SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
This course delivers essential training for Security Operations Center (SOC) analysts, equipping you with the skills to detect, stop cyberattacks, and safeguard your organization’s data and systems.
I have been waiting a few months to take this training and it is far exceeding my expectations. For a SOC analyst, SEC450 is a must.
SEC450 is a SOC Analyst training course ideal for those working in cyber defense operations or building and improving a SOC. It offers six days of training, hands-on labs, and a Capstone competition, covering the mission, mindset, and techniques needed for modern cyber defense. The course, paired with the GIAC GSOC certification, provides essential skills for detecting and halting advanced cyberattacks, making it the gold standard in security operations training.
John redefined modern SOC operations by engineering globally adopted blue team strategies and co-creating the GSOC cert. Through the Blueprint podcast and SANS leadership, he’s unified thousands of defenders around real-world detection tactics.
Read more about John HubbardExplore the course syllabus below to view the full range of topics covered in SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations.
Section 1 lays the groundwork for SOC analysts, covering threat models, analyst workflows, and key tools like SIEM and SOAR. It closes with how to apply generative AI in security operations, from improving documentation and analysis to understanding AI-driven threats and tools—preparing you for the future of AI in cyber defense.
Section 2 dives into network-based threat hunting. Learn to use routers, firewalls, flow logs, and full packet capture to track attacker activity. You'll analyze DNS, HTTP, and TLS traffic, spot encrypted threats without decryption, and explore post-exploitation protocols—building skills to detect threats others overlook.
Section 3 builds your skills in log analysis and malware fundamentals. You’ll learn to craft SIEM queries, visualize data, and spot attacker activity across Windows, Linux, and cloud logs. Then, dive into malware handling, static analysis, IOC extraction, and sandboxing to uncover threats hiding in weaponized files and complex data.
Section 4 builds expertise in phishing investigations and structured analysis. Learn to detect spoofed emails, block malicious links, and investigate BEC and MFA bypasses. Then sharpen your triage and decision-making with OPSEC best practices and structured techniques to reduce bias, prioritize alerts, and analyze threats with clarity under pressure.
Section 5 takes you from analyst to detection engineer. Learn to craft high-fidelity detections with tools like YARA-X and Sigma, reduce false positives, and tune alerts effectively. Explore where automation helps or hurts, assess investigation quality, and build sustainable skills to grow your cybersecurity career without burning out.
The course ends with a high-stakes, team-based capture the flag challenge. Using real network data in a simulated attack, you’ll race to detect and analyze threats across multiple scenarios. It’s a full day of hands-on problem solving that tests your ability to perform advanced threat hunting under real-world pressure.
Analyze network and endpoint data to swiftly detect threats, conduct forensic investigations, and proactively hunt adversaries across diverse platforms including cloud, mobile, and enterprise systems.
Explore learning pathThis job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.
Explore learning pathSecurity Operations Center (SOC) managers bridge the gap between business processes and the highly technical work that goes on in the SOC. They direct SOC operations and are responsible for hiring and training, creating and executing cybersecurity strategy, and leading the company’s response to major security threats.
Explore learning pathResponsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.
Explore learning pathSecurity Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
Explore learning pathResponsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Explore learning pathAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathDevelop, deploy and operate cybersecurity solutions (systems, assets, software, controls and services) on infrastructures and products.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
As a manager of a SOC - this is perfect. We can use all these tools.
So far, SEC450 not only meets but goes beyond my expectations. One year ago I became a SOC team lead and this course adds to my knowledge and puts a more structured approach on what a SOC I am running should look like.
SEC450 was an excellent insight into the tasks of a SOC. Not only did it have actionable lessons on the tools and techniques needed to run a SOC, but also gave insight on ways to improve the operations of the team.
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources