MGT520: Leading Cloud Security Design and Implementation

  • Online
18 CPEs

While the cloud environment may appear similar to running a traditional IT environment on the premises, the cloud solutions protection requirements are in fact very different because the traditional network perimeter is no longer the best line of defense, and the threat vectors are not the same. Effective defense of the organization's cloud environment requires significant planning and governance by a well-informed management team. This course provides the information security leader's need to drive a secure cloud model and leapfrog on security to leverage the security capabilities in the cloud. We will walk through the key aspects of managing cloud security programs in the continuous operations post-migration that are common across organizations on the same journey. Nine scenario-based labs are included.

What You Will Learn

Building and Leading a Cloud Security Program

Cloud adoption is popular across all types of industry, and many organizations are taking strategic advantage of the cost and speed benefits of transitioning to the cloud. Organizations are migrating mission-critical workloads and sensitive data to private and public cloud solutions. However, an organization 's cloud transition requires numerous key decisions.

This course focuses on what managers, directors, and security leaders need to know to develop their cloud security roadmap, to manage the implementation of cloud security capabilities. Making the right security decisions when adopting the cloud requires understanding the technology, process, and people related to the cloud environment. This complements traditional IT management techniques that managers are accustomed to and helps with making the appropriate informed decisions. We will cover the key objectives of security controls in the cloud environment, including planning, deploying, and running the environment from the starting point to a progressively more mature state. There will be a focus on locking down the environment, securing the data, maintaining compliance, enhancing security visibility to the operations, and managing the security response on a continuous basis. Students will learn the essentials to lead the security effort for the cloud transition journey.

"This type of training, ie: cloud security from a management perspective, is rare and the quality of this one is definitely amazing." - Benoit Ramillion, UEFA


  • Establish cloud security program supporting the fast pace business transformation
  • Make informed decisions on cloud security program
  • Anticipate the security capabilities and guardrails to build for the securing the cloud environment
  • Safeguard the enterprise data as workloads are migrated to the cloud


  • Define a strategy for securing a workload in the cloud for medium and large enterprises that can support their business objectives
  • Establish a security roadmap based on the security strategy that can support a fast-paced cloud adoption and migration path while maintaining a high degree of security assurance
  • Understand the security basics of the cloud environment across different types of service offerings, then explain and justify to other stakeholders the decisions within the security roadmap
  • Build an effective plan to mature a cloud security posture over time, leveraging security capabilities offered by cloud providers to leapfrog in security capabilities
  • Explain the security vision of the organization in the Cloud domain to your Board Directors and executives, collaborate with your peers, and engage your workforce, driving the security culture change required for the cloud transformation


MGT520 uses case scenarios, group discussions, team-based security leadership simulations with embedded real life technical components to help students absorb both technical and management topics. About 60 minutes per day is dedicated to these learning experiences using the Cyber42 leadership simulation game. This web application-based game is a continuous exercise where students play to improve security culture, manage budget and schedule, and improve security capabilities at a fictional organization. This puts you in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work.

  • Section 1: Secure Roadmap Development, Migration Preparation, IAM Secure Setup
  • Section 2: Container Security, Logging and Monitoring, Encryption in Cloud
  • Section 3: Application Secrets Management, Security Benchmarking, Security Metrics

"Love "seeing" the cloud." - Ivan Clatanoff, CME Group

"Loved the labs, really helps emphasize what we are learning." - Jana Laney

"Team is collaborative. We are all able to bounce ideas of each other comfortably and using AWS to get hands on makes it feel more real than if we were answering questions on a quiz." - Richard Sanders, Best Western International


  • Section 1: Security Program Design, Governance, and Identity Management
  • Section 2: Cloud Technical Protection and Monitoring
  • Section 3: Securing Workload and Security Assurance

NOTE: This course will have limited overlap with the SANS SEC488: Cloud Security Essentials course because it will provide foundational information on cloud services and cloud security to ensure that students are on the same page. This course focuses on what managers, directors, and security leaders need to know about developing their cloud security plan/roadmap and managing implementation of cloud security capabilities.



  • Printed and Electronic courseware
  • MP3 audio files of the course
  • Digital download package with VM


Syllabus (18 CPEs)

Download PDF
  • Overview

    Section three starts off with covering the effort and key decisions related to securing the workloads in the Cloud environment. As organizations are moving their entire development pipeline to the Cloud environment, there are numerous key security decisions that need to be made.

    Organizations are often challenged with the question of whether the cloud environment is meeting up to the security expectations, and whether it has vulnerabilities. The material on security assurance helps students to lead the building a security assurance program for cloud environment using automation as a basis of operations.

    Multicloud is a natural progression to Cloud adoption. We cover the necessary management principles to successfully navigate through the complex security management of a multi-cloud environment.

    Cloud adoption is a long-term process. We arm you with the information to drive the changes required by measuring the cloud security posture and using metrics to aid in making the right decisions.

    • Application secrets management
    • Security benchmarking
    • Security Metrics

    Securing Application / Workload

    • Cloud Application Practices
    • Security Protection Services
    • Cloud Workload Assessment

    Security Assurance

    • Posture Validation
    • Regulatory Compliance
    • Security Testing

    Workforce Transformation

    • Skill Readiness
    • Organization Alignment

    Multi-cloud management

  • Overview

    The second section is dedicated to managing the technology aspect of the cloud environment. Securing cloud technology is rather different than securing technologies on-premise. This section will highlight the difference and discuss the capabilities and competencies that matter the most.

    Students will learn about secure infrastructure and architecture first which includes key topics such as configuration management, resource management, and network controls. Students will learn how to lead their respective organization on driving iterative improvements in these domains over time which helps to improve defenses over time.

    We then pivot into the security detection and response area. Students will learn the modern approaches to monitor for security events and respond to security incidents across the cloud and on-premise environment. We cover the modern approaches to progressively automate the processes so the monitoring can be as efficient and effective as possible.

    • Cloud Container security
    • Logging and monitoring
    • Encryption in Cloud

    Secure Infrastructure and Architecture

    • Configuration Management
    • Image Management
    • Cloud Secure Architecture
    • Resource Management
    • Network Controls

    Security Detection and Response

    • Log Management
    • Security Intelligence
    • Analysis and Monitoring
    • Response

    Data Protection

    • Data Encryption
    • Data Classification and Protection
    • Data Backup and Resiliency

  • Overview

    The first section of the course aims to help management professionals develop a migration roadmap to the cloud environment. The goal of the roadmap is to support the business transformation to realize the benefits from the cloud, while maintaining the security of the environment, applications, and data. We will arm you with information on various approaches to migratory and preparatory steps to get you ready for a secure migration journey.

    We will then pivot over to the topic of security governance to provide the details to help you understand how to build up security governance in enterprise context. Not only do we provide you with the best practices in the governance area, we also provide the progressive approaches to build up security maturity as well.

    We end the section covering a new security perimeter paradigm - the Identity and Access Management. With the modern Cloud architecture, we are losing the firewall and network perimeter as our main battle line. The transition from network centric to identity centric security perimeter requires a fundamentally different culture and mindset to effective management. We cover the key objectives and the common paths to gain security maturity.

    • Secure Roadmap Development
    • Migration Preparation
    • IAM Secure Setup

    Introduction to Cloud

    • Shared Responsibilities in Cloud
    • Infrastructure as a Service
    • Platform as a Service
    • Software as a Service

    Transition Process and Planning

    • Methods of Adoption
    • Leveraging the Cloud Adoption Framework

    Security Governance

    • Cloud Governance Committee
    • Cost Management
    • Security Policy

    Identity Access Management

    • Segregation
    • Identity Management
    • Access Management


Students should have three to five years of experience in IT and/or cybersecurity. This course covers the core areas of security leadership in migrating workloads to the cloud environment and assumes a basic understanding of technology, networks, and security.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.


  • 8GB of RAM or more is required.
  • 5GB of free storage space or more is required.
  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.

Additional requirements for this course:

  • Students must have an personal free-tier AWS account with root access from The course Setup Instructions document contains more details on this. Live students should be able to complete all labs within the free tier but estimated costs for your AWS usage should be less than $7 per month when following the lab instructions if used for an extended period of time.


  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
  • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.

If you have additional questions about the laptop specifications, please contact

Author Statement

"Cloud transition is common in many organizations these days, but many security leaders feel overwhelmed and underprepared for the security aspects of the cloud. When organizations accept security as an integral part of the transformation path, they can not only achieve the same level of security as their in-house IT environment, but also take advantage of a huge opportunity to leapfrog in security using cloud capabilities. In MGT520, we discuss industry-proven techniques to plan for the security aspects of cloud transformation. This course will arm students with the necessary information to confidently lead their organization towards securing the cloud workload and leveraging cloud capabilities to further enhance their security maturity in the IT environment."

- Jason Lam

"I like how the content builds and progresses. Jason clearly thought a lot about how to sequence the information to make it easy to digest." - Jim Pruitt, Revolutionary Security


The content is great. I love the level of detail and discussion beyond what is just in the book/slides. Instructors are knowledgeable, and this is the right level of technical detail that I was looking for. Thank you!
Trevor Thomas
I love the comparison/contrast of the three big CSP's throughout. That alignment of terminology and and structures is very important in understanding the big picture without getting lost in the details.
David McClure
The comprehensive course content provided a great foundation for our journey to the cloud. Thank you, Jason for writing this course.
Isabelle Molamphy

    Register for MGT520