Talk With an Expert

SEC502: Cloud Security Tactical Defense

SEC502Cloud Security
  • 5 Days (Instructor-Led)
  • 36 Hours (Self-Paced)
Course authored by:
Ryan Nicholson
Ryan Nicholson
SEC488: Cloud Security Essentials
Course authored by:
Ryan Nicholson
Ryan Nicholson
  • GIAC Cloud Security Essentials (GCLD)
  • 36 CPEs

    Apply your credits to renew your certifications

  • In-Person or Virtual

    Attend a live, instructor-led class from a location near you or virtually from anywhere

  • 41 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Gain tactical expertise to configure, monitor, and defend cloud environments while addressing data security and compliance challenges.

Course Overview

SEC502: Cloud Security Tactical Defense equips practitioners with advanced, hands-on experience to secure modern cloud environments against evolving threats. Through live labs in real cloud environments, students will design and enforce tactical controls across identity, data, and network layers, addressing real-world risks like misconfigurations, lateral movement, and privilege escalation, credential theft, data theft, and lateral movement. With 40 immersive, live-fire labs and a competitive Capture the Flag challenge, participants gain the expertise to harden cloud infrastructure, lead incident response efforts, and implement security strategies aligned with enterprise-scale deployments and compliance frameworks.

What You’ll Learn

  • Identify cloud security weaknesses and risks in CSP offerings.
  • Navigate challenges and choose effective cloud security controls.
  • Protect sensitive data and ensure accountability with cloud logging.
  • Assess CSP trustworthiness using documentation and audits.
  • Secure management access and deploy native network controls.
  • Perform penetration testing and leverage top CSP services.
  • Communicate cloud security concepts with teams and leadership.

Business Takeaways

  • Minimize Your Cloud Risk: Proactively secure your cloud environments to significantly reduce vulnerabilities.
  • Safeguard Computational Resources: Ensure your budget remains intact by protecting your computing power.
  • Enhance Compliance: Elevate your cloud security compliance to meet and exceed regulatory standards.
  • Boost Efficiency: Leverage automation to streamline operations and enhance overall productivity.
  • Strengthen Workforce Retention: Enhance organizational security, leading to increased employee satisfaction and retention.
  • Protect Brand Reputation: Maintain and enhance your organization's brand by securing your cloud operations.
  • Build Customer Trust: Increase customer confidence with robust and reliable cloud security measures.

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC502: Cloud Security Tactical Defense.

Section 1Identity and Access Management (IAM)

The first section of this cloud security course focuses on Identity and Access Management (IAM). Students will quickly understand IAM's critical role in protecting cloud accounts.

Topics covered

  • Separate accounts and groups by workload
  • Apply least-privilege policies
  • Limit breach impact with guardrails and Zero Trust
  • Use temporary creds and manage secrets
  • Control all identities with strong authentication and oversight

Labs

  • User Inventory and Configurations
  • Adventures in Least Privilege
  • Application Credentials
  • Metadata Services

Section 2Compute and Configuration Management

The second section will cover ways to protect the compute elements in cloud providers' Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings.

Topics covered

  • Secure VM, host, and image configurations
  • Apply application security and threat modeling
  • Understand IaaS/PaaS/SaaS security responsibilities
  • Manage containers with secure deployment practices
  • Analyze and secure Infrastructure as Code (IaC)

Labs

  • Secure VM Deployment
  • Automated Image Build
  • Which Reality?
  • Infrastructure as Code Analysis

Section 3Data Protection

The third section will first focus on the protection of data in cloud environments.

Topics covered

  • Address legal, contractual, and data residency requirements
  • Protect cloud storage with encryption and access controls
  • Ensure availability and resilience of critical cloud apps
  • Manage cloud resources and their lifecycle securely
  • Identify risks in productivity tools and perform data hunting

Labs

  • Public Storage Blunders
  • Sensitive Data Hunting
  • Data in Transit Encryption
  • Cloud Data Lifecycle Management

Section 4Networking and Detection

Section 4 is where many network security analysts, engineers, and architects will begin salivating as they will do a deep dive into the ins and outs of cloud networking and log generation, collection, and analysis to set themselves up for success to defend their IaaS workloads.

Topics covered

  • Compare and harden public cloud vs. on-prem networking
  • Secure remote management of IaaS resources
  • Segment networks to isolate and protect assets
  • Use cloud-native protection and detection services
  • Implement logging and visibility for threat detection

Labs

  • Restricting Network Access
  • Web Application Firewall (WAF)
  • Cloud Services Logging
  • IaaS Logging

Section 5Compliance, Incident Response, and Penetration Testing

In the fifth section, we'll dive headfirst into compliance frameworks, audit reports, privacy, and eDiscovery to equip you with the information and references to ensure that the right questions are being asked during CSP risk assessments.

Topics covered

  • Extend asset inventory and risk management to the cloud
  • Apply AI and serverless strategies for cloud defense
  • Use CASBs, CSPMs, and CWPPs for visibility and control
  • Conduct and respond to cloud-focused penetration testing
  • Detect and contain cloud breaches early

Labs

  • Cloud-Native Vulnerability Assessment Tools
  • Cloud Custodian
  • Cloud Penetration Testing
  • Tripwires

Section 6CloudWars

The final section is a multi-hour, self-paced CloudWars challenge completed independently after the course to reinforce key concepts and hands-on skills.

Things You Need To Know

Relevant Job Roles

Systems Administration (OPM 451)

NICE: Implementation and Operation

Responsible for setting up and maintaining a system or specific components of a system in adherence with organizational security policies and procedures. Includes hardware and software installation, configuration, and updates; user account management; backup and recovery management; and security control implementation.

Explore learning path

Systems Developer (DCWF 632)

DoD 8140: Cyber IT

Oversees full lifecycle of information systems from design through evaluation, ensuring alignment with functional and operational goals.

Explore learning path

Cloud Security Analyst

Cloud Security

Using cloud security solutions to respond to incidents and enable defenses

Explore learning path

Cybersecurity Architecture (OPM 652)

NICE: Design and Development

Responsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.

Explore learning path

Cloud Security Manager

Cloud Security

Developing cloud security roadmaps, plans and procurement models that define policy and procedure

Explore learning path

Systems Security Management (OPM 722)

NICE: Oversight and Governance

Responsible for managing the cybersecurity of a program, organization, system, or enclave.

Explore learning path

Information Systems Security Developer (DCWF 631)

DoD 8140: Cybersecurity

Designs and evaluates information system security throughout the software lifecycle to ensure confidentiality, integrity, and availability.

Explore learning path

Cyber Defense Infrastructure Support Specialist (DCWF 521)

DoD 8140: Cybersecurity

Deploys, configures, maintains infrastructure software and hardware to support secure and effective IT operations across organizational systems.

Explore learning path

Network Operations Specialist (DCWF 441)

DoD 8140: Cyber IT

Implements and maintains network services, including hardware and virtual systems, ensuring operational support for infrastructure platforms.

Explore learning path

Information Systems Security Manager (DCWF 722)

DoD 8140: Cybersecurity

Oversees program, system, or enclave cybersecurity, ensuring protection from cyber threats and compliance with organizational standards.

Explore learning path

Cloud Security Architect

Cloud Security

Designing the adoption of cloud services and define the tools and strategy for cloud solutions

Explore learning path

Systems Security Analysis (OPM 461)

NICE: Implementation and Operation

Responsible for developing and analyzing the integration, testing, operations, and maintenance of systems security. Prepares, performs, and manages the security aspects of implementing and operating a system.

Explore learning path

Security Architect (DCWF 652)

DoD 8140: Cybersecurity

Designs secure enterprise systems considering environmental constraints and translates them into enforceable security processes and protocols.

Explore learning path

Cybersecurity Instruction (OPM 712)

NICE: Oversight and Governance

Responsible for developing and conducting cybersecurity awareness, training, or education.

Explore learning path

Enterprise Architect (DCWF 651)

DoD 8140: Cyber IT

Develops business and IT process architectures, creating baseline and target architectures to meet mission or enterprise goals.

Explore learning path

Software/Cloud Architect (DCWF 628)

DoD 8140: Software Engineering

Defines technical system specs including cloud strategy and software integration to meet business or mission-aligned system requirements.

Explore learning path

Research & Development Specialist (DCWF 661)

DoD 8140: Cyber IT

Conducts research in systems/software engineering to develop capabilities and identify vulnerabilities, with security integrated throughout.

Explore learning path

Secure Software Assessor (DCWF 622)

DoD 8140: Cybersecurity

Analyzes new or existing software applications for security issues and provides actionable insights to improve protection and performance.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us
Filter by:
  • Location & instructor

    Las Vegas, NV, US & Virtual (live)

    Instructed by Ryan Nicholson
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Denver, CO, US & Virtual (live)

    Instructed by Chris Edmundson
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Orlando, FL, US & Virtual (live)

    Instructed by Kenneth G. Hartman
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Orlando, FL, US & Virtual (live)

    Instructed by Chris Edmundson
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,780 USD*Prices exclude applicable local taxes
    Registration Options
Showing 4 of 4

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources