SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
AI-FOCUSEDMajor updates
SEC573: AI-Powered Security Automation: Building Tools with Python, LLMs, and MCP
SEC573Cyber Defense, Artificial Intelligence
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course authored by:
Mark Baggett
Course authored by:Mark Baggett
- GIAC Python Coder (GPYC)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Advanced Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 128 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Learn how we can leverage Agentic AI development and Python as security professionals. From the Python essentials to developing AI Agents for your own information security tools.
Featured Quote
I have had a few Python courses in the past in school, but I am already learning new things and ways to find new information on Day 1.
Course Overview
Are you ready to supercharge your cybersecurity career with AI-driven automation and tackle the evolving threats in today's digital landscape? The key is mastering AI integration through practical tools like MCP (Message Context Protocol) and OpenAI agents, all built on accessible Python foundations. Want to leverage AI for real-time anomaly detection, automate analysis of forensic artifacts, or develop custom agents that uncover hidden attack patterns and outpace adversaries? From building AI-powered log analysts to integrating automation frameworks like n8n to writing stand along autonomous AI agents, this course equips you with the skills to harness massive data streams, enhance forensics, and create intelligent defenses that keep you ahead.
SEC573: AI-Powered Security Automation positions AI as the core of modern infosec. You will be taught to write and debug Python code. And when the code gets a little too complex you will learn to leverage AI code writing agents to "Vibe code" a solution to today complex problems. Have you ever wondered why so many SANS courses touch on the Python basics? It's because mastering Python is essential for completing advanced labs and staying relevant in fields like data science, machine learning, and penetration testing. This class will teach you the essentials and how to leverage AI to write, explain and enhance your Python programs to solve real-world problems.
When you're ready to elevate AI from a buzzword to your infosec superpower, SEC573 delivers exactly what you need to get started. This course also prepares you for the GPYC certification (GIAC Python Coder), validating your ability to apply AI and Python to solve real-world cybersecurity challenges.
What You’ll Learn
- Leverage AI to develop new tools to perform routine tasks quickly and efficiently.
- Automate log analysis and packet analysis with AI agents, file operations, regular expressions, and analysis modules to detect threats
- Develop forensics tools to carve binary data, process unstructured AI data, and extract new artifacts
- Read data from databases and the Windows Registry to support AI-driven for investigations and tool development
- Interact with websites and APIs to enrich logs and AI prompts to accomplish information security tasks
- Develop MCP servers and OpenAI agents for advanced automation and threat identification and response
- Understand prompt injection attacks and build secure AI integrations
Business Takeaways
- Automate system processes with AI to handle inputs quickly and efficiently
- Create AI-driven programs that increase efficiency and productivity
- Develop intelligent tools to provide the vital defenses our organizations need
- Integrate AI agents for proactive threat detection and response
- Streamline forensics and incident response with custom AI automations
- Enhance cloud and network security through AI-powered monitoring and analysis
- Build resilient systems against emerging threats using MCP and OpenAI technologies
Meet Your Author
Mark Baggett
FellowSANS Faculty Fellow Mark Baggett authored SEC573 and SEC673, leads as CTO of the SANS Internet Storm Center, and empowers defenders to automate security through practical, real-world application.
Read more about Mark BaggettCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC573: Automating Information Security with Python.
Section 1Essentials Workshop with pyWars
In this section, you'll learn the essential portions of Python coding and how to leverage AI code writing agents to develop powerful Python applications. You'll learn how to leverage AI and Python to process various types of data essential for offensive, defensive and forensics information security tasks.
Topics covered
- Leveraging AI and Vibe Coding
- The Essentials of Python Coding
- Variables and Math Operators
- Strings and Functions
- Visual Studio Code and Debugging Code
Section 2Essentials Workshop with MORE pyWars
This section strengthens your core Python skills with hands-on labs on essential data structures like lists and dictionaries, managing isolated environments with venv, and mastering advanced debugging in VS Code. These skills are foundational across many fields, from software development to cybersecurity and data science.
Topics covered
- Python Virtual Environments
- Python Modules
- Lists, Loops, and Tuples
- Dictionaries
- Tips Tricks and Shortcuts
Section 3Defensive Python
This section focuses on leveraging AI and Python to automate log analysis. You’ll learn how to develop MCP servers that can give AI access to your internal files. You’ll learn the limitations of AI and strategies for making them more effective. You'll learn to extract meaningful and important information with regular expressions and data analysis techniques.
Topics covered
- File Operations
- Leveraging Code writing Agents and “Vibe Coding”
- Developing MCP Server Leveraging Automation Frameworks like n8n
- Targeting Useful data with Regular Expressions
- Log Parsing, Data Analysis Tools and Techniques
Section 4Forensics Python
In this forensics-themed section, you’ll develop the skills to manually extract and analyze digital artifacts in the absence of automated tools. You'll work with embedded data in disk images, SQL databases, and web content, and extract critical metadata—capabilities essential across incident response, threat hunting, and investigative roles.
Topics covered
- Disk, Memory, and Network Analysis
- File Carving and Binary Structures
- Image and SQL Data Extraction
- Window Registry IO
- Web Requests and API Usage
Section 5Offensive Python
In this offensive-themed section, you’ll build a custom remote access agent to bypass defenses when standard tools fail. Skills like process interaction, error handling, and TCP communication, while offensive in context, are essential across many cybersecurity roles.
Topics covered
- Network Socket Operations
- Exception Handling and Process Execution
- Blocking and Non-blocking Sockets
- Using the Select Module for Asynchronous Operations
- Python Objects
Section 6Capture-the-Flag Challenge
The Capstone section challenges students to apply their skills in real-world scenarios—exploiting systems, analyzing packets, parsing logs, automating tasks, and interacting with websites. Live students compete as teams, while OnDemand students tackle challenges independently, with expert support available when needed.
Things You Need To Know
Relevant Job Roles
Data Analysis (OPM 422)
NICE: Implementation and OperationResponsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.
Explore learning pathTechnology Research and Development (OPM 661)
NICE: Design and DevelopmentResponsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning pathMalware Analyst
Digital Forensics and Incident ResponseMalware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. You look deep inside malicious software to understand the nature of the threat – how it got in, what flaw it exploited, and what it has done, is trying to do, or has the potential to achieve.
Explore learning pathDigital Forensic Analyst Training, Salary, and Career Path
Digital Forensics and Incident ResponseThis expert applies digital forensic skills to a plethora of media that encompass an investigation. The practice of being a digital forensic examiner requires several skill sets, including evidence collection, computer, smartphone, cloud, and network forensics, and an investigative mindset. These experts analyze compromised systems or digital media involved in an investigation that can be used to determine what really happened. Digital media contain footprints that physical forensic data and the crime scene may not include.
Explore learning pathDigital Forensics (OPM 212)
NICE: Protection and DefenseResponsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.
Explore learning pathMilitary Operations / Law Enforcement Agents
Digital Forensics and Incident ResponseExecute digital forensic operations under demanding conditions, rapidly extracting critical intelligence from diverse devices. Leverage advanced threat hunting and malware analysis skills to neutralize sophisticated cyber adversaries.
Explore learning pathVulnerability Assessment
SCyWF: Protection And DefenseThis role tests IT systems and networks and assesses their threats and vulnerabilities. Find the SANS courses that map to the Vulnerability Assessment SCyWF Work Role.
Explore learning pathMedia Exploitation Analyst
Digital Forensics and Incident ResponseThis expert applies digital forensic skills to a plethora of media that encompasses an investigation. If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked, damaged or used in a crime, this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
Location & instructorDate & TimeCourse priceRegistration Options
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesBuy now for access on Mar 27. Use code Presale10 for 10% off course price!Registration Options
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price€8,230 EUR*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price£7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout
- Date & TimeFetching schedule..Course price$8,780 USD*Prices exclude applicable local taxes
Showing 9 of 9
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3Python is a tool required in the world of InfoSec, and SEC573 helped me build that tool belt.
- Slide 2 of 3Very well put together. I have been afraid of learning how to code for years. Within the first days' worth of material my mind has been put at ease.
- Slide 3 of 3SEC573 is excellent. I went from having almost no Python coding ability to being able to write functional and useful programs.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources