Live, interactive cybersecurity training available through SANS Live Online. View upcoming events.

Instructor-Led Training | Jun 22 - Live Online

Virtual, US Mountain | Mon, Jun 22 - Sat, Jun 27, 2020

In response to the escalation of the COVID-19 pandemic, we've made the decision to convert this training event into a Live Online event.

The courses below will take place online, using virtual software to stream live instructors to all registered students during the scheduled classroom hours. (Mountain Time) This alternate training format will allow us to deliver the cybersecurity training you expect while keeping you, our staff, and our instructors as safe as possible.

SANS Live Online: SANS @MIC Talk - COURSE PREVIEW - SEC510: Cloud Platform Security Assessment and Defense

  • Eric Johnson, Brandon Evans
  • Wednesday, June 24th, 6:30pm - 7:30pm

6:30PM MDT | 8:30PM EDT

SEC510 provides cloud security practitioners, analysts, and researchers an in-depth understanding of the inner workings of cloud Platform-as-a-Service (PaaS) offerings from Amazon Web Services, Microsoft Azure, and the GoogleCloud Platform. Through this, students will understand the philosophies that undergird each provider and how these have influenced their services. By contrasting these offerings, we can, for example, avoid applying AWS concepts to Azure and GCP where they are not appropriate.

Students will leave the course confident that they know everything they need to consider when adopting PaaS offerings in each cloud. Instead of merely citing best practices from each providers documentation, we will validate that these recommendations work first-hand in the lab activities. Using the infrastructure-as-code templates included with the courseware, students will launch unhardened services, analyze the security configuration, validate that they are insufficiently secure, deploy security patches, and confirm the service is secure. The hands-on exercises will reveal undocumented or incorrectly documented details about the service internals that researchers around the world have uncovered in their research.

The Big 3 providers alone provide more services than any one company can consume. As security professionals, it can be tempting to limit what the developers use to the tried and true solutions of yesteryear. For better or worse, this approach will inevitably fail as the product development organization sidelines a security organization that is unwilling to change. Functionality drives adoption, not security, and if a team discovers a service offering that can help them get their product to market quicker than the competition, they can and should use it. SEC510 gives you the ability to give relevant and modern guidance to these teams and enable them to move quickly and safely by providing guardrails.

This talk is being delivered via SANS Live Online: SANS@Mic webcast. Register here!


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, June 22
Session Speaker Time Type
SANS Live Online: SANS@MIC - Infrastructure as Code is REAL: Using the Cloud to Provision Infrastructure with Software Shaun McCullough Monday, June 22nd, 6:30pm - 7:30pm SANS@Night
Wednesday, June 24
Session Speaker Time Type
SANS Live Online: SANS @MIC Talk - COURSE PREVIEW - SEC510: Cloud Platform Security Assessment and Defense Eric Johnson, Brandon Evans Wednesday, June 24th, 6:30pm - 7:30pm SANS@Night