SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThis cheatsheet depicts the identity federation between Azure Active Directory (AAD) and Google Workspace leveraging AAD as the source of truth for all users and group membership. The diagram illustrates Google Cloud permissions being assigned at various points of the hierarchy to synced identities and cascade to downstream resources.
The SANS SEC549 course materials are built around the fictional company, Delos International Management and its phased journey to the cloud. In course labs, students play the role of Delos Security Architects, tasked with helping them navigate their transformation into a cloud-first organization.
This architecture was created to support a specific business use case. The Delos Robotics team is centralizing their datasets and operations into the Google Cloud BigQuery service. This necessitated the syncing of users and groups from Azure Active Directory to Google Workspace and federation - allowing members of the Robotics team to use their corporate credentials when accessing Google Cloud resources.
An initial Google Cloud hierarchy has been created binding roles at different levels to scope permissions. Identities and managed boundaries are depicted in this diagram with Separate projects for identity federation containing OIDC connections and the Robotics team BigQuery instance.
This cheat sheet was developed by Kat Traxler to support SEC549: Cloud Security Architecture.
Eric is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. He is co-author and instructor for three SANS Cloud Security courses.
Learn moreKat Traxler is the Principal Security Researcher at Vectra AI focusing on threat detection in the public cloud. Prior to her current role, she worked in various stages in the SDLC performing web application penetration testing and security architecture design for Web, IAM, Payment Technologies and Cloud Native Technologies. She is the lead author of SEC549: Cloud Security Architecture.
Learn more