SEC557: Continuous Automation for Enterprise and Cloud Compliance

  • In Person (5 days)
  • Online
30 CPEs

Agile development, DevOps, cloud technologies, and virtualization have enabled organizations to build and deploy systems at a terrifyingly fast rate. The old and cumbersome manual ways to test security and compliance can't keep up. You need to understand and use the same tools and techniques that your developers and engineers are using, and you need to be able to generate results quickly and often - without slowing down your organization. SEC557 teaches professionals tasked with ensuring security and compliance how to stop being a roadblock and work at the speed of the modern enterprise. 30 Hands-On Labs

What You Will Learn

Measure what matters, not what's easy.

Students learn how to measure and visualize security data using the same tools that developers and engineers are using, as well as how to extract, load, and visualize data from cloud services, on-premise systems, and security tools. The course includes PowerShell scripting, automation, time-series databases, dashboard software, and even spreadsheets to present management with the strategic information it needs and to facilitate the work of your operations staff with sound tactical data.

SEC557 uses the ELVis (Extract, Load, and VISualize) technique to help you gather and present useful security and compliance information to your organization. Students will learn how to use PowerShell scripting and automated tools to gather measurements from cloud service providers, operating systems, Active Directory, security tools, web APIs, and datacenter infrastructure. For some data, you'll prepare tactical visualizations on the fly by building spreadsheets, pivot tables, and graphs using scripts. Then import your data into the Graphite time-series database for strategic analysis and reporting. You'll also build Grafana dashboards for use by management, security, compliance, and operations staff.


  • Measure and report on compliance across the enterprise
  • Visualize data for rapid absorption and decision making
  • Supply appropriate data at the tactical and strategic levels
  • Turn management requirements into actionable data
  • Use the tools you already own to report on compliance


  • Turn policies and management requirements into visually presented security metrics
  • Reduce the time and effort required to gather and report on security and compliance data
  • Measure security and compliance in cloud and traditional infrastructure
  • Use PowerShell scripts and command-line tools to extract relevant data from cloud services
  • Gather information from web APIs and security tools
  • Extract information about virtualization infrastructure
  • Query data from fleets of heterogenous systems
  • Monitor servers and endpoints for proper configuration
  • Work with data formats commonly used by security tools, DevOps pipelines, and cloud services
  • Build tactical visual reports for use by operations staff and management
  • Manage and load time-series databases for tracking metrics over time
  • Build strategic dashboards for security and compliance

"The timing of the industry and the needs / demands are major reasons why one should take this class, as it relates to compliance, cyber audits, and supports senior management initiatives." - Diane D, US Gov


SEC557 focuses very heavily on hands-on activities, with as much as 50% of your day being spent at the keyboard. Students gather compliance data from remote AWS and Azure lab environments and from common on-premise systems, including Windows, Linux and VMWare hosts. Tools used to extract data include PowerShell, Pester, Inspec, SOAP and REST APIs, FleetDM, OSQuery, PowerCLI and Bash commands. Measurement data is loaded into a Graphite time-series database (TSDB), and then visualized in multiple Grafana dashboards. Lab activities for the course include:

  • Section 1: PowerShell fundamentals, Working with the .NET framework, Reading and writing JSON, XML, HTML, and CSV data, Using spreadsheets as data sources and as visualization tools, Configuring Graphite and loading data, Adding Grafana data sources and building dashboards
  • Section2: Consuming web APIs, Verifying Docker security, Using static analysis tools for security testing, Gathering inventory information using the AWS CLI, Assessing identity and access management (IAM) roles and user settings, Verifying AWS security settings, Validating the security of infrastructure as code deployments
  • Section 3: Querying Windows settings, Extracting data from Active Directory, Compliance testing with Pester, VMware infrastructure testing, Querying Linux/Unix, Monitoring patch velocity on Windows and Unix systems
  • Section 4: Gathering inventory information using the AWS CLI and PowerShell, Assessing IAM roles and user settings, Verifying logging settings, Checking for proper resource access control, Auditing network security settings, Validating security of infrastructure as code deployments
  • Section 5: Azure benchmark compliance, Azure AD measurement, Verifying Docker security, Static analysis tools, Alternative visualization tools: ImportExcel XYZ

"The lab exercises are very beneficial for me to work through/learn new processes to be able to deliver relevant data at work." - Andrea M., Law Enforcement

"Love the labs and hands on experience." - Spencer Tani, BCBSLA

"Enjoyed the ability to interact with different types of data sources." - Joe Cecconie, Costco

"Labs reinforced the learned material, so great content overall." - Dmitry Tochilovsky, NTT Data


  • Section 1: All about the modern compliance landscape and the tools to make it easier to navigate
  • Section 2: How to gather and visualize the structured data needed for compliance measurements
  • Section 3: Measure and visualize compliance of OS and virtualization platforms
  • Section 4: Understand cloud compliance issues and report on AWS compliance
  • Section 5: Extend your knowledge to Azure and Google Cloud and DevOps technology


Cheat Sheet: Powershell for Enterprise and Cloud Compliance

3-Part webcast series: PowerShell for Audit, Compliance and Security Automation, and Visualization, Jan 2021

Corresponding 3-part blog series: PowerShell for Audit, Compliance and Security Automation and Visualization, Jan 2021


  • Printed and electronic courseware
  • Windows 10 Enterprise virtual machine with tools already installed
  • Ubuntu server virtual machine with Graphite, Grafana and FleetDM installed
  • Target virtual machines for Windows and VMWare measurements
  • MP3 audio files of the complete course lecture
  • Exercise workbook with over 25 lab exercises


Depending on your current role or future plans, one of these courses is a great next step after SEC557.

Syllabus (30 CPEs)

Download PDF
  • Overview

    Section 1 begins with a discussion of the special problems faced by audit, security and compliance professionals in the age of Agile, Cloud and DevOps. We explore the need for automation in compliance measurement and how to "live off the land" by using ubiquitous tools which are managed by other teams. We discuss the various sources of compliance data in the modern enterprise and examine how to visualize data for use by management and operations staff. We introduce the SEC557 ELVis (Extract, Load, VISualize) technique and using PowerShell as a tool for gathering and examining compliance-related data. At the end of the section, we cover the care and feeding of time-series databases and dashboard tools, ending with importing our first data and visualizing it.

    • PowerShell fundamentals
    • Working with the .NET framework
    • Reading and writing JSON, XML, HTML, and CSV data
    • Using spreadsheets as data sources and as visualization tools
    • Configuring Graphite and loading data
    • Adding Grafana data sources and building dashboards

    • Security, audit, and compliance in a fast-moving world
    • PowerShell ecosystem
    • PowerShell commands and scripting
    • Using .NET objects in PowerShell
    • Working with common data formats
    • Building tactical reports directly from acquired data using pivot tables and graphs
    • Working with time-series databases
    • Working with dashboard software

  • Overview

    Section 2 builds on the previous section, extending the student's PowerShell skill set by adding techniques for dealing with structured data. We use live REST and SOAP APIs to extract, load and visualize structured data formats which include JSON, XML, CSV and even spreadsheets and HTML. We explore options for password and secrets management in PowerShell. We introduce advanced PowerShell script and function development and how to reuse code across projects and systems. We also explore how to automate our scripts in Windows, Unix and continuous integration environments.

    • Working with CSV and XML data
    • Accessing SOAP APIs
    • Unauthenticated and authenticated access to REST APIs
    • Importing and visualizing JSON data
    • Creating PowerShell scripts
    • Automating tasks in Windows and Linux

    • Handling structured data - JSON, XML, CSV, HTML, XLSX
    • Interacting with REST and SOAP APIs
    • Authenticated access to APIs
    • Retrieving and processing large datasets with PowerShell
    • Creating PowerShell scripts and functions
    • Secrets and credential handling in PowerShell

  • Overview

    In Section 3, we cover how to extract and report on data from operating systems, datacenter infrastructure, and container technologies. We begin the course section looking at techniques to get data from individual Windows system and Active Directory domains and forests. Then we examine Linux/Unix systems to see how to gather measurements from them as well. Next, we explore how to use OSQuery to retrieve useful information from a wide variety of operating systems, and we add in fleet management software to allow us to query these systems at scale. We also explore the use of relational databases for storing compliance data and the use types of visualizations available for tabular data.

    • Querying Windows settings
    • Extracting data from Active Directory
    • Compliance testing with Pester
    • Querying Linux/Unix
    • Monitoring patch velocity on Windows and Unix systems
    • Using OSQuery
    • Using FleetDM

    • Gathering configuration and security information from Windows systems with PowerShell
    • Querying Active Directory with PowerShell
    • Querying Linux and Unix systems with PowerShell and native tools
    • Using OSQuery to monitor systems
    • Using Fleet to manage large numbers of heterogenous systems
    • Using relational databases for storing compliance data

  • Overview

    Section 4 focuses on helping the organization safely use cloud services. We discuss shared responsibility models and how the enterprise should operate securely *IN* the cloud. We then explore a combination of native and third-party tools which can be automated to measure and report on the security of cloud-based systems, with a focus on AWS.

    • Gathering inventory information using the AWS CLI and PowerShell
    • Assessing IAM roles and user settings
    • Verifying logging settings
    • Checking for proper resource access control
    • Auditing network security settings
    • Validating security of infrastructure as code deployments

    • Shared responsibility models
    • Identity and access management (IAM)
    • Multi-factor authentication
    • Logging in the cloud
    • Monitoring access and changes to cloud resources
    • Network configuration checks

  • Overview

    Section 5 extends the cloud compliance discussion to include the Azure and Google Cloud platforms. We discuss the specifics of ensuring compliance with standards in each environment and explore the use of tools to measure compliance. We cover some technologies which are commonly used in DevOps environments and the benchmarking and static analysis tools which work with infrastructure as code and containers. We end the day by exploring other visualization techniques which can be helpful for tactical and operational measurements.

    • Azure benchmark compliance
    • Azure AD measurement
    • Verifying Docker security
    • Static analysis tools
    • Alternative visualization tools: ImportExcel XYZ

    • Compliance in Azure
    • Compliance in GCP
    • DevOps concepts
    • Container concepts
    • Securing the container ecosystem
    • Ensuring security at deploy time


No other courses are required prior to taking SEC557, but experience with development, operations, security, audit, InfoSec, or IT management will be helpful.

The course makes heavy use of PowerShell, so anything you can do to familiarize yourself with PowerShell ahead of starting the course will put you at an advantage. Clay has a 3-part webcast and blog series using PowerShell mentioned in the Course Overview above under Additional Resources, which is highly recommended to review before the course starts, particularly for those less familiar with PowerShell.

Laptop Requirements

Important! Bring your own system configured according to these instructions!

  • CRITICAL NOTE: Apple systems using the M1 processor line cannot perform the necessary virtualization functionality and therefore cannot in any way be used for this course.
  • CPU: 64-bit Intel i5/i7 (4th generation+) - x64 bit 2.0+ GHz processor or more recent processor is mandatory for this class (Important - Please Read: a 64-bit system processor is mandatory)
  • It is critical that your CPU and operating system support 64-bit so that our 64-bit guest virtual machine will run on your laptop. VMware provides a free tool for Windows that will detect whether or not your host supports 64-bit guest virtual machines. For further troubleshooting, this article also provides good instructions for Windows users to determine more about the CPU and OS capabilities. For Macs, please use this support page from Apple to determine 64-bit capability.

A properly configured system is required to fully participate in this course. These requirements are the mandatory minimums. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. We strongly urge you to start the course with a system meeting all the requirements specified for the course.

It is imperative that you back-up your system before class. It is also strongly advised that you do not use a system storing any sensitive data.

System Hardware Requirements

1. CPU: 64-bit Intel i5/i7 2.0+ GHz processor: Your system's processor must be a 64-bit Intel i5 or i7 2.0

  • GHz processor or higher. Your CPU and OS must support a 64-bit guest virtual machine.
  • VMware provides a free tool for Windows that will detect whether or not your host supports 64-bit guest virtual machines.
  • Windows users can use this article to learn more about their CPU and OS capabilities.
  • Apple users can use this support page to learn more information about Mac 64-bit capability. Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course.

2. BIOS: Enabled Intel-VT: Intel's VT (VT-x) hardware virtualization technology should be enabled in your system's BIOS or UEFI settings. You must be able to access your system's BIOS throughout the class. If your BIOS is password-protected, you must have the password.

3. USB: For in-person courses only. USB 3.0 Type-A port: The USB port must not be locked in hardware or software. Some newer laptops may have only the smaller Type-C ports. In this case, you will need to bring a USB Type-C to Type-A adapter.

4. RAM: 16 GB RAM: 16 GB RAM is required for the best experience. To verify on Windows 10, press the Windows key + "I" to open Settings, then click "System", then "About". Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac".

5. Hard Drive Free Space: 100 GB Free space: 100 GB of FREE space on the hard drive is critical to host the VMs and additional files we distribute. SSD drives are also highly recommended, as they allow virtual machines to run much faster than mechanical hard drives.

6. Operating System: Windows 10 Pro or macOS 10.12+: Your system must be running either Windows 10 Pro or macOS 10.12 or higher. Make sure your operating system is fully updated with the correct drivers and patches prior to arriving in class. Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course.

Additional Hardware Requirements

The requirements below are in addition to baseline requirements provided above. Prior to the start of class, you must install virtualization software and meet additional hardware and software requirements as described below. If you do not carefully read and follow these instructions, you will leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course.

Additional Software Requirements

  1. Microsoft Office: Install Microsoft Office 2013+ with Excel on your host: You can download Office Trial Software free for 30 days.
  2. VMware
  3. Credential Guard: If your host computer is running Windows, Credential Guard may interfere with the ability to run VMs. It is important that you start up VMWare prior to class and confirm that virtual machines can run. It is required that Credential Guard be turned off prior to coming to class.
  4. System Configuration Settings
  5. Local Admin: Have an account with local admin privileges. Some of the tools used in the course will require local admin access. This is absolutely required. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different system.

If you have additional questions about the laptop specifications, please contact

Author Statement

"When I started performing IT and security audits in the 1990s, it was reasonable to ask during an annual engagement "What has changed since the last time I was here?' My clients could point out physical servers in the data center and tell me what functions were performed by each. We could work for weeks on a software audit without slowing down the development.

"Then came virtualization, agile development, microservices, the cloud, and DevOps. The old ways of measuring security and compliance aren't fast enough for the modern enterprise. SEC557 answers the question 'How can the (manager/auditor/security/compliance professional) possibly keep up?' It teaches you to leverage and integrate with the processes used by your developers and engineers so that you can enforce security and compliance requirements without becoming an obstacle."

Clay Risenhoover

"Clay was awesome! He was so friendly and upbeat it really made the class enjoyable, especially for an online learning class which is not easy. He never missed a beat, even when his power went out. Felt like we were in the room with him even though we were only interacting with him through chat. A++++" - Kate N., Federal Reserve

Register for SEC557

  • In Person

Training events and topical summits feature presentations and courses in classrooms around the world.

Learn more
  • Live Online

Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

Learn more
  • OnDemand

Study and prepare for GIAC Certification with four months of online access. Includes labs and exercises, and support.

Learn more