SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
Acquire elite cloud threat detection capabilities to identify, analyze, and respond to sophisticated attacks in AWS and Azure environments.
I would recommend SEC541 to any cloud security stakeholder that wants to empower all the security tools companies have in order to improve detection, understand protection, and overall increase their security level.
SEC541: Cloud Security Threat Detection immerses students in hands-on labs that focus on detecting threats and investigating attacks across AWS, Azure, and Microsoft 365 environments. Threat-driven curriculum to equips security professionals with practical cloud threat detection techniques through analyses of real-world attacks.
The course begins with an analysis of real-world case studies, followed by implement detection controls and investigate suspicious activities. From there, you’ll build a detection engineering process, and explore cloud-native logging, API monitoring, and effective detection systems tailored to cloud environments. You’ll also gain exposure to cloud threat hunting strategies that enhance proactive detection and reduce response times.
By the end of the course, you’ll have developed practical skills to detect, investigate, and respond to sophisticated cloud threats. Security professionals will gain expertise beyond theory, implementing cloud threat detection strategies that address the critical differences between on-premises and cloud security monitoring.
Shaun McCullough spent 20+ years at the NSA working in cyber operations as a software engineer and technical director of Blue, Red, and Hunt teams. He is currently a staff level Cloud Security Engineer at GitHub.
Read more about Shaun McCulloughRyan’s extensive experience, including roles as a cybersecurity engineer for major Department of Defense cloud projects and as a lead auditor, underscores his dedication to enhancing the security posture of critical systems.
Read more about Ryan NicholsonExplore the course syllabus below to view the full range of topics covered in SEC541: Cloud Security Threat Detection.
The course begins with an investigation of a real-world cloud attack, breaking down the tactics and demonstrating how to monitor cloud management APIs. You will analyze API logs, implement network monitoring, and develop detection strategies for unauthorized activities in cloud environments.
Students focus on monitoring compute resources including virtual machines, containers, and serverless functions. You’ll then analyze the Tesla Kubernetes attack, implement logging for compute environments, and develop detection strategies for abnormal behavior patterns in cloud workloads.
You’ll learn to implement and leverage cloud-native detection services, discovering the best ways to conduct resource inventory, identify sensitive data in unauthorized locations, and centralize security data for comprehensive threat monitoring across cloud environments.
You’ll examine Microsoft 365 and Azure-specific detection capabilities and incorporating AI into their security program. This section concentrates on techniques to investigate Exchange attacks, utilize Kusto Query Language for log analysis, and implement Microsoft Defender and Sentinel for comprehensive threat detection in Microsoft cloud environments.
You will begin by automating incident response in cloud environments and then culminate the course by participating in the CloudWars Challenge. You’ll walk away with strategies to implement automated forensic workflows and develop skills in a capstone exercise designed to test their ability to detect and respond to cloud-based threats.
Using cloud security solutions to respond to incidents and enable defenses
Explore learning pathCollect, process, analyse data and information to produce actionable intelligence reports and disseminate them to target stakeholders.
Explore learning pathMonitor, test, detect, and investigate threats to cloud environments.
Explore learning pathResponsible for investigating, analyzing, and responding to network cybersecurity incidents.
Explore learning pathMonitors cyber defense tools like IDS and logs to analyze network events, identifying and mitigating potential threats to security environments.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Learning what to look for from both sides of the keyboard in one course is refreshing.
Each day's content is like a well told story. The labs bring the lecture to life.
I really enjoyed learning more about the AWS data sources and then performing relevant attacks against them to generate events that we could hunt for.
I liked the labs. They were beefy but they were fun. I really liked the brute force lab because that is 100% legit. I thought it was really cool too how they show you two ways to do almost the same thing with Athena and CloudWatch.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources