sans-cloud-flight-simulator-sec540

Amidst the dynamic landscape of cloud technology and DevOps practices, the challenges confronting organizations embracing DevOps culture continue to evolve. The latest iteration of our SEC540: Cloud Security and DevSecOps Automation course delves deeper into these challenges, equipping professionals with cutting-edge tools and concepts to combat modern threats in Cloud and DevOps security. Here's an overview of what's new:

SANS Cloud Security Flight Simulator

Introducing the SANS Cloud Security Flight Simulator! Students no longer need to run a VMWare virtual machine locally or bring their own AWS / Azure cloud accounts. Instead, students connect their browser to a SANS managed “DevOps server” running GitLab, VSCode, Vault, and Terminal services. This creates a more immersive, clean, and realistic lab environment for students to learn.

https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltab1e617db5e9027d/658f31b313cde9a14320049c/231229_WhatsNewSEC540_Pic1.png

GitLab CI/CD

After his many years of service, our dear friend Jenkins has retired. Each year, the SANS 2023 DevSecOps Survey reviews hundreds of organizations and their DevSecOps maturity. The 2023 results showed 60% of organizations moving to cloud hosted CI / CD solutions, such as GitHub Actions and GitLab CI. Student feedback over the years has shown a similar movement. Following this trend, SEC540’s lab environment has retired Jenkins and migrated all CI / CD pipelines to GitLab CI. Leveraging GitLab CI/CD allows students to experience a modern, real-world DevOps environment.

https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt2356f093bbb19c11/658f31b3b17790636bd0231c/231229_WhatsNewSEC540_Pic2.png

Cloud Infrastructure as Code

For many years, SEC540 taught students how to use both CloudFormation and Terraform for automating their cloud infrastructure deployments. The SANS 2023 Multicloud Survey reports that over 85% of organizations are using multiple cloud providers, which highlights the importance of learning one infrastructure as code language capable of deploying resources to multiple cloud providers. With the latest release, SEC540 utilizes Terraform HCL (HashiCorp Language) for both AWS and Azure to ensure parity between environments and facilitate a consistent learning experience regardless of the selected cloud platform.

https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltcda10455e1f6cea9/658f31b3a8ee435223199143/231229_WhatsNewSEC540_Pic3.png

In-Depth Kubernetes Security

SEC540 has covered container and orchestrator security since the first release back in 2017. Each year, significant updates have been made to keep up with the changes in the cloud native landscape. With the Kubernetes managed cloud offerings and cloud-native security tools improving over the years, most of the industry is now running their workloads in Kubernetes. To meet this demand, SEC540 is now covering a full day of Kubernetes security providing a comprehensive exploration of Kubernetes security foundations, workload and pod identity, admission control, runtime monitoring, and service mesh controls.

https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt326303b36a115fc6/658f31b3b0fbcb7b006277cc/231229_WhatsNewSEC540_Pic4.png

Supply Chain Security

The Sonatype State of the Supply Chain report estimates a 750% year-over-year increase in supply chain attacks. In response to the increase, an Executive Order was issued seeking a litany of changes, including increased usage of Software Bill of Materials (SBOMs). This Executive Order then led to the development of supply chain security guidance including NIST SP 800-218, also referred to as the Secure Software Development Framework (SSDF). SEC540 now covers the threats that apply to developing, distributing, and deploying software as outlined by the Supply-chain Levels for Software Artifacts (SLSA, pronounced “salsa”). Students learn how to integrate supply chain security tools into cloud native CI / CD pipelines using tools such as Trivy, Sigstore, Syft, and Docker BuildKit.

https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt1192c99f51873213/658f31b34dad155f00e554fe/231229_WhatsNewSEC540_Pic5.png

Conclusion

With these enhancements, SEC540: Cloud Security and DevSecOps Automation can better help students understand and secure the modern DevOps workflow, from version control to managing cloud-native workloads in Kubernetes.

SANS Cloud Flight Simulator | 4-Part Webcast Series

For more information and live demonstrations, join us for the 4-part Cloud Flight Simulator series:

• Part 1: GitLab CI, Workflows, and Secrets 

• Part 2: Protecting Kubernetes Clusters with Admission 

• Part 3: Safeguarding the Software Supply Chain 

• Part 4: Least Privileged Pods with Kubernetes Workloads 

About the Authors & Contributors

Keeping up with the real-world DevSecOps landscape requires a tremendous amount of engineering from talented folks in the industry. Special thank you to the course authors and contributors for bringing the new version of SEC540 to life: Eric Johnson, Ben Allen, Frank Kim, Jon Zeolla, and Ahmed Abugharbia