SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsEffective Cyber Defense enables organizations to anticipate, withstand, and recover from cyber-attacks through proactive monitoring, threat detection, and incident response. It combines security operations, automation, and resilient architecture to reduce risk and minimize attack impact.
Cyber threats are constant—and defenders must be faster, smarter, and more proactive than their adversaries. At SANS, we train cybersecurity teams to detect, respond to, and outmaneuver attacks using real-world tactics, automation, and resilient infrastructure. Our hands-on cyber defense courses equip professionals with the skills and confidence to minimize risk and build lasting defense strategies in a dynamic threat landscape.
Skillfully and confidently monitor, detect, and respond to cyber threats.
Build resilient systems with security-first design principles that withstand modern attacks.
Streamline detection and response with automation techniques that enhance efficiency and precision.
As usual, SANS courses give incredible insight into the reality of the threats that are present in the cyber world. I have a better understanding of each threat, and the means to mitigate those threats.
Mark Baggett has revolutionized cybersecurity through his leadership at SANS. His development of tools like Freq Server has strengthened threat detection, while his work in automation has empowered professionals to defend against evolving threats.
Learn moreEric Conrad, a SANS Faculty Fellow and course author, has 28 years of information security experience. Eric is the CTO of Backshore Communications and his specialties include Intrusion Detection, Threat Hunting, and Penetration Testing.
Learn moreRich is a seasoned cybersecurity professional with over two decades of experience in the cyber domain. He has participated in offensive and defensive cyber operations for the Department of Defense (DoD) in more than 17 countries.
Learn moreDavid Hoelzer has fundamentally advanced cybersecurity by pioneering the GIAC Security Expert (GSE) certification, leading AI-driven threat detection initiatives, and developing MAVIS, an open-source ML tool enhancing code review processes.
Learn moreJohn redefined modern SOC operations by engineering globally adopted blue team strategies and co-creating the GSOC cert. Through the Blueprint podcast and SANS leadership, he’s unified thousands of defenders around real-world detection tactics.
Learn moreAs a SANS Fellow and Principal Consultant at Context Security, Seth’s work bridges traditional operations with next-gen AI security practices. His pioneering threat detection strategies have shaped global blue team standards.
Learn moreThis job, which may have varying titles depending on the organization, is often characterized by the breadth of tasks and knowledge required. The all-around defender and Blue Teamer is the person who may be a primary security contact for a small organization, and must deal with engineering and architecture, incident triage and response, security tool administration and more.
Explore learning pathDesign, implement, and tune an effective combination of network-centric and data-centric controls to balance prevention, detection, and response. Security architects and engineers are capable of looking at an enterprise defense holistically and building security at every layer. They can balance business and technical requirements along with various security policies and procedures to implement defensible security architectures.
Explore learning pathAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathThese resourceful professionals gather requirements from their customers and then, using open sources and mostly resources on the internet, collect data relevant to their investigation. They may research domains and IP addresses, businesses, people, issues, financial transactions, and other targets in their work. Their goals are to gather, analyze, and report their objective findings to their clients so that the clients might gain insight on a topic or issue prior to acting.
Explore learning pathSecurity Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
Explore learning pathAnalyze network and endpoint data to swiftly detect threats, conduct forensic investigations, and proactively hunt adversaries across diverse platforms including cloud, mobile, and enterprise systems.
Explore learning pathSecurity Operations Center (SOC) managers bridge the gap between business processes and the highly technical work that goes on in the SOC. They direct SOC operations and are responsible for hiring and training, creating and executing cybersecurity strategy, and leading the company’s response to major security threats.
Explore learning pathResponds to and investigates network cyber incidents, performing analysis to mitigate threats and maintain cybersecurity in enclave environments.
Explore learning pathThe widespread adoption of generative AI meant increased productivity for employees, but also for bad actors. They can now create sophisticated email attacks at scale—void of typos and grammatical errors that have become a key indicator of attack.
Today’s cyber threats move fast—and the only way to stay ahead is to think like an attacker. A reactive approach is no longer enough. Organizations need to adopt a proactive, offensive security posture to uncover vulnerabilities before adversaries do.
What are the critical skills that extremely successful infosec professionals need, and how can we develop these? Obviously, technology matters, but it's not just about technology.
Watch
This webinar explores the design and deployment of a robust detection engineering lab—built both on-prem and in the cloud—that enables engineers to simulate real world attacks, validate hypotheses, and rapidly iterate on detection logic.
Cybersecurity leaders and compliance professionals are under increasing pressure to meet a growing array of global regulations—all while maintaining effective threat detection and response capabilities. Traditional monitoring is no longer enough. Full Packet Capture (FPC) is rapidly emerging as a foundational requirement—not only for real-time visibility and forensic analysis, but as a direct response to regulatory mandates in the U.S., EU, and beyond.
We are lucky in Infosec. It may not be an easy field to get into, but once you’re in infosec, there is plenty of work available and many work models.
This Attack Surface & Vulnerability Management Survey gathers insights from security leaders, practitioners, and researchers to map out the current state of attack surface and vulnerability management.
Join us to hear how others are succeeding and failing to maintain an operational balance between competing internal priorities and threats which seem to relentlessly improve.
In 2025, with AI and automation everywhere, it’s more important than ever to stay ahead of attackers, arming yourself with clear intelligence, full visibility, and smart processes to catch problems before they become crises.