What You Will Learn

Secure Your Systems at Cloud Native Speed

Common security challenges for organizations struggling with DevOps culture include issues such as:

Malicious code, credential theft, and compromised extensions from improperly protected continuous integration and delivery pipelines.
Unenforced peer code reviews and security approvals that do not meet change approval and audit requirements.
False positives, noise, and build failures from incorrectly automated security scanners.
Configuration drift between environments, resource misconfigurations, and public data exposure from insufficiently managed cloud infrastructure.
Failure to standardize golden virtual machine and container base images across the organization.
Ignoring software supply chain vulnerabilities inherited from malicious libraries, third-party software, and compromised build artifacts.
Granting too many permissions to Kubernetes clusters and workloads running inside them.
Operating Kubernetes services without policies that prevent lateral movement between workloads and centrally and monitoring cluster activity.
Lacking inventory and visibility between microservices and serverless systems.
Failing to release patches and close vulnerability windows due to code freezes and failed deployments.
Inability to consolidate, verify, and enforce policy for pipelines and workloads running across the organization.

Security teams can help organizations prevent these issues by developing a DevOps mindset and learning to apply cloud native and Kubernetes security controls. This course provides development, operations, and security professionals with a deep understanding of and hands-on experience with the DevOps methodology used to build and deliver cloud native infrastructure and software. Students learn how to attack and then harden the entire DevOps workflow, from version control to continuous integration and running workloads in Kubernetes. Each step of the way, students explore the security controls, configuration, and policies required to improve the reliability, integrity, and security of on-premises and cloud-hosted systems. Students learn how to implement more than 20 DevSecOps security controls to build, test, deploy, harden, and monitor cloud native infrastructure and services.

"BEST class I have ever taken at SANS. This is one of those courses where I can log into work after class ends and immediately start applying into my daily tasks and responsibilities. I already went on my team's Slack channel and told them this needs to be the next class they take." - Brian Esperanza, Teradata

"Every single person I've sent to class has loved it. It's been transformational for them because it goes beyond security concepts and teaches how modern operations and DevOps works. It's also impactful sending developers (who are not working in cloud yet) because they want to develop in cloud and get into concepts like Infrastructure as Code." - Brett Cumming

Business Takeaways

Build a modern security team that understands cloud native security and DevSecOps workflows
Partner with DevOps and engineering teams to inject security into automated pipelines and earlier into the development process
Leverage cloud native services to deploy, harden, and monitor software products
Ensure your organization is ready to refactor, revise, and rebuild products during their migration to containers and Kubernetes
Use cloud monitoring and event triggered automation to improve security capabilities and respond to risk effectively
Create centralized audit pipelines and compliance as code polices monitoring the health of CI/CD builds, Kubernetes clusters, and public cloud resources

Skills Learned

Understand how DevOps works and identify keys to success
Wire security scanning into automated CI/CD pipelines and workflows
Parse security scanning results and display the data on CI/CD dashboards
Manage secrets for CI/CD servers and cloud native applications
Automate configuration management using Infrastructure as Code (IaC)
Build, harden, and publish golden virtual machine images using CI/CD workflows
Operate and secure container technologies using Docker and Kubernetes
Manage the software supply chain using software provenance, attestations, artifact signing, software bill of materials (SBOM), and SBOM vulnerability scanning.
Understand how Kubernetes integrates with AWS Identity and Access Management (IAM), Microsoft Entra ID, and OpenID Connect (OIDC) identity providers.
Learn how to create Kubernetes Role-Based Access Control (RBAC) polices for various operators
Harden Kubernetes clusters with workload identity and admission control
Deploy patches using cloud and Kubernetes blue / green deployments
Refactor systems to take advantage of microservice and serverless architectures
Monitor Kubernetes cluster and workload audit logs using cloud native tooling such as OpenTelemetry, Grafana, Loki, Mimir, and Tempo
Configure centralized audit pipelines for scanning cloud native, Kubernetes, and public cloud resources across the organization
Aggregate, correlate, and validate vulnerability data from CI/CD pipelines across the organization
Write policy as code that evaluates build health and triggers auto-remediation playbooks to enforce compliance requirements

Hands-On DevSecOps Automation Training

35 Unique, Immersive, Hands-On Labs
3 CI/CD security labs
16 Kubernetes and cloud native security labs running in AWS
16 Kubernetes and cloud native security labs running in Microsoft Azure

CloudWars Bonus Challenges

SEC540 training goes well beyond traditional lectures and immerses students in hands-on application of techniques during each section of the course. Each lab includes a step-by-step guide to learning and applying hands-on techniques, as well as a "no hints" approach for students who want to stretch their skills and see how far they can get without following the guide. This allows students, regardless of background, to choose the level of difficulty they feel is best suited for them -- always with a frustration-free fallback path. Immersive hand-on labs ensure that students not only understand theory, but how to configure and implement each security control.

The SEC540 lab environment simulates a real-world DevOps environment, with more than 10 automated pipelines responsible for building DevOps container images, cloud infrastructure, automating gold image creation, orchestrating Kubernetes workloads, deploying serverless functions, executing security and audit scans, and enforcing compliance standards. Students are challenged to sharpen their technical skills and automate more than 20 security-focused challenges using a variety of command line tools, programming languages, and markup templates.

The SEC540 course labs come in both AWS and Azure versions. Students will choose one cloud provider at the beginning of class to use for the duration of the course. Both options leverage Terraform for Infrastructure as Code (IaC) and the cloud provider's managed Kubernetes for container orchestration. Students are welcome to do labs for the alternate cloud provider on their own time once they finish the first set of labs.

For students who want an extra challenge, 2 hours of CloudWars Bonus Challenges are available during extended hours each day. These CloudWars challenges provide additional opportunities for hands-on experience with the cloud and DevOps toolchain.

Section 1: Attacking the DevOps Toolchain, Version Control Security, Automating Code Analysis, Protecting Secrets with Vault, CloudWars (Section 1): Cloud Native & DevSecOps Automation Bonus Challenges
Section 2: Infrastructure as Code Network Hardening, Gold Image Creation, Container Image Hardening, Container Supply Chain Security, CloudWars (Section 2): Cloud Native & DevSecOps Automation Bonus Challenges
Section 3: Container Registry Security, Kubernetes Role-Based Access Control (RBAC), Kubernetes Workload Identity, Kubernetes Admission Control, CloudWars (Section 3): Cloud & DevOps Bonus Challenges
Section 4: Microservice Security, Serverless Security, Kubernetes Blue / Green Deployment, OpenTelemetry Observability, CloudWars (Section 4): Cloud Native & DevSecOps Automation Bonus Challenges
Section 5: Cloud and Kubernetes Compliance, Vulnerability Aggregation and Correlation, Automated Remediation, CloudWars (Section 5): Cloud Native & DevSecOps Automation Bonus Challenges

"Labs were really impressive. You can tell there are hours of work in there. It was organized really well and was great practice." - David Heaton, Grange Insurance

"Labs were the best bit of the whole thing - well maintained, keep it up." - Richard Ackroyd, PwC

"Great wealth of scripts to use and leverage." - Ravi Balla, GE

"Fun and straightforward. Everything worked like a charm." - Kenneth Jordan, Openaltar

Syllabus Summary

Section 1: Attacking and Hardening the DevOps Toolchain
Section 2: Securing Cloud Infrastructure, Container Images, and the Software Supply Chain
Section 3: Securing Container Registries and Kubernetes
Section 4: Securing Microservices, Serverless, and Observability
Section 5: Automating Compliance, Policy, and Remediation

Additional Free Resources

Posters, Cheat Sheets, and Lists

Webcasts

Tools

See a complete list of Cloud Security tools here, all of which are applicable to SEC540.

What You Will Receive

Printed and electronic courseware
SANS provides time-limited AWS and Azure cloud accounts for completing the labs.
SANS provides instructions for accessing a virtual environment, also known as the Cloud Security Flight Simulator. Upon connecting to the environment, students can access the DevOps services (GitLab, VS Code, Grafana, and Vault) using Firefox to complete the lab exercises.
GitLab repositories with workflow, Terraform, Packer, Ansible, Kubernetes, and Docker configurations deploying the AWS and Azure infrastructure.
Browser access to an electronic workbook with lab instructions and commands to complete the lab exercises.
Ability to launch the DevOps server and lab infrastructure in your personal AWS and Azure cloud accounts after the course ends.

Syllabus (38 CPEs)

Download PDF

DevOps Security Automation
Overview
SEC540 training starts by introducing DevOps practices, principles, and tools by attacking a vulnerable Version Control and Continuous Integration (CI) system. Students gain an in-depth understanding of how the toolchain works, the risks these systems pose, and identify key weaknesses that could compromise the workflow. Next, we examine the security features available in various Continuous Integration (CI) and Continuous Delivery (CD) systems, such as GitHub and GitLab, and then start hardening the workflow. After automating various code analysis tools, students learn how to parse various machine-readable data formats and display the results in CI dashboards. After discovering insecurely stored secrets, we shift focus to storing sensitive data in secrets management solutions, such as HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault, that can be read at runtime by a CI workflow.
Exercises
- Attacking the DevOps Toolchain
- Version Control Security
- Automating Code Analysis
- Protecting Secrets with Vault
- CloudWars (Section 1): Cloud Native & DevSecOps Automation Bonus Challenges
Topics
DevOps and Security Challenges
- Understand the Core Principles and Patterns behind DevOps
- Recognize how DevOps works and identify keys to success
DevOps Toolchain
- Version control and source code management with git
- Using GitFlow to manage changes across environments
- Continuous Integration (CI) versus Continuous Delivery (CD)
- Continuous Delivery versus Continuous Deployment
- GitHub workflows, actions, reusable workflows, composite actions, and secrets storage
- GitLab CI/CD workflows, components, OpenID Connect identity tokens, and HashiCorp Vault integration
- CI/CD supply chain attacks, risks, and hardening guidelines
Securing DevOps Workflows
- Threat model and secure your build and deployment environment
- DevSecOps phases and security controls
- How DevSecOps and artificial intelligence (AI) work together
Pre-Merge Security Controls
- Conduct effective risk assessments and threat modeling in a rapidly changing environment
- Learn how to analyze a git repository and identity key technology stacks
- Configure pre-commit git hooks to run required security checks
- Install code editor extensions for security and artificial intelligence (AI)
- Enable branch protections to require approvals and change control
- Enforce high risk code reviews using CodeOwners
- Set up merge request templates and automated merge request pipelines to evaluate code health
Merge Security Controls
- Design and implement automated security tests in merge request pipelines
- Understand the strengths and weaknesses of different automated testing approaches in Continuous Integration
- How to minimize false positives and create custom rules
- Parse automated security using the xUnit, JUnit, SARIF, CycloneDX, and SPDX machine readable formats
- Learn the toolchain for scanning application source code, dependencies, configuration management code, and infrastructure as code
Secrets Management
- Managing secrets for CI/CD workflows
- Scan version control repositories for secrets
- Prevent secrets from being committed to version control
- Register pre-commit hooks to block commits with secrets
- Open-source and commercial secrets management systems
- Provision secrets in the Azure Key Vault, AWS Secrets Manager, and HashiCorp Vault
Cloud Infrastructure Security
Overview
Section 2 challenges students to use their DevOps skills to deploy a code-driven cloud infrastructure with Terraform using more than 100 cloud resources. Students scan the cloud infrastructure as code (IaC), identify insecure network configurations and harden the network traffic flow rules. With the cloud infrastructure in place, students learn how automate configuration management and publish golden images using Packer and Ansible. To finish the day, students begin preparing a container image to run on a Kubernetes cluster. Following the container security lifecycle, we review Dockerfiles and Kubernetes manifests for misconfigurations, scan the configuration file code analysis, rebuild the image using trusted suppliers, write container security policies as code, and scan images for vulnerabilities. Finally, students learn how to manage the container image's software supply chain using attestations, provenance, software bill of materials (SBOM), artifact signing, and SBOM vulnerability scanning.
Exercises
- Infrastructure as Code Network Hardening
- Gold Image Creation
- Container Image Hardening
- Container Software Supply Chain Security
- CloudWars (Section 2): Cloud Native & DevSecOps Automation Bonus Challenges
Topics
Cloud Infrastructure as Code
- Introduction to Cloud Infrastructure as Code (IaC)
- Terraform, OpenTofu, and the pros and cons of multi-cloud IaC
- Create Terraform resources with HashiCorp Configuration Language (HCL)
- How to choose a Terraform provider for your cloud
- Create shared Terraform modules for your organization
- Automate Terraform deployments in CI/CD
- Secure Infrastructure as Code (IaC) configurations with Checkov and EasyInfra
Configuration Management as Code
- Introduction to configuration management tools
- How Ansible templates can help configure a custom virtual machine
- Build custom virtual machine images with Packer
- Automate golden image configuration test suites with InSpec
- Publish golden images using CI/CD workflows
Container Security Lifecycle
- Introduction to the Application Container Security Guide
- Dockerfile commands, examples, and misconfigurations
- Linting container configuration files with Trivy
- Eliminating vulnerabilities with minimal base images, trusted suppliers, and multi-stage builds
- Writing custom container configuration policies with Conftest
- Scanning container images for vulnerabilities with Trivy
Software Supply Chain Security
- Introduction to the software supply chain
- Software provenance attestations with Docker BuildKit
- Supply-Chain Levels for Software Artifacts (SLSA)
- Managing vulnerable dependencies with trusted suppliers
- Create Software Bill of Materials (SBOMs)
- Sign build artifacts and Software Bill of Materials (SBOMs) with Project Sigstore
- Scan SBOM artifacts for vulnerabilities and track results using Vulnerability Exploitability eXchange (VEX)
Cloud Native Security Operations
Overview
Section 3 prepares students to deploy and secure containerized workloads running in cloud-native Kubernetes services such as AWS Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS). After an introduction to Kubernetes architecture, students examine how ingress, service, and pod resources route traffic to a container and use GitLab CI to deploy a container image to the pod. With workloads running in Kubernetes, we shift focus to Kubernetes security controls such as authentication, role-based access control (RBAC), isolation, workload identity, and admission control.
Exercises
- Container Registry Security
- Kubernetes Role-Based Access Control (RBAC)
- Kubernetes Workload Identity
- Kubernetes Admission Control
- CloudWars (Section 3): Cloud & DevOps Bonus Challenges
Topics
Kubernetes Architecture, Resources, and Deployments
- Introduction to Kubernetes architecture
- Interacting with the Kubernetes API server using kubectl
- Learn to create Kubernetes resource using YAML configuration
- Build Kubernetes ingress, service, and deployment resources for routing traffic to a microservice
- Inventory Kubernetes resources using metadata labels, and annotations
- Learn to create re-usable configuration with Kustomize
- Install Kubernetes packages using Helm
- Prepare container registry security for deploying Kubernetes pods
- Deploy a container image to Kubernetes using GitLab CI
Kubernetes Risks and Security Controls
- Understand container runtime and orchestration platforms
- Review container orchestrator security risks
- Kubernetes security hardening and security tools
- Understand Kubernetes authentication in AWS Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS)
- Isolate resources using namespaces
- Store sensitive data in Kubernetes secrets and encrypt secrets storage using cloud managed encryption services
- Workload identity using Kubernetes service accounts
- Apply role-based access control (RBAC) permissions to a subject (user, group, service account)
- Configure Kubernetes cloud identity with EKS Access Entries and AKS Entra ID integrations
Kubernetes Workload Security
- Kubernetes cloud controller manager capabilities
- Review Azure Kubernetes Service (AKS) cloud controller manager permissions
- Understand how Azure Kubernetes Service (AKS) pod permissions grant access to Azure APIs
- Review AWS Elastic Kubernetes Service (EKS) cloud controller manager permissions
- Understand how AWS Elastic Kubernetes Service (EKS) pod permissions grant access to AWS APIs
- Enable Kubernetes workload identity using OpenID Connect (OIDC)
- Deploy Kubernetes workload identity for pods running in either Azure Kubernetes Service (AKS) and AWS Elastic Kubernetes Service (EKS)
- Audit pods for least privilege access in both Azure Kubernetes Service (AKS) and AWS Elastic Kubernetes Service (EKS)
Kubernetes Runtime Security
- Introduction to pod and container security context options
- Enable host and process namespacing and workload resource limits
- Introduction to Kubernetes admission controllers
- Write validating admission controllers with Common Expression Language (CEL) and Open Policy Agent (OPA), Gatekeeper, and Rego
- Learn how eBPF enables runtime protection for Kubernetes hosts and containers
- Compare runtime security options include Cilium, Falco, KubeArmor
Microservice and Serverless Security
Overview
Section 4 starts by exploring microservice architectures, edge authentication, and internal micro-segmentation with API Gateways, Kubernetes network policy, and service mesh platforms. Students then learn how serverless architectures enable DevOps teams to build dynamic systems using event triggers and Functions as a Service (FaaS). We then learn how to leverage cloud-native Kubernetes ingress load balancers to patch containerized workloads using blue/green deployment patterns. Students finish the section by learning about observability with OpenTelemetry and Grafana to monitor Kubernetes clusters and workloads. We will analyze log files, detect an attack in real time, and send alerts to the security team.
Exercises
- Microservice Security using API Gateways, OpenID Connect, and Network Policy
- Serverless Security for Cloud Functions as a Service (FaaS) with GitLab CI
- Kubernetes Blue/Green Deployments
- Observability with OpenTelemetry and Grafana
- CloudWars (Section 4): Cloud Native & DevSecOps Automation Bonus Challenges
Topics
Microservice Security
- Compare the attack surfaces for traditional and microservice architectures
- Understand the pros and cons when moving to microservices
- Protect the perimeter with an API Gateway
- Enable API Gateway authentication and authorization with Open ID Connect (OIDC)
- Understand how service providers validate identity tokens from OIDC identity providers
- Create an Azure API Management gateway to protect a private microservice
- Configure an Azure API Management custom security policy to validate custom OIDC identity tokens
- Create an AWS API Gateway to protect a private microservice
- Configure an AWS API Gateway custom authorizer to validate custom OIDC identity tokens
- Verify JSON Web Token (JWT) configurations and claims meet security recommendations
- Protect internal service to service communications with mutual TLS
- Build Kubernetes network policies with Container Network Interface (CNI)
- Extend Kubernetes network policy intelligence with Calico
- Understand how service mesh offerings can control API traffic at scale
Serverless Security
- Introduction to serverless application architectures
- Leverage event driven cloud services to host dynamic applications
- Build a serverless single page application (SPA) cloud native content delivery network (CDN), storage, identity provider, API Gateway, function (FaaS), and database services
- Serving static content with Cloud CDN offerings (AWS CloudFront, Azure Front Door)
- Processing API requests using Cross-origin Resource Sharing (CORS) policies
- Review the Azure Function service and security options
- Review the AWS Lambda service and security options
- Introduction to GraphQL managed services and security concerns
- How do serverless systems change the security team's responsibilities
- Divide serverless deployment responsibilities between development and operations
- Build GitLab CI workflows for deploying serverless function packages
Deployment Orchestration using Cloud Native Services
- Introduction to blue/green deployment workflows
- Understand blue/green deployments using Azure Application Gateway
- Automate blue/green deployments using Azure Kubernetes ingress controller and service resources
- Understand blue/green deployments using AWS Route53 and AWS Application Load Balancer (ALB) weighted target groups
- Automate blue/green deployments using AWS Elastic Kubernetes Service (EKS) ingress controller and service resources
Cloud Native Security Observability
- Monitoring and feedback loops from production to engineering
- Understand the difference between logs, metrics, and data tracing
- Review Azure Monitor and Log Analytics
- Review AWS CloudWatch and OpenSearch service
- Cloud native logging and monitoring tools
- Grafana’s monitoring stack including Loki, Mimir, and Tempo
- OpenTelemetry framework, protocol (OTLP), and collectors
- OpenTelemetry Kubernetes collector
- Examine Kubernetes cluster, node, container, and event log sources
- Grafana notification templates and contact types
- Test monitoring, alerts, and notifications using automated ZAP scans
Continuous Compliance and Protection
Overview
Section 5 starts with a discussion on working in DevOps and how that affects policy and compliance. Students learn to leverage cloud native security tooling to automate cloud and Kubernetes compliance checks. Starting with Cloud Security Posture Management (CSPM), we start detecting security issues in the cloud and Kubernetes infrastructure. Next, students learn how to aggregate and correlate vulnerabilities from CI/CD pipelines into Application Security Posture Management (ASPM) tools. With vulnerability data in a centralized database, valid findings can establish a health score for each product. This allows governance teams to create policy as code that “pulls the andon cord” and marks a build as unhealthy or stops a pod from launching in a Kubernetes cluster. Students finish the course learning how to write policy as code for automated remediation to detect and correct cloud configuration drift.
Exercises
- Cloud and Kubernetes Compliance
- Vulnerability Aggregation and Correlation
- Automated Remediation
- CloudWars (Section 5): Cloud Native & DevSecOps Automation Bonus Challenges
Topics
Continuous Compliance
- Introduction to Continuous Compliance and Compliance as Code
- Modern governance, risk, and compliance for cloud native applications
- Mapping DevOps guardrails to ITIL and PCI controls
- Kubernetes, Governance, Risk, and Compliance
- Kubernetes Policy Architecture, Administration, and Enforcement
- Cloud Security Posture Management (CSPM) with AWS Security Hub, Defender for Cloud, and Prowler
Policy as Code
- Introduction to Application Security Posture Management (ASPM) products
- Explore the DefectDojo product hierarchy, findings, status, and health score capabilities
- Using CI/CD components to push findings into ASPM tools
- Centralizing automated security checks in a dedicated security scanning factory
- Writing policy as code to evaluate product health scores and “pull the andon cord”
Automated Remediation
- Introduction to automated detection and remediation in the cloud
- Learn how Azure Event Grid and AWS EventBridge route events to runbooks for remediation and notifications
- Explore CSPM automation capabilities in Microsoft Defender for Cloud and AWS Security Hub
- Learn how AWS Security Hub Automated Response & Remediation (SARR) uses playbook automation to close findings
- Write policy as code with Cloud Custodian to manage cloud resources
- Deploy Cloud Custodian policies to remediate Azure Network Security Group and AWS Security Group firewall rule misconfigurations

GIAC Cloud Security Automation

The GIAC Cloud Security Automation (GCSA) certification validates a practitioner's understanding of the cloud native toolchain, DevSecOps methodology, and security controls throughout CI/CD pipelines. GCSA certification holders have demonstrated knowledge of the tools and skills required to implement configurations that improve the reliability, integrity, and security of cloud native systems.

DevOps and DevSecOps fundamentals, Secure Infrastructure and Configuration Management
Securing Cloud Architecture, Continuous Security Monitoring
Data and Secrets Protection, Compliance
Security and Automation related to Deployment, Runtime and Content Delivery

More Certification Details

Prerequisites

The following are courses or equivalent experiences that are prerequisites for SEC540:

Hands-on experience using Amazon Web Services (AWS) or the Microsoft Azure Cloud
Familiarity with Linux command shells and associated commands
Basic understanding of version control (git) and continuous integration systems (GitLab CI)
Introductory knowledge of containers and Kubernetes is helpful (see references below to get started)
Basic understanding of common application attacks and vulnerabilities (e.g., OWASP Top 10) is recommended but not required

Preparing for SEC540

Students taking SEC540 will have the opportunity to learn and use a number of DevOps and cloud tools during the hands-on exercises. Getting a head start on the following tools, technologies, and languages will help students enjoy their lab experience:

Laptop Requirements

!!! IMPORTANT NOTICE !!!

CLOUD ACCOUNTS:

Student cloud accounts are provided for students by SANS to complete the course labs.

The SEC540 course labs come in both AWS and Azure versions. Time-limited accounts for each cloud are provided by SANS to use for completing the labs.

OnDemand students:

Students can dynamically provision access to their AWS or Azure accounts by logging in to their SANS account and visiting the My Labs page.
When cloud account provisioning is complete, students can download time-limited credentials for accessing the cloud accounts

Live events (In Person or Live Online)

Students are automatically provisioned access to both AWS and Azure accounts 24 hours before class starts.
Students can log in to their SANS account and visit the MyLabs page to download their cloud credentials the day before class begins.

MANDATORY LAPTOP REQUIREMENT:

Students must bring their own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

Students must be in full control of their system's network configuration. The system will need to communicate with the cloud-hosted DevOps server using a combination of HTTPS, SSH, and SOCKS5 traffic on non-standard ports. Running VPN, intercepting proxy, or egress firewall filters may cause connection issues communicating with the DevOps server. Students must be able to configure or disable these services to connect to the lab environment.

BRING YOUR OWN LAPTOP CONFIGURED USING THE FOLLOWING DIRECTIONS:

A properly configured system is required for each student participating in this course. Before starting your course, carefully read and follow these instructions exactly:

Host Operating System: Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run the Firefox browser described below.
Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.

Mandatory Host Hardware Requirements

CPU: 64-bit 2.5+ GHz multi-core processor or higher
Wireless Ethernet 802.11 B/G/N/AC
Local Administrator Access within your host operating system
Must have the ability to install Firefox, enable a Firefox extension, and install a new trusted root certificate on the machine.

Mandatory Software Requirements

Prior to class, ensure that the following software is installed on the host operating system:
Firefox 120.0+
Firefox SmartProxy extension: https://addons.mozilla.org/en-US/firefox/addon/smartproxy/

IN SUMMARY

Before beginning the course you should:

Have a laptop with a solid-state drive (SSD), 16GB of RAM, and a 64-bit operating system.
Install the latest version of Firefox and the SmartProxy extension.
Download the SEC540 Lab Setup Instructions from your sans.org account.

After you have completed those steps, access the SANS provider cloud accounts to connect to the SANS Cloud Security Flight Simulator and connect to the SEC540 DevOps server. The SEC540 DevOps server hosts an electronic workbook, version control, CI/CD, secrets manager, and Terminal services that can be accessed through the Firefox browser.

Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.

If you have additional questions about the laptop specifications, please contact customer service.

Author Statement

"DevOps, cloud, Kubernetes, and cloud native tools are radically changing the way that organizations design, build, deploy, and operate online systems. Leaders like Amazon, Netflix, Microsoft, and Google deploy hundreds or even thousands of changes every day, continuously learning, improving, and growing - and leaving their competitors far behind. With DevSecOps moving from Internet 'Unicorns' and cloud providers into the enterprise, it is more important than ever for security teams to understand how these systems work.

"Traditional approaches to security can't come close to keeping up with this rate of accelerated change. Engineering and operations teams that have broken down the 'walls of confusion' in their organizations are increasingly leveraging new kinds of automation, including Infrastructure as Code, Continuous Delivery and Continuous Deployment, Kubernetes, microservices, containers, and cloud native services. The question is: How can security take advantage of these tools and automation to better secure its systems?

"Security must be reinvented in a DevOps and cloud native world."

- Eric Johnson, Ben Allen, and Frank Kim

"Great instructor, gave real life devops examples from his experience, and was very willing to demo extra concepts and commands on the fly (hashicorp terraform)." - Eden Kang

Ways to Learn

OnDemand

Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.

Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

View Available Dates & Time Zones

In Person (5 days)

Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings.

View Available Dates & Locations

Who Should Attend SEC540?

Anyone working in or transitioning to a public cloud environment
Anyone working in or transitioning to a DevOps environment
Anyone working in Kubernetes, containers, and microservices
Anyone who wants to understand where to add security checks, testing, and other controls to cloud and DevOps Continuous Delivery pipelines
Anyone interested in learning how to migrate and secure DevOps workloads in the cloud, specifically Amazon Web Services (AWS) and Microsoft Azure
Anyone interested in leveraging cloud application security services provided by AWS or Azure
Developers
Software architects
Operations engineers
System administrators
Security analysts
Security engineers
Auditors
Risk managers
Security consultants

NICE Framework Work Roles:

Software Developer (OPM 621)
Secure Software Assessor (OPM 622)
Enterprise Architect (OPM 651)
Research & Development Specialist (OPM 661)
Information Systems Security Developer (OPM 631)
Systems Developer (OPM 632)

"Course provides a good deal of insight into pipelines and security automation. I would recommend this to anybody in development or security."- Kenneth Jordan, Openalter

See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter

Courses

Hands-On Simulations

Certifications

Ways to Train

Training Events & Summits

Free Training Events

Security Awareness

By Focus Area

By NICE Framework

DoDD 8140 Work Roles

By European Skills Framework

By Skills Roadmap

New to Cyber

Leadership

Degree and Certificate Programs

Watch & Listen

Read

Download

SANS Community Benefits

CISO Network

Team Development

Leadership Development

Security Awareness

Public Sector Partnerships

Sponsorship Opportunities

SEC540: Cloud Native Security and DevSecOps Automation™

GIAC Cloud Security Automation (GCSA)

Course Authors:

Frank Kim

Eric Johnson

Ben Allen

What You Will Learn

Secure Your Systems at Cloud Native Speed

Business Takeaways

Skills Learned

Hands-On DevSecOps Automation Training

CloudWars Bonus Challenges

Syllabus Summary

Additional Free Resources

What You Will Receive

Syllabus (38 CPEs)

DevOps Security Automation

Overview

Exercises

Topics

Cloud Infrastructure Security

Overview

Exercises

Topics

Cloud Native Security Operations

Overview

Exercises

Topics

Microservice and Serverless Security

Overview

Exercises

Topics

Continuous Compliance and Protection

Overview

Exercises

Topics

GIAC Cloud Security Automation

Prerequisites

Laptop Requirements

!!! IMPORTANT NOTICE !!!

CLOUD ACCOUNTS:

MANDATORY LAPTOP REQUIREMENT:

IN SUMMARY

Author Statement

Ways to Learn

Who Should Attend SEC540?

Need to justify a training request to your manager?

Reviews

Filters:

Register for SEC540

Loading...