreciate the thorough information, and how it is delivered. Plus the steps are very helpful and easy to follow." - Taylor Ripplinger, Encompass Health

Syllabus Summary

  • Section 1: Utilize Identity and Access Management (IAM) to secure cloud accounts and implement least privilege access.
  • Section 2: Focus on securing compute instances and managing configurations within cloud environments.
  • Section 3: Learn to protect data through a variety of stringent protection mechanisms.
  • Section 4: Explore network security controls and logging to monitor and manage cloud data flows.
  • Section 5: Understand compliance requirements, perform penetration testing, and respond to incidents in the cloud.
  • Section 6: Apply all learned skills in a comprehensive CloudWars challenge to reinforce cloud security concepts.

Additional Free Resources

What You Will Receive

  • AWS and Azure provisioned accounts
  • MP3 audio files of the complete course lectures
  • Printed and Electronic courseware
  • Extended access to the course's 20+ lab exercises

What Comes Next?

Depending on your professional goals and direction, SANS offers a number of follow-on courses to SEC488.

Cloud Security Analyst

Cloud Security Engineer

Cloud Security Architect

Cloud Security Management / Leadership

Syllabus (36 CPEs)

Download PDF
  • Overview

    The first section of this cloud security course focuses on Identity and Access Management (IAM). Students will quickly understand IAM's critical role in protecting cloud accounts. By the end of this section, students will be able to:

    • Identify security vulnerabilities in their cloud account's IAM service
    • Implement least privilege access in cloud accounts
    • Discover and protect secrets related to cloud service authentication
    • Use cloud vendor IAM tools to automate the detection of security issues
    Exercises
    • User Inventory and Configurations
    • Adventures in Least Privilege
    • Application Credentials
    • Metadata Services
    Topics
    • Course Overview
    • Cloud Accounts and Groups
    • Policies and Permissions
    • Identity Guardrails
    • Temporary Credentials and Secrets Management
    • Customer Account Management
    • Cloud Resource and External Identities
    • More IAM Best Practices
  • Overview

    The second section will cover ways to protect the compute elements in cloud providers' Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings. Students will determine early on that there is much more complexity when launching instances or virtual machines in the cloud as opposed to on-premises. As the section progresses, students will learn to:

    • Securely deploy a compute instance/virtual machine in CSP environments
    • Maintain the running instance throughout its lifecycle
    • Create hardened images for re-use in the organization
    • Understand the various threats that could affect cloud-based applications
    • Leverage Infrastructure as Code (IaC) not only to automate operations, but also automate security configurations
    Exercises
    • Secure VM Deployment
    • Automated Image Build
    • Which Reality?
    • Infrastructure as Code Analysis
    Topics
    • Secure Instance/ Virtual Machine Deployment
    • Host Configuration Management
    • Image Management
    • Application Security
    • Threat Modeling
    • Platform as a Service (PaaS) and Software as a Service (SaaS) Challenges
    • Container Services
    • Infrastructure as Code
  • Overview

    The third section will first focus on the protection of data in cloud environments. All too often, we are reading news articles about breaches that, very frequently, come down to a misconfiguration of a cloud service. Students will learn just what to look out for regarding these misconfiguration as well as:

    • Lock down cloud storage to prevent spillage of sensitive information
    • How to properly identify and classify their organization's data in various cloud services
    • Encrypt data where it resides and as it traverses networks
    • Ensure the data is available when it is required
    • Identify gaps in cloud-based productivity service
    Exercises
    • Public Storage Blunders
    • Sensitive Data Hunting
    • Data in Transit Encryption
    • Cloud Data Lifecycle Management
    Topics
    • Legal and Contractual Concerns
    • Cloud Storage
    • Availability
    • Data Hunting
    • Data at Rest Encryption
    • Data in Transit
    • Productivity Services
    • Lifecycle Management
  • Overview

    Section 4 is where many network security analysts, engineers, and architects will begin salivating as they will do a deep dive into the ins and outs of cloud networking and log generation, collection, and analysis to set themselves up for success to defend their IaaS workloads. Students will learn to:

    • Learn how to control cloud data flows via network controls
    • Add segmentation between compute resources of varying sensitivity levels
    • Generate the proper logs, collect those logs, and process them as a security analyst
    • Increase the effectiveness of their security solutions by gaining more network visibility
    • Detect treats in real time as they occur in the cloud
    Exercises
    • Restricting Network Access
    • Web Application Firewall (WAF)
    • Cloud Services Logging
    • IaaS Logging
    Topics
    • Public Cloud Networking
    • Remote Management of IaaS Systems
    • Segmentation
    • Network Protection Services
    • Cloud Logging Services
    • Log Collection and Analysis
    • Network Visibility
    • Cloud Detection Services
  • Overview

    In the fifth section, we'll dive headfirst into compliance frameworks, audit reports, privacy, and eDiscovery to equip you with the information and references to ensure that the right questions are being asked during CSP risk assessments. After covering special-use cases for more restricted requirements that may necessitate the AWS GovCloud or Azure's Trusted Computing, we'll delve into penetration testing in the cloud and finish the day with incident response and forensics. Student will learn to:

    Learn how Cloud Access Security Broker (CASB), Cloud Workload Protection Platform (CWPP), and Cloud Security Posture Management (CSPM) tools operate and what benefit they may add to the organization

    Leverage the Cloud Security Alliance Cloud Controls Matrix to select the appropriate security controls for a given cloud network security architecture and assess a CSP's implementation of those controls using audit reports and the CSP's shared responsibility model

    Use logs from cloud services and virtual machines hosted in the cloud to detect a security incident and take appropriate steps as a first responder according to a recommended incident response methodology

    Perform a preliminary forensic file system analysis of a compromised virtual machine to identify indicators of compromise and create a file system timeline

    Exercises
    • Cloud Native Security Assessment
    • Cloud Custodian
    • Cloud Penetration Testing
    • Tripwires
    Topics
    • Cloud Inventory
    • Security Assurance and Cloud Auditing
    • Privacy and Risk Management
    • CASBs, CSPMs, and CWPPs
    • Preparing for Cloud Penetration Tests
    • Conducting Cloud Penetration Tests
    • Incident Response and Forensics
    • Serverless for Defenders
  • Overview

    This final section of this cloud security training course consists of a multi-hour, CloudWars competition to reinforce the topics covered in books 1-5. Through this friendly competition, students will answer several challenges made up of multiple choice, fill-in-the-blank, as well as hands-on and validated exercises performed in two CSP environments. They will be given brand-new Infrastructure as Code to deploy in two different cloud vendors and will be tasked to take this very broken environment and make the appropriate changes to increase its overall security posture.

GIAC Cloud Security Essentials

The GIAC Cloud Security Essentials (GCLD) certification validates a practitioner's ability to implement preventive, detective, and reactionary techniques to defend valuable cloud-based workloads.

  • Evaluation of cloud service provider similarities, differences, challenges, and opportunities
  • Planning, deploying, hardening, and securing single and multi-cloud environments
  • Basic cloud resource auditing, security assessment, and incident response
More Certification Details

Prerequisites

  • Basic understanding of TCP/IP and network security concepts.
  • Familiarity with general information security principles.
  • Knowledge of common cloud technology concepts (e.g., virtual machines, cloud storage) is beneficial.
  • Experience with the Linux command-line or cloud environments is a plus but not required.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

Mandatory SEC488 System Hardware Requirements
  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.
Mandatory SEC488 Host Configuration And Software Requirements
  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.

Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.

If you have additional questions about the laptop specifications, please contact customer service.

Author Statement

"More businesses than ever are shifting mission-critical workloads to the cloud. And not just one cloud - research shows that most enterprises are using up to five different cloud providers. Yet, cloud security breaches happen all the time and many security professionals feel ill-prepared to deal with this rampant change. SEC488 equips students to view the cloud through a lens informed by standards and best practices to rapidly identify security gaps. It provides class participants with hands-on tools, techniques, and patterns to shore up their organization's cloud security weaknesses."

- Ryan Nicholson

"Ryan is a content expert and it shows." - Soumya P., Ernst & Young

"Ryan is terrific. His pace and speaking style are relaxed and easy to follow. Yet, it's easy to see he really knows a ton about this, and probably many other, topics. And he's always asking for feedback and checking to make sure everyone is following along OK." - Matt B., US Government

Reviews

This course is exactly what I hoped it would be. Teaching me Cloud from an IT Cloud Engineer perspective, but with a Security lens.
Jonathan Stohler
Boys Town
Real world practicality of the labs has enabled me to envision how to explore and implement cloud best practices, tests, configurations, and the like which I found to be very valuable.
Emmanuel Ekochu
USDA
I learned a lot, went deeper technically than I expected to, and feel like this was absolutely a great use of my time. The instructors and TAs are top notch and made my experience taking this course a very positive one.
Marni Reemer
AWS

    Register for SEC488

    Learn about Group Pricing

    Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.

    Loading...