Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Group Purchasing
Group Purchasing

AI Prompt Kit for Vulnerability Management

Login to download
AI Prompt Kit for Vulnerability Management (PDF, 0.13MB)Published: 27 May, 2026
Created by:
Dave Shackleford
Dave Shackleford for SEC501: Advanced Security Essentials - Enterprise Defender

Put AI to work on your most time-consuming vulnerability management tasks. This prompt kit from SANS Senior Instructor Dave Shackleford delivers four copy/paste prompts designed for security practitioners who need faster triage, cleaner dev handoffs, and clearer attack-path context—without sacrificing the judgment that only you can provide.

Each prompt is built around a real workflow: prioritizing CVEs beyond CVSS scores, translating findings into developer-ready remediation, analyzing scan reports for compound and lateral movement risks, and generating cloud-scale patching playbooks across AWS, Azure, and GCP workloads. Follow-up prompts are included for each scenario to push the analysis further.

Originally developed to support SEC501: Advanced Security Essentials – Enterprise Defender, this kit is a practical reference for any defender working vulnerability management at scale.

Meet Your Author

Dave Shackleford
Dave Shackleford

Dave Shackleford

Senior Instructor

Dave Shackleford, founder of Voodoo Security, has advanced cybersecurity through his leadership roles, including serving as CTO for the Center for Internet Security, where he coordinated the first published virtualization security benchmarks.

Read more about Dave Shackleford

Related Resources

Using AI for Source Code Vulnerability Analysis

Poster & Cheat SheetsOffensive Operations
  • 14 May 2026

The Intelligence Analyst’s Playbook

Poster & Cheat SheetsCyber Defense
  • 13 Feb 2026

Detection Engineering

Poster & Cheat SheetsCyber Defense
  • 9 Feb 2026

Related Courses

  • Slide 1 of 22

    FOR478: Cyber Threat Intelligence Foundations

    BETA
    Essentials
    FOR478Digital Forensics and Incident Response
    FOR498: Digital Acquisition and Rapid Triage
    • 2 Days (Instructor-Led)
    • 12 CPEs / 12 Hours
    • Labs: 8 Hands-On Labs

    View course detailsRegister
  • Slide 2 of 22

    SEC535: Offensive AI - Attack Tools and Techniques

    NEW
    AI-FOCUSED
    Intermediate
    SEC535Offensive Operations, Artificial Intelligence
    SEC535: Offensive AI - Attack Tools and Techniques
    • GIAC Offensive AI Analyst (GOAA)
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 14 Hands-On Labs

    View course detailsRegister
  • Slide 3 of 22

    SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

    AI-FOCUSED
    Advanced
    SEC595Cyber Defense, Artificial Intelligence
    SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
    • GIAC Machine Learning Engineer (GMLE)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 30 Hands-On Labs

    View course detailsRegister
  • Slide 4 of 22

    SEC275: Foundations: Computers, Technology, & Security

    Beginner
    SEC275Cyber Defense
    SEC406: Linux Security for InfoSec Professionals
    • GIAC Foundational Cybersecurity Technologies (GFACT)
    • 38 CPEs / 38 Hours (Self-Paced)
    • Labs: 90 Hands-On Labs

    View course detailsRegister
  • Slide 5 of 22

    SEC503: Network Monitoring and Threat Detection In-Depth

    Intermediate
    SEC503Cyber Defense
    SEC503: Network Monitoring and Threat Detection In-Depth
    • GIAC Certified Intrusion Analyst (GCIA)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 37 Hands-On Labs

    View course detailsRegister
  • Slide 6 of 22

    SEC501: Advanced Security Essentials - Enterprise Defender

    Intermediate
    SEC501Cyber Defense
    SEC501: Advanced Security Essentials - Enterprise Defender
    • GIAC Certified Enterprise Defender (GCED)
    • 6 Days (Instructor-Led)
    • 38 CPEs / 38 Hours (Self-Paced)
    • Labs: 25 Hands-On Labs

    View course detailsRegister
  • Slide 7 of 22

    SEC573: AI-Powered Security Automation: Building Tools with Python, LLMs, and MCP

    MAJOR UPDATES
    AI-FOCUSED
    Advanced
    SEC573Cyber Defense, Artificial Intelligence
    SEC573: Automating Information Security with Python
    • GIAC Python Coder (GPYC)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 128 Hands-On Labs

    View course detailsRegister
  • Slide 8 of 22

    SEC497: Practical Open-Source Intelligence (OSINT)

    Intermediate
    SEC497Cyber Defense
    SEC497: Practical Open-Source Intelligence (OSINT)
    • GIAC Open Source Intelligence (GOSI)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 29 Hands-On Labs

    View course detailsRegister
  • Slide 9 of 22

    SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations

    MAJOR UPDATES
    AI SKILLS
    Intermediate
    SEC450Cyber Defense
    SEC450: Blue Team Fundamentals: Security Operations and Analysis
    • GIAC Security Operations Certified (GSOC)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 10 of 22

    SEC401J: Security Essentials - Network, Endpoint, and Cloud (Japanese)

    Essentials
    SEC401JCyber Defense
    SEC401: Security Essentials - Network, Endpoint, and Cloud
    • GIAC Security Essentials (GSEC)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 11 of 22

    SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis

    AI SKILLS
    Advanced
    SEC587Cyber Defense
    SEC587
    • GIAC Strategic OSINT Analyst (GSOA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 28 Hands-On Labs

    View course detailsRegister
  • Slide 12 of 22

    SEC411: AI Security Principles and Practices: GenAI and LLM Defense

    NEW
    AI-FOCUSED
    Intermediate
    SEC411Cyber Defense, Artificial Intelligence
    SEC411
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 5 Hands-On Labs

    View course detailsRegister
  • Slide 13 of 22

    SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring

    Intermediate
    SEC511Cyber Defense
    SEC511: Continuous Monitoring and Security Operations
    • GIAC Continuous Monitoring Certification (GMON)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 18 Hands-On Labs

    View course detailsRegister
  • Slide 14 of 22

    SEC555: Detection Engineering and SIEM Analytics

    Intermediate
    SEC555Cyber Defense
    SEC555: SIEM with Tactical Analytics
    • GIAC Certified Detection Analyst (GCDA)
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 18 Hands-On Labs

    View course detailsRegister
  • Slide 15 of 22

    SEC545: GenAI and LLM Application Security

    NEW
    AI-FOCUSED
    Advanced
    SEC545Cloud Security, Artificial Intelligence
    SEC545: GenAI and LLM Application Security
    • GIAC AI Platform Security (GAIPS)
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 16 of 22

    SEC495: Leveraging LLMs: Building & Securing RAG, Contextual RAG, and Agentic RAG

    AI-FOCUSED
    Essentials
    SEC495Cyber Defense, Artificial Intelligence
    SEC495: Leveraging LLMs: Building & Securing RAG, Contextual RAG, and Agentic RAG
    • 7 CPEs / 7 Hours (Self-Paced)

    View course detailsRegister
  • Slide 17 of 22

    SEC401: Security Essentials

    Essentials
    SEC401Cyber Defense
    SEC401: Security Essentials - Network, Endpoint, and Cloud
    • GIAC Security Essentials (GSEC)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 18 of 22

    SEC673: Advanced Information Security Automation with Python

    Advanced
    SEC673Cyber Defense
    SEC673: Advanced Information Security Automation with Python
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 27 Hands-On Labs

    View course detailsRegister
  • Slide 19 of 22

    FOR563: Applied AI for Digital Forensics and Incident Response: Leveraging Local Large Language Models

    NEW
    AI-FOCUSED
    Intermediate
    FOR563Digital Forensics and Incident Response, Artificial Intelligence
    FOR509: Enterprise Cloud Forensics and Incident Response
    • 1 Day (Instructor-Led)
    • 6 CPEs / 6 Hours (Self-Paced)
    • Labs: 4 Hands-On Labs

    View course detailsRegister
  • Slide 20 of 22

    SEC301: Introduction to Cyber Security

    MAJOR UPDATES
    AI SKILLS
    Beginner
    SEC301Cyber Defense
    SEC673: Advanced Information Security Automation with Python
    • GIAC Information Security Fundamentals (GISF)
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 14 Hands-On Labs

    View course detailsRegister
  • Slide 21 of 22

    SEC598: AI and Security Automation for Red, Blue, and Purple Teams

    AI-FOCUSED
    Intermediate
    SEC598Offensive Operations, Artificial Intelligence
    SEC598: AI and Security Automation for Red, Blue, and Purple Teams
    • GIAC AI Security Automation Engineer (GASAE)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 25 Hands-On Labs

    View course detailsRegister
  • Slide 22 of 22

    SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise

    Intermediate
    SEC530Cyber Defense
    SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
    • GIAC Defensible Security Architecture (GDSA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 24 Hands-On Labs

    View course detailsRegister