homepage
Open menu
Go one level top
  • Train and Certify
    • Overview
    • Get Started in Cyber
    • Courses
    • GIAC Certifications
    • Training Roadmap
    • OnDemand
    • Live Training
    • Summits
    • Cyber Ranges
    • College Degrees & Certificates
    • Scholarship Academies
    • NICE Framework
    • Specials
  • Manage Your Team
    • Overview
    • Group Purchasing
    • Why Work with SANS
    • Build Your Team
    • Hire Cyber Talent
    • Team Development
    • Private Training
    • Security Awareness Training
    • Leadership Training
    • Industries
  • Resources
    • Overview
    • Internet Storm Center
    • White Papers
    • Webcasts
    • Tools
    • Newsletters
    • Blog
    • Podcasts
    • Posters & Cheat Sheets
    • Summit Presentations
    • Security Policy Project
  • Focus Areas
    • Cyber Defense
    • Cloud Security
    • Digital Forensics & Incident Response
    • Industrial Control Systems
    • Cyber Security Leadership
    • Offensive Operations
  • Get Involved
    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    • About SANS
    • Our Founder
    • Instructors
    • Mission
    • Diversity
    • Awards
    • Contact
    • Frequently Asked Questions
    • Customer Reviews
    • Press
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. SANS Cloud Security Curriculum
370x370_Frank-Kim.jpg
Frank Kim

SANS Cloud Security Curriculum

The SANS Cloud Security Curriculum is growing fast – like the Cloud itself.

March 25, 2022

SANS believes that the cloud is a transformative technology that will define the technology landscape for many years to come. Given the unmitigated growth of Cloud, we have launched the Cloud Security Curriculum to give you the training and skills you need to become a cloud security expert.

Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Download the SANS Cloud Security Curriculum Brochure here.

Description of a SANS Cloud Ace

Security Focused | Technically Capable | Forward Thinking | Aware of Bigger Picture | Knowledgeable | Confident

Slide_Cloud-Curriculum-Roadmap_220321.jpg

CURRENT SANS CLOUD SECURITY CURRICULUM

In Development Cloud Security Courses Coming in 2022

  • SEC388: Introduction to Cloud Computing and Security
  • SEC549: Enterprise Cloud Security Architecture

New Cloud Security Courses in 2021

  • FOR509: Cloud Forensics and Incident Response | 4 Days
  • SEC540: Cloud Security and DevSecOps Automation | 50%+ new content and new lab environment | GCSA
  • SEC522: Application Security: Securing Web Apps, APIs, and Microservices | GWEB
  • SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection | Now 5 Days
  • SEC557: Continuous Automation for Enterprise and Cloud Compliance | Now 5 Days

New Cloud Security Courses in 2020

    • SEC488: Cloud Security Essentials | 6 Days | GCLD
    • SEC510: Public Cloud Security: AWS, Azure, and GCP | GPCS | 5 Days + Extended Lab Hours
    • SEC541: Cloud Security Monitoring and Threat Detection | 3 Days
    • SEC557: Continuous Automation for Enterprise and Cloud Compliance | 3 Days
    • SEC584: Cloud Native Security: Defending Containers and Kubernetes | 3 Days
    • SEC588: Cloud Penetration Testing | 6 Days | GCPN
    • MGT516: Managing Security Vulnerabilities: Enterprise & Cloud | 5 Days
    • MGT520: Leading Cloud Security Design and Implementation | 3 Days

    Review the entire list of SANS In-development courses here. You may choose to sign up to stay informed on your specific interests.

    Cloud Job Roles Simplified

    In the Cloud, all things are dependent on applications, code, and automation. As such, our curriculum takes a holistic approach to Cloud Security. Courses range in complexity for those new to Cloud as well as those who have been around for the block a few times. If you are a developer, an architect, an engineer, an analyst, or a manger, the SANS Cloud Security Curriculum has training for you. If you are ready for deep, hands-on, highly technical, skill-specific training, we’re there for you. If you’re new to cybersecurity as a whole and want to start a journey in Cloud Security, we have you covered. Working with AWS? Azure? GCP? Multicloud? No problem, we’ve got the training you need.

    With the development of the larger curriculum, SANS has conscientiously looked at job roles, training needs within those roles, and how we help students progress along their professional cloud security journey. 

    • DevOps Professional – responsible for building applications and systems
    • Cloud Security Analyst – responsible for enabling defenses and analyzing issues
    • Cloud Security Engineer- responsible for building security capabilities
    • Cloud Security Architecture – responsible for designing
    • Cloud Security Manager – responsible for leading

    The flight plan below shows a natural progression for a professional to follow within a specific job role from baseline to advanced, specialized topics.

    FightPlan_-_JobRoleMap_220321.png

    SANS CLOUD SECURITY CURRICULUM FLIGHT PLAN BY JOB TITLE

    To help students find the best starting point, we have defined each level.

    Baseline – Courses that impart the baseline skills required of any information security professional involved in Cloud Security, whether active practitioner or manager

    Foundational – Courses that provide the basic knowledge to introduce students to a required skill set for the Cloud Security industry as a whole.

    Core – Courses that prepare professionals for more focused job functions in Cloud Security, including manager, architect, engineer, analyst, and developer.

    Specialization – Courses for critical, advanced skills, or specialized roles in Cloud Security

    Management - Courses for leaders, managers, directors developing a cloud security roadmap, plan, procurement models, and ensuring policy and procedure are defined to support cloud

    Why Take Cloud Security Training & Certification with SANS | GIAC?

    • Security-focused – technical training to properly secure services and workloads in the cloud
    • Holistic, Curated Curriculum – based on various job roles and focus areas
    • Multicloud Approach – training & comparisons on the Big 3 public cloud providers
    • Hands-On Labs – extensively focused on “the how” to properly deploy & secure a cloud environment using virtual machines, lab environments, and repeatable exercises
    • World-Class Instructors – versatile, real-world security practitioners authoring & instructing
    • Comprehensive Courseware – access to slides, notes, audio files, and labs for future reference
    • Certification Prep – specialized training that will help you prepare for a GIAC certification attempt

    Providing Intensive, Immersion Training That is Immediately Applicable
    We are here to help you get your hands dirty in cloud security training with re-deployable labs and a wealth of free training resources. Our curriculum has been developed through an industry consensus process and is a holistic approach to address public cloud. This includes multicloud, and hybrid-cloud scenarios for the enterprise and developing organizations alike. Don’t merely learn the ins-and-outs of one platform, as the future demands in-depth technical abilities coupled with security knowledge for each big cloud service provider.

    GIAC Certifications

    In addition to courses, we offer five GIAC certifications with plans for more in 2022.

    Cloud_Security_GIAC.png

    GCLD: GIAC Cloud Security Essentials

    GPCS: GIAC Public Cloud Security

    GCSA: GIAC Cloud Security Automation

    GCPN: GIAC Cloud Penetration Tester

    GWEB: GIAC Certified Web Application Defender

    Cloud Security CyberTalent Assessment

    NOW AVAILABLE!

    Whether you are looking to hire new employees for cybersecurity positions or creating opportunities for your existing talent, SANS CyberTalent can help ensure you find the right skills match for the job. According to the U.S. Department of Labor, the cost of a bad hire is at least 30 percent of the employee's first-year earnings - for a security analyst, that's $27,000+. You can't afford to get hiring wrong at a time when talent is increasingly difficult to find. SANS CyberTalent Assessments measure the aptitude and skills of cybersecurity professionals, allowing employers to create professional development and retention programs for existing employees or test and rank the skill sets of candidates to fill open positions.

    Cloud_CyberTalent.png

    Graduate Certificate Program in Cloud Security

    NOW AVAILABLE!

    Large and critical segments of enterprise networks are outsourced to cloud service providers (CSPs) such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). This creates new types of vulnerabilities and incredible opportunities for cybersecurity professionals with specialized skills. Designed for working information security professionals, the highly technical 12-credit-hour graduate certificate in Cloud Security prepares you to navigate your organization through the security challenges and opportunities presented by cloud service, and identify the risks of the various services offered by CSPs. You'll learn from some of the world's top cybersecurity experts, gain hands-on technical experience you can apply immediately on the job, and emerge with 4 industry-recognized GIAC certifications. This program is pending approval by the Maryland Higher Education Commission. A 100% online option is available.

    370x200_Red_STI.jpg

    Challenge Coins

    Hundreds of SANS Institute students have stepped up to the challenge and conquered. They’ve mastered the concepts and skills, beat out their classmates, and proven their prowess. These are the elite, the recipients of a SANS Challenge Coin, an award given to a select portion of the thousands of students that have taken any of theSANS courses.

    Coins_Cloud-Security-.1245x705jpg.jpg


    The following Cloud Security courses have Challenge Coins, with more to come in 2021!

    SEC488: Cloud Security Essentials

    SEC510: Public Cloud Security: AWS, Azure, & GCP

    SEC522: Application Security: Securing Web Apps, APIs, and Microservices

    SEC540: Cloud Security and DevSecOps Automation

    SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection

    SEC588: Cloud Penetration Testing

    MGT516: Managing Security Vulnerabilities: Enterprise and Cloud

    Free Resources

    SANS Cloud Security Curriculum Brochure

    Tools

    Posters & Cheat Sheets

    Webcasts

    Blogs

    SWAT Checklist

    sans.org/free

    Join Us On Social

    @SANSCloudSec

    linkedin.com/showcase/sanscloudsec

    YouTube.com/c/SANSCloudSecurity

    Purchase SANS Cloud Security Ace Gear!

    www.sansgear.com

    Press Releases

    SANS Cloud Security Curriculum Gaining Altitude, April 2021

    GIAC GCLD: New Cloud Security Essentials Certification, April 2021

    GIAC GCPN: New Cloud Penetration Tester Certification, Feb 2021

    SANS Cloud Security Curriculum Takes Flight, Dec 2020

    GIAC GCSA: New Cloud Security Automation Certification, April 2020

    Share:
    TwitterLinkedInFacebook
    Copy url Url was copied to clipboard
    Subscribe to SANS Newsletters
    Receive curated news, vulnerabilities, & security awareness tips
    United States
    Canada
    United Kingdom
    Spain
    Belgium
    Denmark
    Norway
    Netherlands
    Australia
    India
    Japan
    Singapore
    Afghanistan
    Aland Islands
    Albania
    Algeria
    American Samoa
    Andorra
    Angola
    Anguilla
    Antarctica
    Antigua and Barbuda
    Argentina
    Armenia
    Aruba
    Austria
    Azerbaijan
    Bahamas
    Bahrain
    Bangladesh
    Barbados
    Belarus
    Belize
    Benin
    Bermuda
    Bhutan
    Bolivia
    Bonaire, Sint Eustatius, and Saba
    Bosnia And Herzegovina
    Botswana
    Bouvet Island
    Brazil
    British Indian Ocean Territory
    Brunei Darussalam
    Bulgaria
    Burkina Faso
    Burundi
    Cambodia
    Cameroon
    Cape Verde
    Cayman Islands
    Central African Republic
    Chad
    Chile
    China
    Christmas Island
    Cocos (Keeling) Islands
    Colombia
    Comoros
    Cook Islands
    Costa Rica
    Croatia (Local Name: Hrvatska)
    Curacao
    Cyprus
    Czech Republic
    Democratic Republic of the Congo
    Djibouti
    Dominica
    Dominican Republic
    East Timor
    East Timor
    Ecuador
    Egypt
    El Salvador
    Equatorial Guinea
    Eritrea
    Estonia
    Ethiopia
    Falkland Islands (Malvinas)
    Faroe Islands
    Fiji
    Finland
    France
    French Guiana
    French Polynesia
    French Southern Territories
    Gabon
    Gambia
    Georgia
    Germany
    Ghana
    Gibraltar
    Greece
    Greenland
    Grenada
    Guadeloupe
    Guam
    Guatemala
    Guernsey
    Guinea
    Guinea-Bissau
    Guyana
    Haiti
    Heard And McDonald Islands
    Honduras
    Hong Kong
    Hungary
    Iceland
    Indonesia
    Iraq
    Ireland
    Isle of Man
    Israel
    Italy
    Jamaica
    Jersey
    Jordan
    Kazakhstan
    Kenya
    Kingdom of Saudi Arabia
    Kiribati
    Korea, Republic Of
    Kosovo
    Kuwait
    Kyrgyzstan
    Lao People's Democratic Republic
    Latvia
    Lebanon
    Lesotho
    Liberia
    Liechtenstein
    Lithuania
    Luxembourg
    Macau
    Macedonia
    Madagascar
    Malawi
    Malaysia
    Maldives
    Mali
    Malta
    Marshall Islands
    Martinique
    Mauritania
    Mauritius
    Mayotte
    Mexico
    Micronesia, Federated States Of
    Moldova, Republic Of
    Monaco
    Mongolia
    Montenegro
    Montserrat
    Morocco
    Mozambique
    Myanmar
    Namibia
    Nauru
    Nepal
    Netherlands Antilles
    New Caledonia
    New Zealand
    Nicaragua
    Niger
    Nigeria
    Niue
    Norfolk Island
    Northern Mariana Islands
    Oman
    Pakistan
    Palau
    Palestine
    Panama
    Papua New Guinea
    Paraguay
    Peru
    Philippines
    Pitcairn
    Poland
    Portugal
    Puerto Rico
    Qatar
    Reunion
    Romania
    Russian Federation
    Rwanda
    Saint Bartholemy
    Saint Kitts And Nevis
    Saint Lucia
    Saint Martin
    Saint Vincent And The Grenadines
    Samoa
    San Marino
    Sao Tome And Principe
    Senegal
    Serbia
    Seychelles
    Sierra Leone
    Sint Maarten
    Slovakia (Slovak Republic)
    Slovenia
    Solomon Islands
    South Africa
    South Georgia and the South Sandwich Islands
    South Sudan
    Sri Lanka
    St. Helena
    St. Pierre And Miquelon
    Suriname
    Svalbard And Jan Mayen Islands
    Swaziland
    Sweden
    Switzerland
    Taiwan
    Tajikistan
    Tanzania
    Thailand
    Togo
    Tokelau
    Tonga
    Trinidad And Tobago
    Tunisia
    Turkey
    Turkmenistan
    Turks And Caicos Islands
    Tuvalu
    Uganda
    Ukraine
    United Arab Emirates
    United States Minor Outlying Islands
    Uruguay
    Uzbekistan
    Vanuatu
    Vatican City
    Venezuela
    Vietnam
    Virgin Islands (British)
    Virgin Islands (U.S.)
    Wallis And Futuna Islands
    Western Sahara
    Yemen
    Yugoslavia
    Zambia
    Zimbabwe

    Recommended Training

    • SEC510: Public Cloud Security: AWS, Azure, and GCP
    • SEC505: Securing Windows and PowerShell Automation
    • MGT516: Managing Security Vulnerabilities: Enterprise and Cloud

    Tags:
    • Cloud Security

    Related Content

    Blog
    Penetration Testing and Ethical Hacking, Cloud Security
    January 7, 2022
    Password Hash Cracking in Amazon Web Services: Burning Your Way to Success
    This article will discuss the use of cracking cloud computing resources in Amazon Web Services (AWS) to crack password hashes.
    370x370_Michiel-Lemmens.jpg
    Michiel Lemmens
    read more
    Blog
    CloudSecNext_Ashton.png
    Cloud Security
    June 4, 2021
    A Visual Summary of SANS CloudSecNext Summit
    The SANS CloudSecNext was a free, global, virtual event for the community. Check out these graphic recordings created in real-time throughout the even
    Emily Blades
    read more
    Blog
    Penetration Testing and Ethical Hacking, Purple Team, Cloud Security
    June 3, 2021
    Build, Hack, and Defend Azure Identity - An Introduction to PurpleCloud Hybrid + Identity Cyber Range
    PurpleCloud is a Hybrid + Identity Cyber Security Range built for Azure Cloud with automated deployment scripts.
    370x370_Jason-Ostrom.jpg
    Jason Ostrom
    read more
    • Register to Learn
    • Courses
    • Certifications
    • Degree Programs
    • Cyber Ranges
    • Job Tools
    • Security Policy Project
    • Posters & Cheat Sheets
    • White Papers
    • Focus Areas
    • Cyber Defense
    • Cloud Security
    • Cyber Security Leadership
    • Digital Forensics
    • Industrial Control Systems
    • Offensive Operations
    Subscribe to SANS Newsletters
    Receive curated news, vulnerabilities, & security awareness tips
    United States
    Canada
    United Kingdom
    Spain
    Belgium
    Denmark
    Norway
    Netherlands
    Australia
    India
    Japan
    Singapore
    Afghanistan
    Aland Islands
    Albania
    Algeria
    American Samoa
    Andorra
    Angola
    Anguilla
    Antarctica
    Antigua and Barbuda
    Argentina
    Armenia
    Aruba
    Austria
    Azerbaijan
    Bahamas
    Bahrain
    Bangladesh
    Barbados
    Belarus
    Belize
    Benin
    Bermuda
    Bhutan
    Bolivia
    Bonaire, Sint Eustatius, and Saba
    Bosnia And Herzegovina
    Botswana
    Bouvet Island
    Brazil
    British Indian Ocean Territory
    Brunei Darussalam
    Bulgaria
    Burkina Faso
    Burundi
    Cambodia
    Cameroon
    Cape Verde
    Cayman Islands
    Central African Republic
    Chad
    Chile
    China
    Christmas Island
    Cocos (Keeling) Islands
    Colombia
    Comoros
    Cook Islands
    Costa Rica
    Croatia (Local Name: Hrvatska)
    Curacao
    Cyprus
    Czech Republic
    Democratic Republic of the Congo
    Djibouti
    Dominica
    Dominican Republic
    East Timor
    East Timor
    Ecuador
    Egypt
    El Salvador
    Equatorial Guinea
    Eritrea
    Estonia
    Ethiopia
    Falkland Islands (Malvinas)
    Faroe Islands
    Fiji
    Finland
    France
    French Guiana
    French Polynesia
    French Southern Territories
    Gabon
    Gambia
    Georgia
    Germany
    Ghana
    Gibraltar
    Greece
    Greenland
    Grenada
    Guadeloupe
    Guam
    Guatemala
    Guernsey
    Guinea
    Guinea-Bissau
    Guyana
    Haiti
    Heard And McDonald Islands
    Honduras
    Hong Kong
    Hungary
    Iceland
    Indonesia
    Iraq
    Ireland
    Isle of Man
    Israel
    Italy
    Jamaica
    Jersey
    Jordan
    Kazakhstan
    Kenya
    Kingdom of Saudi Arabia
    Kiribati
    Korea, Republic Of
    Kosovo
    Kuwait
    Kyrgyzstan
    Lao People's Democratic Republic
    Latvia
    Lebanon
    Lesotho
    Liberia
    Liechtenstein
    Lithuania
    Luxembourg
    Macau
    Macedonia
    Madagascar
    Malawi
    Malaysia
    Maldives
    Mali
    Malta
    Marshall Islands
    Martinique
    Mauritania
    Mauritius
    Mayotte
    Mexico
    Micronesia, Federated States Of
    Moldova, Republic Of
    Monaco
    Mongolia
    Montenegro
    Montserrat
    Morocco
    Mozambique
    Myanmar
    Namibia
    Nauru
    Nepal
    Netherlands Antilles
    New Caledonia
    New Zealand
    Nicaragua
    Niger
    Nigeria
    Niue
    Norfolk Island
    Northern Mariana Islands
    Oman
    Pakistan
    Palau
    Palestine
    Panama
    Papua New Guinea
    Paraguay
    Peru
    Philippines
    Pitcairn
    Poland
    Portugal
    Puerto Rico
    Qatar
    Reunion
    Romania
    Russian Federation
    Rwanda
    Saint Bartholemy
    Saint Kitts And Nevis
    Saint Lucia
    Saint Martin
    Saint Vincent And The Grenadines
    Samoa
    San Marino
    Sao Tome And Principe
    Senegal
    Serbia
    Seychelles
    Sierra Leone
    Sint Maarten
    Slovakia (Slovak Republic)
    Slovenia
    Solomon Islands
    South Africa
    South Georgia and the South Sandwich Islands
    South Sudan
    Sri Lanka
    St. Helena
    St. Pierre And Miquelon
    Suriname
    Svalbard And Jan Mayen Islands
    Swaziland
    Sweden
    Switzerland
    Taiwan
    Tajikistan
    Tanzania
    Thailand
    Togo
    Tokelau
    Tonga
    Trinidad And Tobago
    Tunisia
    Turkey
    Turkmenistan
    Turks And Caicos Islands
    Tuvalu
    Uganda
    Ukraine
    United Arab Emirates
    United States Minor Outlying Islands
    Uruguay
    Uzbekistan
    Vanuatu
    Vatican City
    Venezuela
    Vietnam
    Virgin Islands (British)
    Virgin Islands (U.S.)
    Wallis And Futuna Islands
    Western Sahara
    Yemen
    Yugoslavia
    Zambia
    Zimbabwe
    • © 2022 SANS™ Institute
    • Privacy Policy
    • Contact
    • Careers
    • Twitter
    • Facebook
    • Youtube
    • LinkedIn