Major Update

SEC540: Cloud Security and DevSecOps Automation

GIAC Cloud Security Automation (GCSA)
GIAC Cloud Security Automation (GCSA)
  • In Person (5 days)
  • Online
38 CPEs
Organizations are moving to the cloud to enable digital transformation and reap the benefits of cloud computing. However, security teams struggle to understand the DevOps toolchain and how to introduce security controls in their automated pipelines responsible for delivering changes to cloud-based systems. Without effective pipeline security controls, security teams lose visibility into the changes released into production environments. SEC540 provides security professionals with a methodology to secure modern Cloud and DevOps environments. By embracing the DevOps culture, students will walk away from SEC540 battle-tested and ready to build to their organization's Cloud & DevSecOps Security Program. 35 Unique, Immersive, Hands-On Labs 3 CI/CD security labs 16 AWS focused labs 16 Azure focused labs CloudWars Bonus Challenges

What You Will Learn

The Cloud Moves Fast. Automate to Keep Up

Common security challenges for organizations struggling with DevOps culture include issues such as:

  • Malicious code, credential theft, and compromised extensions from improperly protected continuous integration and delivery pipelines.
  • Unenforced peer code reviews and security approvals that do not meet change approval and audit requirements.
  • False positives, noise, and build failures from incorrectly automated security scanners.
  • Configuration drift between environments, resource misconfigurations, and public data exposure from insufficiently managed cloud infrastructure.
  • Failure to standardize golden virtual machine and container base images across the organization.
  • Ignoring software supply chain vulnerabilities inherited from malicious libraries, third-party software, and compromised build artifacts.
  • Operating Kubernetes services without policies that prevent lateral movement between workloads, reduce pod permissions, and monitor cluster activity.
  • Failing to release patches and close vulnerability windows due to code freezes and failed deployments.
  • Lacking inventory and visibility between microservices and serverless systems.

Security teams can help organizations prevent these issues by developing a DevOps mindset and learning to apply cloud native security controls. This course provides development, operations, and security professionals with a deep understanding of and hands-on experience with the DevOps methodology used to build and deliver cloud native infrastructure and software. Students learn how to attack and then harden the entire DevOps workflow, from version control to continuous integration and running cloud native workloads. Each step of the way, students explore the security controls, configuration, and policies required to improve the reliability, integrity, and security of on-premises and cloud-hosted systems. Students learn how to implement more than 20 DevSecOps security controls to build, test, deploy, harden, and monitor cloud native infrastructure and services.

"BEST class I have ever taken at SANS. This is one of those courses where I can log into work after class ends and immediately start applying into my daily tasks and responsibilities. I already went on my team's Slack channel and told them this needs to be the next class they take." - Brian Esperanza, Teradata

"Every single person I've sent to class has loved it. It's been transformational for them because it goes beyond security concepts and teaches how modern operations and DevOps works. It's also impactful sending developers (who are not working in cloud yet) because they want to develop in cloud and get into concepts like Infrastructure as Code." - Brett Cumming

Business Benefits

  • Build a modern security team that understands cloud native security and DevSecOps workflows
  • Partner with DevOps and engineering teams to inject security into automated pipelines and earlier into the development process
  • Leverage cloud native services to deploy, harden, and monitor software products
  • Ensure your organization is ready to refactor, revise, and rebuild products during their cloud migration
  • Use cloud monitoring and event triggered automation to improve security capabilities and respond to risk effectively

Skills Learned

  • Understand how DevOps works and identify keys to success
  • Wire security scanning into automated CI/CD pipelines and workflows
  • Parse security scanning results and display the data on CI/CD dashboards
  • Manage secrets for CI/CD servers and cloud native applications
  • Automate configuration management using Infrastructure as Code (IaC)
  • Build, harden, and publish golden virtual machine images using CI/CD workflows
  • Operate and secure container technologies using Docker and Kubernetes
  • Manage the software supply chain using software provenance, attestations, artifact signing, software bill of materials (SBOM), and SBOM vulnerability scanning.
  • Harden Kubernetes clusters with workload identity and admission control
  • Monitor Kubernetes audit logs using cloud logging and monitoring services
  • Deploy patches using cloud and Kubernetes blue / green deployments
  • Refactor systems to take advantage of microservice and serverless architectures
  • Automate cloud compliance and security policy guardrails and auto-remediation playbook

What Is DevSecOps Automation?

DevSecOps automation allows security professionals to introduce continuous security controls, guardrails, and policies in their product delivery workflows.

Hands-On DevSecOps Automation Training

35 Unique, Immersive, Hands-On Labs

  • 3 CI/CD security labs
  • 16 AWS focused labs
  • 16 Azure focused labs

CloudWars Bonus Challenges

SEC540 goes well beyond traditional lectures and immerses students in hands-on application of techniques during each section of the course. Each lab includes a step-by-step guide to learning and applying hands-on techniques, as well as a "no hints" approach for students who want to stretch their skills and see how far they can get without following the guide. This allows students, regardless of background, to choose the level of difficulty they feel is best suited for them -- always with a frustration-free fallback path. Immersive hand-on labs ensure that students not only understand theory, but how to configure and implement each security control.

The SEC540 lab environment simulates a real-world DevOps environment, with more than 10 automated pipelines responsible for building DevOps container images, cloud infrastructure, automating gold image creation, orchestrating Kubernetes workloads, executing security scans, and enforcing compliance standards. Students are challenged to sharpen their technical skills and automate more than 20 security-focused challenges using a variety of command line tools, programming languages, and markup templates.

The SEC540 course labs come in both AWS and Azure versions. Students will choose one cloud provider at the beginning of class to use for the duration of the course. Both options leverage Terraform for Infrastructure as Code (IaC) and the cloud provider's managed Kubernetes for container orchestration. Students are welcome to do labs for the aternate cloud provider on their own time once they finish the first set of labs.

For students who want an extra challenge, 2 hours of CloudWars Bonus Challenges are available during extended hours each day. These CloudWars challenges provide additional opportunities for hands-on experience with the cloud and DevOps toolchain.

  • Section 1: Attacking the DevOps Toolchain, Version Control Security, Automating Code Analysis, Protecting Secrets with Vault, CloudWars (Section 1): Cloud & DevOps Security Bonus Challenges
  • Section 2: Infrastructure as Code Network Hardening, Gold Image Creation, Container Image Hardening, Container Supply Chain Security, CloudWars (Section 2): Cloud & DevOps Security Bonus Challenges
  • Section 3: Container Registry Security, Kubernetes Workload Identity, Kubernetes Admission Control, Continuous Security Monitoring, CloudWars (Section 3): Cloud & DevOps Bonus Challenges
  • Section 4: Automated Blue/Green Deployments, Content Protection with CDNs, API Gateway Security, Serverless Security, CloudWars (Section 4): Cloud & DevOps Security Bonus Challenges
  • Section 5: Cloud Security Posture Management, Blocking Attacks with WAF, Automated Remediation with Cloud Custodian, CloudWars (Section 5): Cloud & DevOps Security Bonus Challenges

"Labs were really impressive. You can tell there are hours of work in there. It was organized really well and was great practice." - David Heaton, Grange Insurance

"Labs were the best bit of the whole thing - well maintained, keep it up." - Richard Ackroyd, PwC

"Great wealth of scripts to use and leverage." - Ravi Balla, GE

"Fun and straightforward. Everything worked like a charm." - Kenneth Jordan, Openaltar

Syllabus Summary

Section 1: Attacking and Hardening the DevOps Toolchain

Section 2: Securing Cloud Infrastructure, Container Images, and the Software Supply Chain

Section 3: Securing Container Registries, Kubernetes, and Monitoring

Section 4: Securing Content, APIs, and Serverless

Section 5: Automating Compliance, Attack Defense, and Remediation

Additional Free Resources

Posters, Cheat Sheets, and Lists



What You Will Receive

  • Printed and electronic courseware
  • SANS provides time-limited AWS and Azure cloud accounts for completing the labs.
  • SANS provides instructions for accessing a virtual environment, also known as the Cloud Security Flight Simulator. Upon connecting to the environment, students can access the DevOps services (GitLab, VS Code, Terminal, and Vault) using Firefox to complete the lab exercises.
  • GitLab repositories with workflow, Terraform, Packer, Ansible, Kubernetes, and Docker configurations deploying the AWS and Azure infrastructure.
  • Browser access to an electronic workbook with lab instructions and commands to complete the lab exercises.
  • Ability to launch the DevOps server and lab infrastructure in your personal AWS and Azure cloud accounts after the course ends.

What Comes Next?

DevSecOps Professionals:

Cloud Security Engineer:

Cloud Security Architect:

Cloud Security Manager:


Please plan to arrive 30 minutes early before your first session for lab preparation and set-up. During this time, students can confirm that their cloud accounts are properly provisioned and connect to the Cloud Security Flight Simulator's DevOps server. For live classes (online or in-person), the instructor will be available to assist students with set-up 30 minutes prior to the course start time. The lecture will begin at the scheduled course start time.

Syllabus (38 CPEs)

Download PDF
  • Overview

    SEC540 starts by introducing DevOps practices, principles, and tools by attacking a vulnerable Version Control and Continuous Integration (CI) system. Students gain an in-depth understanding of how the toolchain works, the risks these systems pose, and identify key weaknesses that could compromise the workflow. Next, we examine the security features available in various Continuous Integration (CI) and Continuous Delivery (CD) systems, such as GitHub and GitLab, and then start hardening the workflow. After automating various code analysis tools, students learn how to parse various machine-readable data formats and display the results in CI dashboards. After discovering insecurely stored secrets, we shift focus to storing sensitive data in secrets management solutions, such as HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault, that can be read at runtime by a CI workflow.

    • Attacking the DevOps Toolchain
    • Version Control Security
    • Automating Code Analysis
    • Protecting Secrets with Vault
    • CloudWars (Section 1): Cloud & DevOps Security Bonus Challenges

    DevOps and Security Challenges

    • Understand the Core Principles and Patterns behind DevOps
    • Recognize how DevOps works and identify keys to success

    DevOps Toolchain

    • Version control and source code management with git
    • Using GitFlow to manage changes across environments
    • Continuous Integration (CI) versus Continuous Delivery (CD)
    • Continuous Delivery versus Continuous Deployment
    • GitHub workflows, actions, and secrets storage
    • GitLab CI workflows, OpenID Connect identity tokens, and HashiCorp Vault integration
    • CI/CD supply chain attacks, risks, and hardening guidelines

    Securing DevOps Workflows

    • Threat model and secure your build and deployment environment
    • DevSecOps phases and security controls
    • How DevSecOps and artificial intelligence (AI) work together

    Pre-Commit Security Controls

    • Conduct effective risk assessments and threat modeling in a rapidly changing environment
    • Learn how to analyze a git repository and identity key technology stacks
    • Configure pre-commit git hooks to run required security checks
    • Install code editor extensions for security and artificial intelligence (AI)
    • Enable branch protections to require approvals and change control
    • Enforce high risk code reviews using CodeOwners

    Commit Security Controls

    • Design and implement automated security tests and checks in CI/CD
    • Understand the strengths and weaknesses of different automated testing approaches in Continuous Integration
    • Centralize automated security checks into a dedicated security scanning factory
    • How to minimize false positives and create custom rules
    • Parse automated security using the xUnit, JUnit, SARIF, CycloneDX, and SPDX machine readable formats
    • Learn the toolchain for scanning application source code, dependencies, configuration management code, and infrastructure as code

    Secrets Management

    • Managing secrets for CI/CD workflows
    • Scan version control repositories for secrets
    • Prevent secrets from being committed to version control
    • Register pre-commit hooks to block commits with secrets
    • Open-source and commercial secrets management systems
    • Provision secrets in the Azure Key Vault, AWS Secrets Manager, and HashiCorp Vault
  • Overview

    Section 2 challenges students to use their DevOps skills to deploy a code-driven cloud infrastructure with Terraform using more than 100 cloud resources. Students scan the cloud infrastructure as code (IaC), identify insecure network configurations and harden the network traffic flow rules. With the cloud infrastructure in place, students learn how automate configuration management and publish golden images using Packer and Ansible. To finish the day, students begin preparing a container image to run on a Kubernetes cluster. Following the container security lifecycle, we review Dockerfiles and Kubernetes manifests for misconfigurations, scan the configuration file code analysis, rebuild the image using trusted suppliers, write container security policies as code, and scan images for vulnerabilities. Finally, students learn how to manage the container image's software supply chain using attestations, provenance, software bill of materials (SBOM), artifact signing, and SBOM vulnerability scanning.

    • Infrastructure as Code Network Hardening
    • Gold Image Creation
    • Container Image Hardening
    • Container Software Supply Chain Security
    • CloudWars (Section 2): Cloud & DevOps Security Bonus Challenges

    Cloud Infrastructure as Code

    • Introduction to Cloud Infrastructure as Code (IaC)
    • Terraform, OpenTofu, and the pros and cons of multi-cloud IaC
    • Create Terraform resources with HashiCorp Configuration Language (HCL)
    • How to choose a Terraform provider for your cloud
    • Create shared Terraform modules for your organization
    • Automate Terraform deployments in CI/CD
    • Secure Infrastructure as Code (IaC) configurations with Checkov and EasyInfra

    Configuration Management as Code

    • Introduction to configuration management tools
    • How Ansible templates can help configure a custom virtual machine
    • Build custom virtual machine images with Packer
    • Automate golden image configuration test suites with InSpec
    • Publish golden images using CI/CD workflows

    Container Security Lifecycle

    • Introduction to the Application Container Security Guide
    • Dockerfile commands, examples, and misconfigurations
    • Linting container configuration files with Trivy
    • Eliminating vulnerabilities with minimal base images, trusted suppliers, and multi-stage builds
    • Writing custom container configuration policies with Conftest
    • Scanning container images for vulnerabilities with Trivy

    Software Supply Chain Security

    • Introduction to the software supply chain
    • Software provenance attestations with Docker BuildKit
    • Supply-Chain Levels for Software Artifacts (SLSA)
    • Managing vulnerable dependencies with trusted suppliers
    • Create Software Bill of Materials (SBOMs)
    • Sign build artifacts and Software Bill of Materials (SBOMs) with Project Sigstore
    • Scan SBOM artifacts for vulnerabilities and track results using Vulnerability Exploitability eXChange (VEX)
  • Overview

    Section 3 prepares students to deploy and secure containerized workloads running in cloud-native Kubernetes services such as AWS Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS). After an introduction to Kubernetes architecture, students examine how ingress, service, and pod resources route traffic to a container and use GitLab CI to deploy a container image to the pod. With workloads running in Kubernetes, we shift focus to Kubernetes security controls such as authentication, role-based access control (RBAC), isolation, workload identity, and admission control. Students finish the section by enabling Kubernetes audit logs, monitoring workloads, analyzing log files, detecting an attack in real time, and sending alerts to the security team.

    • Container Registry Security
    • Kubernetes Workload Identity
    • Kubernetes Admission Control
    • Continuous Security Monitoring
    • CloudWars (Section 3): Cloud & DevOps Bonus Challenges

    Kubernetes Architecture, Resources, and Deployments

    • Introduction to Kubernetes architecture
    • Interacting with the Kubernetes API server using kubectl
    • Learn to create Kubernetes resource using YAML configuration
    • Build Kubernetes ingress, service, and deployment resources for routing traffic to a microservice
    • Inventory Kubernetes resources using metadata labels, and annotations
    • Install Kubernetes packages using Helm
    • Prepare container registry security for deploying Kubernetes pods
    • Deploy a container image to Kubernetes using GitLab CI

    Kubernetes Risks and Security Controls

    • Understand container runtime and orchestration platforms
    • Review container orchestrator security risks
    • Use Kubernetes control plane authentication to access a cluster
    • Apply role-based access control (RBAC) permissions to a subject
    • Isolate resources using namespaces
    • Store sensitive data in Kubernetes secrets and encrypt secrets storage using cloud managed encryption services

    Kubernetes Workload Security

    • Kubernetes cloud controller manager capabilities
    • Review Azure Kubernetes Service (AKS) cloud controller manager permissions
    • Understand how Azure Kubernetes Service (AKS) pod permissions grant access to Azure APIs
    • Review AWS Elastic Kubernetes Service (EKS) cloud controller manager permissions
    • Understand how AWS Elastic Kubernetes Service (EKS) pod permissions grant access to AWS APIs
    • Enable Kubernetes workload identity using OpenID Connect (OIDC)
    • Deploy Kubernetes workload identity for pods running in both Azure Kubernetes Service (AKS) and AWS Elastic Kubernetes Service (EKS)
    • Audit pods for least privilege access in both Azure Kubernetes Service (AKS) and AWS Elastic Kubernetes Service (EKS)

    Kubernetes Runtime Security

    • Introduction to pod and container security context options
    • Enable host and process namespacing and workload resource limits
    • Build network policies with Container Network Interface (CNI)
    • Introduction to Kubernetes admission controllers
    • Write validating admission controllers with Common Expression Language (CEL) and Open Policy Agent (OPA), Gatekeeper, and Rego
    • Learn how eBPF enables runtime protection for Kubernetes hosts and containers
    • Compare runtime security options include Cilium, Falco, KubeArmor

    Continuous Security Monitoring

    • Monitoring and feedback loops from production to engineering
    • Understand the difference between logs, metrics, and data tracing
    • Examine Kubernetes cluster, node, container, and event log sources
    • Enable Azure Kubernetes Service logging with the OMS Agent
    • Ingest Kubernetes logs in Azure Log Analytics
    • Analyze logs with Kusto Query Language (KQL) and trigger alerts using Azure Monitor
    • Enable AWS Elastic Kubernetes Service (EKS) cluster logs and container insights
    • Stream EKS log data to CloudWatch using Fluent Bit
    • Query EKS log data with CloudWatch Log Insights
    • Create CloudWatch Dashboards and trigger alerts using Simple Notification Service (SNS) topics
    • Automate notifications using web hooks to a Discord channel
    • Test monitoring, alerts, and notifications using automated ZAP scans
  • Overview

    Section 4 starts with students learning to leverage cloud-native Kubernetes ingress load balancers to patch containerized workloads using blue/green deployment patterns. From there, focus shifts to securing serverless systems using content delivery networks (CDN), API gateways, and functions as a service (FaaS). Students examine CDN services, system authentication to the backend origin, and signing requests for protected content. Then, we explore microservice architectures, edge authentication, and internal and micro-segmentation with API Gateways, Kubernetes network policy, and service mesh platforms. Students learn how serverless architectures enable DevOps teams to build dynamic systems using event triggers and Functions as a Service (FaaS). Finally, we wrap up the section analyzing a serverless deployment pipeline for Azure Functions and AWS Lambda.

    • Automated Patch Deployment using Blue/Green Services
    • Content Protection with AWS CloudFront and Azure CDN
    • Microservice Security using API Gateways, OpenID Connect, and Network Policy
    • Serverless Security for Cloud Functions as a Service (FaaS) with GitLab CI
    • CloudWars (Section 4): Cloud & DevOps Security Bonus Challenges

    Deployment Orchestration using Cloud Native Services

    • Introduction to blue/green deployment workflows
    • Understand blue/green deployments using Azure Application Gateway
    • Automate blue/green deployments using Azure Kubernetes ingress controller and service resources
    • Understand blue/green deployments using AWS Route53 and AWS Application Load Balancer (ALB) weighted target groups
    • Automate blue/green deployments using AWS Elastic Kubernetes Service (EKS) ingress controller and service resources

    Secure Content Delivery

    • Introduction to cloud content delivery networks (CDN)
    • Evaluate CDN backend origin access control permissions to a storage account
    • Protect static content and single page applications hosted in cloud CDN services
    • Configure Azure CDN token authorization policies
    • Create an AWS CloudFront Origin Access Identity (OAID)
    • Enable AWS CloudFront Signing policies
    • Configure secure CDN Cross-Origin Resource Sharing (CORS) policies

    Microservice Security

    • Compare the attack surfaces for traditional and microservice architectures
    • Understand the pros and cons when moving to microservices
    • Protect the perimeter with an API Gateway
    • Enable API Gateway authentication and authorization with Open ID Connect (OIDC)
    • Understand how service providers validate identity tokens from OIDC identity providers
    • Create an Azure API Management gateway to protect a private microservice
    • Configure an Azure API Management custom security policy to validate custom OIDC identity tokens
    • Create an AWS API Gateway to protect a private microservice
    • Configure an AWS API Gateway custom authorizer to validate custom OIDC identity tokens
    • Verify JSON Web Token (JWT) configurations and claims meet security recommendations
    • Protect internal service to service communications with mutual TLS
    • Apply Kubernetes network policy to
    • Extend Kubernetes network policy intelligence with Calico
    • Understand how service mesh offerings can control API traffic at scale

    Serverless Security

    • Introduction to serverless application architectures
    • Leverage event driven cloud services to host dynamic applications
    • Build a serverless single page application (SPA) cloud native CDN, storage, identity provider, API Gateway, function (FaaS), and database services
    • Review the Azure Function service and security options
    • Review the AWS Lambda service and security options
    • Introduction to GraphQL managed services and security concerns
    • How do serverless systems change the security team's responsibilities
    • Divide serverless deployment responsibilities between development and operations
    • Build GitLab CI workflows for deploying serverless function packages
  • Overview

    Section 5 wraps up the journey with students learning to leverage cloud services to automate security compliance. Starting with Cloud Security Posture Management (CSPM) solutions students detect security issues in their cloud infrastructure. Next, using cloud-native Web Application Firewall (WAF) services, students enable monitoring, attack detection, and active defense capabilities to catch and block bad actors. The discussion then shifts to working in DevOps and how that affects policy and compliance. Students finish the course learning how to write policy as code for automated remediation using Cloud Custodian, and how to detect and correct cloud configuration drift.

    • Cloud Security Posture Management (CSPM) with Prowler and Microsoft Defender for Cloud
    • Blocking Attacks with Azure and AWS WAF
    • Automated Remediation with Cloud Custodian
    • CloudWars (Section 5): Cloud & DevOps Security Bonus Challenges

    Continuous Compliance

    • Introduction to Continuous Compliance and Compliance as Code
    • Modern governance, risk, and compliance for cloud native applications
    • Mapping DevOps guardrails to ITIL and PCI controls
    • Automate compliance and security policy scanning using InSpec, AWS Service Control Policies (SCP), and Azure Policy
    • Automate cloud native Cloud Security Posture Management (CSPM) policy using Microsoft Defender for Cloud, AWS Security Hub, and Prowler

    Runtime Security Protection

    • Automating compliance with cloud native web application firewall (WAF) services
    • Protect Kubernetes workloads using the Azure and AWS WAF services
    • Write WAF as Code custom rules for Azure and AWS WAF services
    • Learn how the AWS WAF Security Automations Project uses event triggers and serverless to build custom WAF protection
    • Compare compliance with WAF to RASP and IAST solutions

    Automated Remediation

    • Introduction to automated detection and remediation in the cloud
    • Learn how Azure Event Grid and AWS EventBridge route events to runbooks for remediation and notifications
    • Explore CSPM automation capabilities in Microsoft Defender for Cloud and AWS Security Hub
    • Learn how AWS Security Hub Automated Response & Remediation (SARR) uses playbook automation to close findings
    • Write policy as code with Cloud Custodian to manage cloud resources
    • Deploy Cloud Custodian policies to remediate Azure Network Security Group and AWS Security Group firewall rule misconfigurations

GIAC Cloud Security Automation

The GIAC Cloud Security Automation (GCSA) certification validates a practitioner's understanding of the DevSecOps methodology and toolchains, and skill in implementing security controls throughout automated secure DevOps pipelines. GCSA certification holders have demonstrated knowledge of the tools, security controls, and configuration required to improve reliability, integrity, and security of cloud-hosted systems.

  • DevOps and DevSecOps fundamentals, Secure Infrastructure and Configuration Management
  • Securing Cloud Architecture, Continuous Security Monitoring
  • Data and Secrets Protection, Compliance
  • Security and Automation related to Deployment, Runtime and Content Delivery
More Certification Details


The following are courses or equivalent experiences that are prerequisites for SEC540:

  • SANS SEC488: Cloud Security Essentials or hands-on experience using the AWS and Azure Cloud
  • Familiarity with Linux command shells and associated commands
  • Basic understanding of common application attacks and vulnerabilities (e.g., OWASP Top 10)
  • Basic understanding of version control (git), continuous integration systems (GitLab CI), and Kubernetes is recommended but not required

Preparing for SEC540

Students taking SEC540 will have the opportunity to learn and use a number of DevOps and cloud tools during the hands-on exercises. Getting a head start on the following tools, technologies, and languages will help students enjoy their lab experience:

Laptop Requirements



Student cloud accounts are provided for students by SANS to complete the course labs.

The SEC540 course labs come in both AWS and Azure versions. Time-limited accounts for each cloud are provided by SANS to use for completing the labs.

OnDemand students:

  • Students can dynamically provision access to their AWS or Azure accounts by logging in to their SANS account and visiting the My Labs page.
  • When cloud account provisioning is complete, students can download time-limited credentials for accessing the cloud accounts

Live events (In Person or Live Online)

  • Students are automatically provisioned access to both AWS and Azure accounts 24 hours before class starts.
  • Students can log in to their SANS account and visit the MyLabs page to download their cloud credentials the day before class begins.

Students must bring their own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

Students must be in full control of their system's network configuration. The system will need to communicate with the cloud-hosted DevOps server using a combination of HTTPS, SSH, and SOCKS5 traffic on non-standard ports. Running VPN, intercepting proxy, or egress firewall filters may cause connection issues communicating with the DevOps server. Students must be able to configure or disable these services to connect to the lab environment.


A properly configured system is required for each student participating in this course. Before starting your course, carefully read and follow these instructions exactly:

  • Host Operating System: Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run the Firefox browser described below.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.

Mandatory Host Hardware Requirements

  • CPU: 64-bit 2.5+ GHz multi-core processor or higher
  • Wireless Ethernet 802.11 B/G/N/AC
  • Local Administrator Access within your host operating system
  • Must have the ability to install Firefox, enable a Firefox extension, and install a new trusted root certificate on the machine.

Mandatory Software Requirements

  • Prior to class, ensure that the following software is installed on the host operating system:
  • Firefox 120.0+
  • Firefox SmartProxy extension:

Before beginning the course you should:

After you have completed those steps, access the SANS provider cloud accounts to connect to the SANS Cloud Security Flight Simulator and connect to the SEC540 DevOps server. The SEC540 DevOps server hosts an electronic workbook, version control, CI/CD, secrets manager, and Terminal services that can be accessed through the Firefox browser.

Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.

If you have additional questions about the laptop specifications, please contact support.

Author Statement

"DevOps, cloud, and cloud native services are radically changing the way that organizations design, build, deploy, and operate online systems. Leaders like Amazon, Microsoft, and Google are able to deploy hundreds or even thousands of changes every day, continuously learning, improving, and growing -- and leaving their competitors far behind. With DevSecOps moving from Internet 'Unicorns' and cloud providers into the enterprise, it is more important than ever for security teams to understand how these systems work.

"Traditional approaches to security can't come close to keeping up with this rate of accelerated change. Engineering and operations teams that have broken down the 'walls of confusion' in their organizations are increasingly leveraging new kinds of automation, including Infrastructure as Code, Continuous Delivery and Continuous Deployment, Kubernetes, microservices, containers, and cloud native services. The question is: Can security take advantage of these tools and automation to better secure its systems?

"Security must be reinvented in a DevOps and cloud world."

- Eric Johnson, Ben Allen, and Frank Kim

"Great instructor, gave real life devops examples from his experience, and was very willing to demo extra concepts and commands on the fly (hashicorp terraform)." - Eden Kang


Instructor is fantastic. Extremely knowledgeable in the subject matter and has easily answered many complicated questions.
Cory Marriott
Great course! Excellent instructor! Lots of hands-on! Met my expectations definitely and I will absolutely recommend it to other people.
Sandro Blatter
This course definitely makes security in DevOps more relatable and concrete. Love that we are asked to fix issues.
Stephen Germain
SEC540 truly deserves the 5 of 5 excellent rating. I really can't express how impressed I am with my first SANS course.
Dwayne Sander

    Register for SEC540

    Learn about Group Pricing

    Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.