Question 1

What Are The Laptop Requirements?

Accepted Answer

Important! Bring your own system configured according to these instructions.A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data. Mandatory System Hardware Requirements Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom. Mandatory Host Configuration and Software Requirements Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer. Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed. Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs. If you have additional questions about the laptop specifications, please contact customer service.

Question 2

Who Should Attend SEC559 Training?

Accepted Answer

This course is designed for technical professionals who secure, monitor, or respond to identity-related threats in Microsoft cloud and hybrid environments.IAM engineers and architects Security engineers and cloud security engineers SOC analysts and incident responders Microsoft 365 and Entra administrators with security responsibility Cybersecurity consultants focused on Microsoft or hybrid identity environments IT administrators moving into security or identity-focused roles

Question 3

What Will You Get?

Accepted Answer

Electronic and printed courseware SANS provisioned Entra ID account

Question 4

What Are The Prerequisites For This Course?

Accepted Answer

Familiarity with Azure AD/Entra ID basics (users, apps, roles) Some experience with identity protocols or authentication concepts Comfort working with logs or Kusto queries (helpful but not required)

Question 5

What Learning Path Is This Course A Part Of?

Accepted Answer

SEC559 is part of the SANS Cloud Security curriculum, designed to help practitioners build advanced skills for securing modern cloud and hybrid environments. The course complements cloud security, detection, and architecture training by focusing specifically on identity as the primary control plane.It fits naturally for professionals who already work with cloud or enterprise environments and want to deepen their ability to detect and remediate identity-driven attacks across cloud and hybrid identity control planes.Depending on your role and future career aspirations, one of these courses could be a great next step in your cloud security journey: SEC510: Cloud Security Engineering and Controls SEC541: Cloud Security Threat Detection  SEC549: Cloud Security Architecture

Question 6

What Is Identity Security and Why Is It Important?

Accepted Answer

Identity security protects the users, applications, and services that control access to modern environments, ensuring access is legitimate, authorized, and continuously validated across cloud and hybrid systems. As traditional network boundaries dissolve under cloud, remote work, automation, and AI, identity becomes the primary control plane, and the primary target. Attackers increasingly chain small identity failures together: compromised credentials, abused OAuth consent, leaked secrets, and manipulated federation trust allow them to operate with legitimate access that bypasses traditional defenses and escalates into tenant- or domain-wide compromise. Effective identity security makes these attacks visible, enables Zero Trust enforcement, and allows defenders to break identity attack chains before access turns into impact.

Question 7

How Will This Course Benefit My Career?

Accepted Answer

SEC559 strengthens your career by building expertise in one of the fastest-growing and most in-demand areas of cybersecurity: identity security. As organizations shift to cloud and hybrid environments, identity has become the primary control plane, and security teams urgently need practitioners who can detect and respond to identity-based attacks that bypass traditional defenses. This course gives you hands-on experience investigating real-world identity compromises across cloud and hybrid identity control planes. You will develop practical skills in detecting illegitimate access, analyzing authentication and token behavior, and safely remediating identity attacks, capabilities that directly align with the day-to-day challenges faced by modern security teams. By completing SEC559, you position yourself as a cyber professional who understands how attackers operate today: abusing credentials, tokens, applications, and trust relationships rather than exploiting software vulnerabilities. These skills are highly transferable across roles in IAM, cloud security, SOC operations, incident response, and security architecture.

Question 8

What are Alpha and Beta Courses?

Accepted Answer

Alpha and beta courses are a standard part of the SANS course development process, designed to bring new training to life in close collaboration with the cybersecurity community. These early-stage offerings allow practitioners to access new content while providing real-world feedback that helps refine course material, labs, and delivery before full release. The alpha class is invitation-only, free, and limited to a small cohort, enabling close collaboration between instructors and experienced professionals. The beta courses follow as paid offerings at a discounted rate, allowing a broader audience to participate while continuing to shape the final course. Spots are limited. If identity security is your focus, this is your chance to be the first to experience SEC559.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC559: Cloud and Hybrid Identity Security

Course Overview

What You'll Learn

Business Takeaways

Meet Your Author

Maxim Deweerdt

Course Syllabus

Section 1Cloud Identity Foundations, OAuth Abuse and Token Security

Topics covered

Labs

Section 2Hybrid Identity Attacks, Federation Abuse and Detection Gaps

Topics covered

Labs

Things You Need To Know

Relevant Job Roles

Cloud Security Analyst Training, Salary, and Career Path

Cloud Threat Detection and Response

Benefits of Learning with SANS