Talk With an Expert

SEC573: Automating Information Security with Python

SEC573Cyber Defense
  • 6 Days (Instructor-Led)
  • 36 Hours (Self-Paced)
Course authored by:
Mark Baggett
Mark Baggett
SEC573: Automating Information Security with Python
Course authored by:
Mark Baggett
Mark Baggett
  • GIAC Python Coder (GPYC)
  • 36 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • 128 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Learn Python in depth and gain essential skills for customizing and developing your own information security tools.

Course Overview

Are you ready to embrace the AI revolution or cloud automation and tackle the dynamic challenges of today’s cybersecurity landscape? The skill you need is PYTHON. Want to harness massive data streams for real-time threat detection, leverage data science to uncover hidden attack patterns, or build custom tools to outpace adversaries? From AI-driven anomaly detection to advanced data analytics, Python is the backbone of modern infosec, data science, machine learning, and automation. Do you need to hunt attackers in cloud environments, analyzing forensic artifacts, or developing penetration testing exploits? Without Python your options are limited.

Python for cyber security is the must-have skill for defending modern networks. Python equips you to stay ahead in a world where threats evolve faster than ever. And SEC573 gives you just what you need to get started. Have you ever wondered why so many SANS courses include a crash course in Python? It’s because you can’t finish the labs and master those essential skills without it.

When you’re ready to stop treating Python as optional—and start wielding it as your infosec superpower—you’re ready for SEC573. This course also prepares you for the GPYC certification (GIAC Python Coder), which validates your ability to apply Python to solve real-world cybersecurity problems.

What You’ll Learn

  • Leverage Python to perform routine tasks quickly and efficiently
  • Automate log analysis and packet analysis with file operations, regular expressions, and analysis modules to find evil
  • Develop forensics tools to carve binary data and extract new artifacts
  • Read data from databases and the Windows Registry
  • Interact with websites to collect intelligence
  • Develop UDP and TCP client and server applications
  • Automate system processes and process their output

Business Takeaways

  • Automate system processes and process their input quickly and efficiently
  • Create programs that increase efficiency and productivity
  • Develop tools to provide the vital defenses our organizations need

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC573: Automating Information Security with Python.

Section 1Essentials Workshop with pyWars

The course launches with a fast-paced Python intro and the pyWars lab environment, backed by more than 100 hands-on labs. Beginners master the fundamentals, while advanced students dive into bonus challenges. You'll gain the skills to build Python tools for AI, cloud, pen testing, network defense, and beyond—no filler, just what gets results.

Topics covered

  • Variables and Math Operators
  • Strings and Functions
  • Control Statements
  • Modules & VMs

Section 2Essentials Workshop with MORE pyWars

This section strengthens your core Python skills with hands-on labs on essential data structures like lists and dictionaries, managing isolated environments with venv, and mastering advanced debugging in VS Code. These skills are foundational across many fields, from software development to cybersecurity and data science.

Topics covered

  • Python Virtual Environments
  • Lists, Loops, and Tuples
  • Dictionaries
  • Debugging with Visual Studio Code

Section 3Defensive Python

In the role of a network defender, you’ll analyze logs and packet captures to identify indicators of compromise. You’ll develop scripts for continuous monitoring and master file handling, data analysis and working with network packets—fundamental skills for threat detection, incident response, and broader security operations.

Topics covered

  • File Operations and Python Sets
  • Log Parsing, Data Analysis Tools and Techniques
  • Long-Tail/Short-Tail Analysis
  • Geolocation Acquisition
  • Packet Analysis and Reassembly

Section 4Forensics Python

In this forensics-themed section, you’ll develop the skills to manually extract and analyze digital artifacts in the absence of automated tools. You'll work with embedded data in disk images, SQL databases, and web content, and extract critical metadata—capabilities essential across incident response, threat hunting, and investigative roles.

Topics covered

  • Disk, Memory, and Network Analysis
  • File Carving and Binary Structures
  • Image and SQL Data Extraction
  • Window Registry IO
  • Web Requests and API Usage

Section 5Offensive Python

In this offensive-themed section, you’ll build a custom remote access agent to bypass defenses when standard tools fail. Skills like process interaction, error handling, and TCP communication, while offensive in context, are essential across many cybersecurity roles.

Topics covered

  • Network Socket Operations
  • Exception Handling and Process Execution
  • Blocking and Non-blocking Sockets
  • Using the Select Module for Asynchronous Operations
  • Python Objects

Section 6Capture-the-Flag Challenge

The Capstone section challenges students to apply their skills in real-world scenarios—exploiting systems, analyzing packets, parsing logs, automating tasks, and interacting with websites. Live students compete as teams, while OnDemand students tackle challenges independently, with expert support available when needed.

Things You Need To Know

Relevant Job Roles

Data Analysis (OPM 422)

NICE: Implementation and Operation

Responsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.

Explore learning path

Technology Research and Development (OPM 661)

NICE: Design and Development

Responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

Explore learning path

Malware Analyst

Digital Forensics and Incident Response

Malware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. You look deep inside malicious software to understand the nature of the threat – how it got in, what flaw it exploited, and what it has done, is trying to do, or has the potential to achieve.

Explore learning path

Digital Forensics (OPM 212)

NICE: Protection and Defense

Responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.

Explore learning path

Military Operations / Law Enforcement Agents

Digital Forensics and Incident Response

Execute digital forensic operations under demanding conditions, rapidly extracting critical intelligence from diverse devices. Leverage advanced threat hunting and malware analysis skills to neutralize sophisticated cyber adversaries.

Explore learning path

Media Exploitation Analyst

Digital Forensics and Incident Response

This expert applies digital forensic skills to a plethora of media that encompasses an investigation. If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked, damaged or used in a crime, this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.

Explore learning path

Intrusion Detection/SOC Analysts

Digital Forensics and Incident Response

Analyze network and endpoint data to swiftly detect threats, conduct forensic investigations, and proactively hunt adversaries across diverse platforms including cloud, mobile, and enterprise systems.

Explore learning path

Blue Teamer - All Around Defender

Cyber Defense

This job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.

Explore learning path

Software Security Assessment (OPM 622)

NICE: Design and Development

Responsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.

Explore learning path

Intrusion Detection / (SOC) Analyst

Cyber Defense

Security Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.

Explore learning path

Application Pen Tester

Offensive Operations

Application penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.

Explore learning path

Defensive Cybersecurity (OPM 511)

NICE: Protection and Defense

Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

Explore learning path

Penetration Tester

European Cybersecurity Skills Framework

Assess the effectiveness of security controls, reveals and utilise cybersecurity vulnerabilities, assessing their criticality if exploited by threat actors.

Explore learning path

Cybersecurity Analyst/Engineer

Cyber Defense

As this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.

Explore learning path

Digital Evidence Analysis (OPM 211)

NICE: Investigation

Responsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us
Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by Mark Baggett
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Virtual (live)

    Instructed by Joshua Barone
    Date & Time
    Fetching schedule..View event details
    Course price
    €8,230 EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Chicago, IL, US & Virtual (live)

    Instructed by Joshua Barone
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Rockville, MD, US & Virtual (live)

    Instructed by Michael Murr
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Austin, TX, US & Virtual (live)

    Instructed by Michael Murr
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    London, GB & Virtual (live)

    Instructed by Mark Baggett
    Date & Time
    Fetching schedule..View event details
    Course price
    £7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout
    Registration Options
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Instructed by Mark Baggett
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Amsterdam, NL & Virtual (live)

    Instructed by Mark Baggett
    Date & Time
    Fetching schedule..View event details
    Course price
    €8,230 EUR*Prices exclude applicable local taxes
    Registration Options
Showing 8 of 13

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources