Talk With an Expert

SEC573: Automating Information Security with Python

SEC573Cyber Defense
  • 6 Days (Instructor-Led)
  • 36 Hours (Self-Paced)
Course created by:
Mark Baggett
Mark Baggett
SEC573: Automating Information Security with Python
Course created by:
Mark Baggett
Mark Baggett
  • GIAC Python Coder (GPYC)
  • 36 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • 128 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Learn Python in depth and gain essential skills for customizing and developing your own information security tools.

Course Overview

Are you ready to embrace the AI revolution or cloud automation and tackle the dynamic challenges of today’s cybersecurity landscape? The skill you need is PYTHON. Want to harness massive data streams for real-time threat detection, leverage data science to uncover hidden attack patterns, or build custom tools to outpace adversaries? From AI-driven anomaly detection to advanced data analytics, Python is the backbone of modern infosec, data science, machine learning, and automation. Do you need to hunt attackers in cloud environments, analyzing forensic artifacts, or developing penetration testing exploits? Without Python your options are limited.

Python for cyber security is the must-have skill for defending modern networks. Python equips you to stay ahead in a world where threats evolve faster than ever. And SEC573 gives you just what you need to get started. Have you ever wondered why so many SANS courses include a crash course in Python? It’s because you can’t finish the labs and master those essential skills without it.

When you’re ready to stop treating Python as optional—and start wielding it as your infosec superpower—you’re ready for SEC573. This course also prepares you for the GPYC certification (GIAC Python Coder), which validates your ability to apply Python to solve real-world cybersecurity problems.

What You’ll Learn

  • Leverage Python to perform routine tasks quickly and efficiently
  • Automate log analysis and packet analysis with file operations, regular expressions, and analysis modules to find evil
  • Develop forensics tools to carve binary data and extract new artifacts
  • Read data from databases and the Windows Registry
  • Interact with websites to collect intelligence
  • Develop UDP and TCP client and server applications
  • Automate system processes and process their output

Business Takeaways

  • Automate system processes and process their input quickly and efficiently
  • Create programs that increase efficiency and productivity
  • Develop tools to provide the vital defenses our organizations need

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC573: Automating Information Security with Python.

Section 1Essentials Workshop with pyWars

The course launches with a fast-paced Python intro and the pyWars lab environment, backed by more than 100 hands-on labs. Beginners master the fundamentals, while advanced students dive into bonus challenges. You'll gain the skills to build Python tools for AI, cloud, pen testing, network defense, and beyond—no filler, just what gets results.

Topics covered

  • Variables and Math Operators
  • Strings and Functions
  • Control Statements
  • Modules & VMs

Section 2Essentials Workshop with MORE pyWars

This section strengthens your core Python skills with hands-on labs on essential data structures like lists and dictionaries, managing isolated environments with venv, and mastering advanced debugging in VS Code. These skills are foundational across many fields, from software development to cybersecurity and data science.

Topics covered

  • Python Virtual Environments
  • Lists, Loops, and Tuples
  • Dictionaries
  • Debugging with Visual Studio Code

Section 3Defensive Python

In the role of a network defender, you’ll analyze logs and packet captures to identify indicators of compromise. You’ll develop scripts for continuous monitoring and master file handling, data analysis and working with network packets—fundamental skills for threat detection, incident response, and broader security operations.

Topics covered

  • File Operations and Python Sets
  • Log Parsing, Data Analysis Tools and Techniques
  • Long-Tail/Short-Tail Analysis
  • Geolocation Acquisition
  • Packet Analysis and Reassembly

Section 4Forensics Python

In this forensics-themed section, you’ll develop the skills to manually extract and analyze digital artifacts in the absence of automated tools. You'll work with embedded data in disk images, SQL databases, and web content, and extract critical metadata—capabilities essential across incident response, threat hunting, and investigative roles.

Topics covered

  • Disk, Memory, and Network Analysis
  • File Carving and Binary Structures
  • Image and SQL Data Extraction
  • Window Registry IO
  • Web Requests and API Usage

Section 5Offensive Python

In this offensive-themed section, you’ll build a custom remote access agent to bypass defenses when standard tools fail. Skills like process interaction, error handling, and TCP communication, while offensive in context, are essential across many cybersecurity roles.

Topics covered

  • Network Socket Operations
  • Exception Handling and Process Execution
  • Blocking and Non-blocking Sockets
  • Using the Select Module for Asynchronous Operations
  • Python Objects

Section 6Capture-the-Flag Challenge

The Capstone section challenges students to apply their skills in real-world scenarios—exploiting systems, analyzing packets, parsing logs, automating tasks, and interacting with websites. Live students compete as teams, while OnDemand students tackle challenges independently, with expert support available when needed.

Things You Need To Know

Relevant Job Roles

Digital Forensics Analyst

Digital Forensics and Incident Response

This expert applies digital forensic skills to a plethora of media that encompass an investigation. The practice of being a digital forensic examiner requires several skill sets, including evidence collection, computer, smartphone, cloud, and network forensics, and an investigative mindset. These experts analyze compromised systems or digital media involved in an investigation that can be used to determine what really happened. Digital media contain footprints that physical forensic data and the crime scene may not include.

Explore learning path

Blue Teamer - All Around Defender

Cyber Defense

This job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us
Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by Mark Baggett
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Virtual (live)

    Instructed by Joshua Barone
    Date & Time
    Fetching schedule..View event details
    Course price
    €8,230 EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Chicago, IL, US & Virtual (live)

    Instructed by Joshua Barone
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Las Vegas, NV, US & Virtual (live)

    Instructed by Mark Baggett
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Rockville, MD, US & Virtual (live)

    Instructed by Michael Murr
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Austin, TX, US & Virtual (live)

    Instructed by Michael Murr
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    London, GB & Virtual (live)

    Instructed by Mark Baggett
    Date & Time
    Fetching schedule..View event details
    Course price
    £7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout
    Registration Options
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Instructed by Mark Baggett
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
Showing 8 of 14

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources