Courses

Courses

Core

SEC540: Cloud Security and DevOps Automation

SEC540 provides security professionals with a methodology for securing modern Cloud and DevOps environments. Students learn how to implement over 20 DevSecOps Security Controls for building, testing, deploying, and monitoring cloud infrastructure and services. Immersive hand-on labs ensure students not only understand theory, but how to configure and implement each security control. By embracing the DevOps culture, you will walk away battle tested and ready to build to your organization's Cloud & DevOps Security program.

Learn More


SEC545: Cloud Security Architecture and Operations

As more organizations move data and infrastructure to the cloud, security is becoming a major priority. Operations and development teams are finding new uses for cloud services, and executives are eager to save money and gain new capabilities and operational efficiency by using these services. But, will information security prove to be an Achilles' heel? Many cloud providers do not provide detailed control information about their internal environments, and quite a few common security controls used internally may not translate directly to the public cloud. The SEC545 course, Cloud Security Architecture and Operations, will tackle these issues one by one.

Learn More


Specialization

MGT516: Managing Security Vulnerabilities: Enterprise and Cloud

MGT516 will help you think more strategically about vulnerability management so you can mature your organization's program. By understanding common issues and their solutions, you will be better prepared to meet the challenges of today and tomorrow. Through class discussions and other hands-on exercises, you will learn specific analysis and reporting techniques that will enable you to effectively communicate the problems you and your peers are facing and how they can be solved.

Learn More


SEC588: Cloud Penetration Testing

SEC588 will equip you with the latest in cloud focused penetration testing techniques and teach you how to assess cloud environments. In this course we dive into topics like cloud based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers, as well as identifying and testing in cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and AWS, particularly important given that Amazon Web Services and Microsoft account for more than half of the market. It's one thing to asses and secure a datacenter, but it takes a specialized skill-set to truly assess and report on the risk that an organization faces if their cloud services are left insecure.

Learn More


Foundational

SEC488: Cloud Security Essentials

Welcome to SANS SEC488: Cloud Security Essentials. This course covers Amazon Web Services, Azure, Google Cloud, and other cloud service providers (CSPs). Like foreign languages, cloud environments have similarities and differences. Upon completion of this course, you will be able to advise and speak about a wide range of topics and help your organization successfully navigate both the cybersecurity challenges as well as opportunities presented by CSPs.

Learn More


SEC522: Defending Web Applications Security Essentials

This is the course to take if you have to defend web applications! The quantity and importance of data entrusted to web applications is increasing, and defenders need to learn how to secure these critical data. Traditional network defenses such as firewalls fail to secure web applications. In covering the OWASP Top 10 Risks and beyond, SEC522 will help you better understand web application vulnerabilities, thus enabling you to properly defend your organization's web assets.

Learn More


SEC534: Secure DevOps: A Practical Introduction

SEC534: Secure DevOps: A Practical Introduction explains the fundamentals of DevOps and how DevOps teams can build and deliver secure software. You will learn DevOps principles, practices, and tools and how they can be leveraged to improve the reliability, integrity, and security of systems.

Learn More