SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class from a location near you or virtually from anywhere
Apply what you learn with hands-on exercises and labs
Harness GenAI, agentic AI, world-class automation, emulation and detection-as-code to unify red and blue operations into a continuous purple team model.
I highly recommend SEC598 for its exceptional blend of practical security automation across both offensive and defensive domains. The course stands out for its hands-on approach to automating real-world security scenarios. It successfully bridges the gap between theoretical knowledge and practical application, teaching students not just what to automate, but how to effectively implement and maintain security automation workflows.
SEC598: AI and Security Automation for Red, Blue, and Purple Teams empowers you to elevate your security program across offensive and defensive domains. Whether you're automating adversary emulation campaigns, building intelligent response workflows, or engineering detection-as-code pipelines, this course teaches you to harness AI-driven automation to outpace modern threats.
You’ll develop the skills to operationalize AI, agentic automation, detection-as-code, and SOAR while integrating GenAI and LLMs into enrichment and response workflows, deploying secure cloud infrastructure, and emulating attack techniques.
These capabilities are brought to life through 25 immersive labs and practical frameworks that unify red and blue team functions into continuous purple teaming—enabling you to automate offensive testing, scale cloud-native detection, and build AI-powered playbooks for faster, smarter, and more resilient cybersecurity operations.
Jeroen is the security architecture team lead and incident manager at NVISO where he specializes in security architecture, cloud security, and continuous security monitoring.
Read more about Jeroen VandeleurJason Ostrom has revolutionized cybersecurity by developing open-source tools like PurpleCloud and Automated Emulation, enabling scalable adversary emulation in cloud environments.
Read more about Jason OstromExplore the course syllabus below to view the full range of topics covered in SEC598: AI and Security Automation for Red, Blue, and Purple Teams.
Build the foundation for modern security automation by understanding why AI and automation matter now. Learn how to secure AI systems, leverage AI for security, and integrate automation strategies that scale across hybrid cloud environments and SOC operations.
This section focuses on practical automation workflows using PowerShell, Terraform, Ansible, Python, and Jupyter Notebook. Students will learn how to build secure infrastructure-as-code deployments, create automated firing ranges, engineer SOAR playbooks, and develop AI-driven agentic workflows for next-generation SOC operations.
This section covers cloud-native security automation across Microsoft Azure and AWS. You will learn to enforce security policies, automate response workflows, integrate AI services, and deploy offensive and defensive automation, including AI-driven Kubernetes attack simulation and continuous security testing with GenAI-powered agents.
This section explores offensive automation using AI-powered red team agents, adversary emulation frameworks, and CI/CD-driven continuous testing. Students will learn to leverage MITRE ATT&CK, automate multi-step attack flows, simulate autonomous adversaries, and validate cloud detection capabilities using AI-augmented offensive techniques.
Learn to operate automation and AI to strengthen your SOC. This section focuses on defensible architecture, detection-as-code, modular incident response playbooks, and AI-driven workflows. Students will also explore how to counter adversarial automation with AI-augmented defenses and continuous purple teaming.
Responsible for setting up and maintaining a system or specific components of a system in adherence with organizational security policies and procedures. Includes hardware and software installation, configuration, and updates; user account management; backup and recovery management; and security control implementation.
Explore learning pathResponsible for developing and analyzing the integration, testing, operations, and maintenance of systems security. Prepares, performs, and manages the security aspects of implementing and operating a system.
Explore learning pathIn this fairly recent job position, you have a keen understanding of both how cybersecurity defenses (“Blue Team”) work and how adversaries operate (“Red Team”). During your day-today activities, you will organize and automate emulation of adversary techniques, highlight possible new log sources and use cases that help increase the detection coverage of the SOC, and propose security controls to improve resilience against the techniques. You will also work to help coordinate effective communication between traditional defensive and offensive roles.
Explore learning pathCoordinates cyber operations plans, working with analysts and operators to support targeting and synchronization of actions in cyberspace.
Explore learning pathWhen purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.
Add 6 months of hands-on skills practice. Add to your cart when purchasing your course.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources