SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsA SANS and RSAC collaboration revealing how the world’s most dangerous cyberattacks are advancing—and what it means for today’s security leaders.

Author: Heather Barnhart, SANS Fellow and Head of Faculty
Heather explores how gaps in forensic artifacts and logging create “dark periods” that blind defenders during critical incidents. Drawing lessons from high-profile cases and recent breaches, this research provides essential guidance for achieving forensic readiness and ensuring visibility.
Join the RSAC™ Membership for free to access this white paper and other exclusive content.
(This link will take you to our partner site, RSAC.)

When the logs go dark, attackers win. Heather Barnhart reveals why missing forensic artifacts leave defenders blind—and how to close those gaps before the next breach.
Knowing what’s normal on a Windows host helps cut through the noise to quickly locate potential malware. Use this information as a reference to know what’s normal in Windows and to focus your attention on the outliers.
DFIR combines cybersecurity, threat hunting, and investigative techniques to identify, analyze, respond to, and proactively hunt cyber threats and criminal activity.
Author: Rob T. Lee, SANS Chief of Research and Chief AI Officer
Examine how privacy and AI laws constrain defenders, and why creating a cybersecurity safe harbor is essential to keep pace with adversaries.
Join the RSAC™ Membership for free to access this white paper and other exclusive content.
(This link will take you to our partner site, RSAC.)

AI makes attackers faster—automated recon, self-rewriting malware, phishing campaigns testing a thousand variants before lunch. They’re running at machine speed, not asking for permission.
This blueprint turns AI chaos into secure, auditable deployment — mapped to global standards, and ready for action.
Backed by global standards leadership and real-world expertise, we prepare professionals at every level to lead safely and confidently in the age of AI.
Author: Joshua Wright, SANS Fellow
Understand how attackers exploit identity sprawl across SSO, tokens, and SaaS to evade detection, and what defenders can do to regain visibility and control.
Join the RSAC™ Membership for free to access this white paper and other exclusive content.
(This link will take you to our partner site, RSAC.)

Attackers aren’t breaking in—they’re logging in. Josh Wright uncovers how “authorization sprawl” is fueling major breaches, and why cloud-to-on-prem identity gaps are the hidden battleground.
Knowing how to safeguard sensitive information in cloud environments is crucial for preventing cyber threats, ensuring compliance, and maintaining business continuity.
Author: Tim Conway, SANS Fellow From production outages to targeted sabotage, Tim Conway examines how criminal and nation-state actors exploit ICS vulnerabilities to create cascading consequences for critical infrastructure.
Release Date: November 3

Join us on November 13 for the exclusive launch of the Most Dangerous New Attack Techniques eBook and a live webcast with the RSAC keynote experts. We’ll connect the dots across four emerging threat domains, from forensics blind spots to AI regulations, authorization sprawl, and destructive ICS threats— and break down what they mean for today’s security leaders.
Reserve Your Spot