SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
SEC502: Cloud Security Tactical Defense
SEC502Cloud Security
- 5 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course authored by:
Ryan Nicholson
Course authored by:Ryan Nicholson
- GIAC Cloud Security Essentials (GCLD)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person or Virtual
Attend a live, instructor-led class from a location near you or virtually from anywhere
- 41 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Gain tactical expertise to configure, monitor, and defend cloud environments while addressing data security and compliance challenges.
Featured Quote
SEC502: Cloud Security Tactical Defense is the updated version of SEC488: Cloud Security Essentials. If you are currently registered for SEC488 or are an alumnus of that course, please visit the SEC488 course page for relevant information regarding your course schedule, materials, and certification details.
Course Overview
SEC502: Cloud Security Tactical Defense equips practitioners with advanced, hands-on experience to secure modern cloud environments against evolving threats. Through live labs in real cloud environments, students will design and enforce tactical controls across identity, data, and network layers, addressing real-world risks like misconfigurations, lateral movement, and privilege escalation, credential theft, data theft, and lateral movement. With 40 immersive, live-fire labs and a competitive Capture the Flag challenge, participants gain the expertise to harden cloud infrastructure, lead incident response efforts, and implement security strategies aligned with enterprise-scale deployments and compliance frameworks.
What You’ll Learn
- Identify cloud security weaknesses and risks in CSP offerings.
- Navigate challenges and choose effective cloud security controls.
- Protect sensitive data and ensure accountability with cloud logging.
- Assess CSP trustworthiness using documentation and audits.
- Secure management access and deploy native network controls.
- Perform penetration testing and leverage top CSP services.
- Communicate cloud security concepts with teams and leadership.
Business Takeaways
- Minimize Your Cloud Risk: Proactively secure your cloud environments to significantly reduce vulnerabilities.
- Safeguard Computational Resources: Ensure your budget remains intact by protecting your computing power.
- Enhance Compliance: Elevate your cloud security compliance to meet and exceed regulatory standards.
- Boost Efficiency: Leverage automation to streamline operations and enhance overall productivity.
- Strengthen Workforce Retention: Enhance organizational security, leading to increased employee satisfaction and retention.
- Protect Brand Reputation: Maintain and enhance your organization's brand by securing your cloud operations.
- Build Customer Trust: Increase customer confidence with robust and reliable cloud security measures.
Meet Your Author
Ryan Nicholson
Senior InstructorRyan’s extensive experience, including roles as a cybersecurity engineer for major Department of Defense cloud projects and as a lead auditor, underscores his dedication to enhancing the security posture of critical systems.
Read more about Ryan NicholsonCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC502: Cloud Security Tactical Defense.
Section 1Identity and Access Management (IAM)
The first section of this cloud security course focuses on Identity and Access Management (IAM). Students will quickly understand IAM's critical role in protecting cloud accounts.
Topics covered
- Separate accounts and groups by workload
- Apply least-privilege policies
- Limit breach impact with guardrails and Zero Trust
- Use temporary creds and manage secrets
- Control all identities with strong authentication and oversight
Labs
- User Inventory and Configurations
- Adventures in Least Privilege
- Application Credentials
- Metadata Services
Section 2Compute and Configuration Management
The second section will cover ways to protect the compute elements in cloud providers' Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings.
Topics covered
- Secure VM, host, and image configurations
- Apply application security and threat modeling
- Understand IaaS/PaaS/SaaS security responsibilities
- Manage containers with secure deployment practices
- Analyze and secure Infrastructure as Code (IaC)
Labs
- Secure VM Deployment
- Automated Image Build
- Which Reality?
- Infrastructure as Code Analysis
Section 3Data Protection
The third section will first focus on the protection of data in cloud environments.
Topics covered
- Address legal, contractual, and data residency requirements
- Protect cloud storage with encryption and access controls
- Ensure availability and resilience of critical cloud apps
- Manage cloud resources and their lifecycle securely
- Identify risks in productivity tools and perform data hunting
Labs
- Public Storage Blunders
- Sensitive Data Hunting
- Data in Transit Encryption
- Cloud Data Lifecycle Management
Section 4Networking and Detection
Section 4 is where many network security analysts, engineers, and architects will begin salivating as they will do a deep dive into the ins and outs of cloud networking and log generation, collection, and analysis to set themselves up for success to defend their IaaS workloads.
Topics covered
- Compare and harden public cloud vs. on-prem networking
- Secure remote management of IaaS resources
- Segment networks to isolate and protect assets
- Use cloud-native protection and detection services
- Implement logging and visibility for threat detection
Labs
- Restricting Network Access
- Web Application Firewall (WAF)
- Cloud Services Logging
- IaaS Logging
Section 5Compliance, Incident Response, and Penetration Testing
In the fifth section, we'll dive headfirst into compliance frameworks, audit reports, privacy, and eDiscovery to equip you with the information and references to ensure that the right questions are being asked during CSP risk assessments.
Topics covered
- Extend asset inventory and risk management to the cloud
- Apply AI and serverless strategies for cloud defense
- Use CASBs, CSPMs, and CWPPs for visibility and control
- Conduct and respond to cloud-focused penetration testing
- Detect and contain cloud breaches early
Labs
- Cloud-Native Vulnerability Assessment Tools
- Cloud Custodian
- Cloud Penetration Testing
- Tripwires
Section 6CloudWars
The final section is a multi-hour, self-paced CloudWars challenge completed independently after the course to reinforce key concepts and hands-on skills.
Things You Need To Know
Relevant Job Roles
Systems Administration (OPM 451)
NICE: Implementation and OperationResponsible for setting up and maintaining a system or specific components of a system in adherence with organizational security policies and procedures. Includes hardware and software installation, configuration, and updates; user account management; backup and recovery management; and security control implementation.
Explore learning pathSystems Developer (DCWF 632)
DoD 8140: Cyber ITOversees full lifecycle of information systems from design through evaluation, ensuring alignment with functional and operational goals.
Explore learning pathCloud Security Analyst
Cloud SecurityUsing cloud security solutions to respond to incidents and enable defenses
Explore learning pathCybersecurity Architecture (OPM 652)
NICE: Design and DevelopmentResponsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.
Explore learning pathCloud Security Manager
Cloud SecurityDeveloping cloud security roadmaps, plans and procurement models that define policy and procedure
Explore learning pathSystems Security Management (OPM 722)
NICE: Oversight and GovernanceResponsible for managing the cybersecurity of a program, organization, system, or enclave.
Explore learning pathInformation Systems Security Developer (DCWF 631)
DoD 8140: CybersecurityDesigns and evaluates information system security throughout the software lifecycle to ensure confidentiality, integrity, and availability.
Explore learning pathCyber Defense Infrastructure Support Specialist (DCWF 521)
DoD 8140: CybersecurityDeploys, configures, maintains infrastructure software and hardware to support secure and effective IT operations across organizational systems.
Explore learning pathNetwork Operations Specialist (DCWF 441)
DoD 8140: Cyber ITImplements and maintains network services, including hardware and virtual systems, ensuring operational support for infrastructure platforms.
Explore learning pathInformation Systems Security Manager (DCWF 722)
DoD 8140: CybersecurityOversees program, system, or enclave cybersecurity, ensuring protection from cyber threats and compliance with organizational standards.
Explore learning pathCloud Security Architect
Cloud SecurityDesigning the adoption of cloud services and define the tools and strategy for cloud solutions
Explore learning pathSystems Security Analysis (OPM 461)
NICE: Implementation and OperationResponsible for developing and analyzing the integration, testing, operations, and maintenance of systems security. Prepares, performs, and manages the security aspects of implementing and operating a system.
Explore learning pathSecurity Architect (DCWF 652)
DoD 8140: CybersecurityDesigns secure enterprise systems considering environmental constraints and translates them into enforceable security processes and protocols.
Explore learning pathCybersecurity Instruction (OPM 712)
NICE: Oversight and GovernanceResponsible for developing and conducting cybersecurity awareness, training, or education.
Explore learning pathEnterprise Architect (DCWF 651)
DoD 8140: Cyber ITDevelops business and IT process architectures, creating baseline and target architectures to meet mission or enterprise goals.
Explore learning pathSoftware/Cloud Architect (DCWF 628)
DoD 8140: Software EngineeringDefines technical system specs including cloud strategy and software integration to meet business or mission-aligned system requirements.
Explore learning pathResearch & Development Specialist (DCWF 661)
DoD 8140: Cyber ITConducts research in systems/software engineering to develop capabilities and identify vulnerabilities, with security integrated throughout.
Explore learning pathSecure Software Assessor (DCWF 622)
DoD 8140: CybersecurityAnalyzes new or existing software applications for security issues and provides actionable insights to improve protection and performance.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceRegistration Options
- Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Ryan NicholsonDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Denver, CO, US & Virtual (live)
Instructed by Chris EdmundsonDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Orlando, FL, US & Virtual (live)
Instructed by Kenneth G. HartmanDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Orlando, FL, US & Virtual (live)
Instructed by Chris EdmundsonDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesRegistration Options
Showing 4 of 4
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3This course is exactly what I hoped it would be. Teaching me Cloud from an IT Cloud Engineer perspective, but with a Security lens.
- Slide 2 of 3Real world practicality of the labs has enabled me to envision how to explore and implement cloud best practices, tests, configurations, and the like which I found to be very valuable.
- Slide 3 of 3The labs serve to both break up a fairly intensive academic upskilling, and also to teach you how to apply the knowledge correctly and safely, allowing you to secure your cloud environment with confidence and ease.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources