SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
Develop essential leadership skills to effectively manage major cyber incidents from discovery to resolution, providing clear direction when your organization needs it most.
Great insights, examples and relevant tools. I applied the 3rd party incident tool within minutes to an ongoing 3rd party incident. So I can't dream of a more relevant and useful course than this.
While technical teams work to identify and remove attackers, they require strategic direction, management, and support to maximize their effectiveness. Cyber Incident Management focuses on the critical non-technical challenges facing leaders during high-pressure security incidents. This course equips you to lead incident management teams by providing a comprehensive understanding of immediate, short, and medium-term challenges organizations face during security breaches.
You will learn to build and manage teams, distill critical data for briefings, and communicate effectively with executives, board members, and other stakeholders. Through nine detailed case studies, you will gain hands-on experience in incident management methodology and practices applicable to various cybersecurity scenarios.
Steve brings 25+ years of cybersecurity experience, including 14+ years in incident response and management. After serving in the UK Royal Air Force, where he led penetration testing teams, he gained expertise in managing cyber incidents globally.
Read more about Steve Armstrong-GodwinExplore the course syllabus below to view the full range of topics covered in LDR553: Cyber Incident Management.
Section 1 focuses on understanding incidents, standardizing language, and defining objectives. You will gather information, set goals for the Incident Management team, and assign responsibilities. The section introduces the Cyber Incident Management Tool Kit (CIMTK), team composition, task tracking, and GenAI support.
Section 2 explores communications in great depth as we look at interactions with executives, attackers, our staff and the public/customers. You will learn approaches that can buy time to address issues and prevent data leaks. You will categorize network and data damage, prioritize remediation tasks, and eliminate vulnerabilities.
Section 3 explores training IR teams and the broader organization. You will learn to develop effective training programs based on organizational maturity and specific needs. We examine integrating Cyber Threat Intelligence (CTI) into IR efforts and deep dive into developing strategies for managing supply chain and third-party compromises.
In section 4 you will gain a comprehensive view, visualize incident timelines and address complex attack scenarios. You will learn to create timelines tailored to different audiences, understand credential theft attacks and the MITRE framework, and explore Business Email Compromise (BEC), as well as cloud-based attacks and management console breaches.
Section 5 examines AI applications, including Large Language Models and Generative AI. You will gain in-depth knowledge of ransomware incidents from examining historic cases and considering how to prepare and train to deal with encryption events.
Monitor the organisation’s cybersecurity state, handle incidents during cyber-attacks and assure the continued operations of ICT systems.
Explore learning pathResponsible for managing the cybersecurity of a program, organization, system, or enclave.
Explore learning pathDaily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
Explore learning pathResponsible for developing and conducting cybersecurity awareness, training, or education.
Explore learning pathThis role investigates, analyzes and responds to cyber incidents. Find the SANS courses that map to the Incident Response SCyWF Work Role.
Explore learning pathResponsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.
Explore learning pathResponsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
It was awesome to have the opportunity to apply existing and newly learned skills to the labs. It was obvious that a significant amount of time had been invested in these.
The hands-on experiences and assignments have been exceptional and have significantly contributed to my learning experience.
This is a great course for incident managers or anyone that could be put into the firing line of dealing with incidents.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources