SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC540: Cloud Native Security and DevSecOps Automation
SEC540Cloud Security
- 5 Days (Instructor-Led)
- 38 Hours (Self-Paced)
Course created by:
Ben Allen, Eric Johnson & Frank Kim
Course created by:Ben Allen, Eric Johnson & Frank Kim
- GIAC Cloud Security Automation (GCSA)
- 38 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 35 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Gain the skills and methodology to secure modern Cloud Native, DevSecOps, and Kubernetes environments through hands-on labs using security controls in CI/CD pipelines for cloud systems.
Featured Quote
BEST class I have ever taken at SANS. This is one of those courses where I can log into work after class ends and immediately start applying into my daily tasks and responsibilities. I already went on my team's Slack channel and told them this needs to be the next class they take.
Course Overview
The SANS SEC540 DevSecOps training course prepares security professionals to secure cloud-native and DevOps environments by implementing security controls in automated pipelines. It addresses challenges like insecure CI/CD pipelines, misconfigurations, and Kubernetes vulnerabilities while providing hands-on labs to develop practical skills. The course equips students with a DevSecOps mindset to enhance cloud infrastructure security and resilience.
What You’ll Learn
- Understand DevOps principles for secure workflows
- Integrate security scanning into CI/CD pipelines
- Manage secrets and automate infrastructure with IaC
- Harden and monitor containers and Kubernetes
- Secure software supply chain with SBOMs and artifact signing
- Automate compliance with policy guardrails and remediation
Business Takeaways
- Build a security team skilled in cloud-native security and DevSecOps
- Collaborate with DevOps to integrate security early in development
- Utilize cloud-native services for deployment, hardening, and monitoring
- Prepare for container and Kubernetes migrations with adaptability
- Enhance security with cloud monitoring and automated threat response
- Implement centralized audit pipelines and compliance-as-code
Meet Your Authors
- Slide 1 of 3
Ben Allen
Ben Allen is a Cloud Security Architect at the SANS Institute and a co-author of SEC540: Cloud Security and DevSecOps Automation.
Read more about Ben Allen - Slide 2 of 3
Eric Johnson
Senior InstructorEric is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. He is co-author and instructor for three SANS Cloud Security courses.
Read more about Eric Johnson - Slide 3 of 3
Frank Kim
FellowFrank Kim is the Founder of ThinkSec, a security consulting and CISO advisory firm. He leads the Cybersecurity Leadership and Cloud Security curricula at SANS, as well as authors and instructs multiple SANS courses.
Read more about Frank Kim
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC540: Cloud Native Security and DevSecOps Automation.
Section 1DevOps Security Automation
This section introduces DevOps practices by analyzing and securing a vulnerable Version Control and Continuous Integration (CI) system, teaching students to identify risks, harden workflows, automate code analysis, and securely manage secrets with tools like HashiCorp Vault and AWS Secrets Manager.
Topics covered
- DevOps and Security Challenges
- DevOps Toolchain
- Securing DevOps Workflows
- Pre-Commit Security Controls
Labs
- Attacking the DevOps Toolchain
- Version Control Security
- Automating Code Analysis
- Protecting Secrets with Vault
- CloudWars Bonus Challenges
Section 2Cloud Infrastructure Security
In section two, students deploy cloud infrastructure with Terraform, harden network configurations, automate configuration management with Packer and Ansible, and secure container images for Kubernetes by managing misconfigurations, scanning for vulnerabilities, and securing the software supply chain with SBOMs and artifact signing.
Topics covered
- Cloud Infrastructure as Code
- Configuration Management as Code
- Container Security Lifecycle
- Software Supply Chain Security
Labs
- Infrastructure as Code Network Hardening
- Gold Image Creation
- Container Image Hardening
- Container Software Supply Chain Security
- CloudWars Bonus Challenges
Section 3Cloud Native Security Operations
In section three, students deploy and secure Kubernetes workloads in cloud-native services like AWS EKS and Azure AKS, applying security controls such as RBAC, workload identity, and admission control, and enabling real-time monitoring and alerting.
Topics covered
- Kubernetes Architecture, Resources, and Deployments
- Kubernetes Risks and Security Controls
- Kubernetes Workload Security
- Kubernetes Runtime Security
- Continuous Security Monitoring
Labs
- Container Registry Security
- Kubernetes Workload Identity
- Kubernetes Admission Control
- Continuous Security Monitoring
- CloudWars Bonus Challenges
Section 4Microservice and Serverless Security
In section four, students learn to secure containerized and serverless workloads with blue/green deployments, CDNs, API gateways, and microservice architectures, ending with a deep dive into serverless pipelines for Azure Functions and AWS Lambda.
Topics covered
- Deployment Orchestration using Cloud Native Services
- Secure Content Delivery
- Microservice Security
- Serverless Security
Labs
- Automated Patch Deployment
- Content Protection
- Microservice Security
- Serverless Security for Cloud FaaS with GitLab CI
- CloudWars Bonus Challenges
Section 5Continuous Compliance and Protection
In section five, students learn to automate cloud security compliance with tools like CSPM and WAF, implement policy as code for automated remediation, and manage cloud configuration drift.
Topics covered
- Continuous Compliance
- Runtime Security Protection
- Automated Remediation
Labs
- Cloud Security Posture Management (CSPM)
- Blocking Attacks with Azure and AWS WAF
- Automated Remediation with Cloud Custodian
- CloudWars Bonus Challenges
Things You Need To Know
Relevant Job Roles
Systems Security Analyst (DCWF 461)
DoD 8140: Software EngineeringEnsures systems and software security from development to maintenance by analyzing and improving security across all lifecycle phases.
Explore learning pathCloud Security Engineer
Cloud SecurityBuilding security solutions for cloud workflows
Explore learning pathSystems Developer (DCWF 632)
DoD 8140: Cyber ITOversees full lifecycle of information systems from design through evaluation, ensuring alignment with functional and operational goals.
Explore learning pathVulnerability Assessment Analyst (DCWF 541)
DoD 8140: CybersecurityAssesses systems and networks to ensure compliance with policies and identify vulnerabilities in support of secure and resilient operations.
Explore learning pathTechnology Research and Development (OPM 661)
NICE: Design and DevelopmentResponsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning pathIT Investment/Portfolio Manager (DCWF 804)
DoD 8140: Cyber EnablersOversees a portfolio of IT capabilities aligned to enterprise goals, prioritizing needs, solutions, and value delivery to the organization.
Explore learning pathInformation Systems Security Developer (DCWF 631)
DoD 8140: CybersecurityDesigns and evaluates information system security throughout the software lifecycle to ensure confidentiality, integrity, and availability.
Explore learning pathCyber Defense Infrastructure Support Specialist (DCWF 521)
DoD 8140: CybersecurityDeploys, configures, maintains infrastructure software and hardware to support secure and effective IT operations across organizational systems.
Explore learning pathInformation Systems Security Manager (DCWF 722)
DoD 8140: CybersecurityOversees program, system, or enclave cybersecurity, ensuring protection from cyber threats and compliance with organizational standards.
Explore learning pathCOMSEC Manager (DCWF 723)
DoD 8140: CybersecurityManages organization’s COMSEC resources to ensure secure handling of communications materials as required by national and agency policies.
Explore learning pathProduct Support Manager (DCWF 803)
DoD 8140: Cyber EnablersManages support resources and readiness for system components, ensuring operational capability through lifecycle logistics and maintenance.
Explore learning pathData Architect (DCWF 653)
DoD 8140: Data/AIDesigns system data models and flow architectures to meet mission or business data requirements using scalable and efficient solutions.
Explore learning pathSecurity Architect (DCWF 652)
DoD 8140: CybersecurityDesigns secure enterprise systems considering environmental constraints and translates them into enforceable security processes and protocols.
Explore learning pathSecurity Control Assessor (DCWF 612)
DoD 8140: CybersecurityConducts independent assessments of IT system security controls to evaluate their overall effectiveness in protecting mission-critical systems.
Explore learning pathSoftware Security Assessment (OPM 622)
NICE: Design and DevelopmentResponsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.
Explore learning pathEnterprise Architecture (OPM 651)
NICE: Design and DevelopmentResponsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Explore learning pathSecure Systems Development
NICE: Design and DevelopmentResponsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.
Explore learning pathSoftware/Cloud Architect (DCWF 628)
DoD 8140: Software EngineeringDefines technical system specs including cloud strategy and software integration to meet business or mission-aligned system requirements.
Explore learning pathSystems Requirements Planner (DCWF 641)
DoD 8140: Cyber ITTranslates functional needs into technical solutions by consulting with customers and developing system architectures and requirements.
Explore learning pathSecure Software Development (OPM 621)
NICE: Design and DevelopmentResponsible for developing, creating, modifying, and maintaining computer applications, software, or specialized utility programs.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Jon ZeollaDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Singapore, SG & Virtual (live)
Instructed by David HazarDate & TimeFetching schedule..View event detailsCourse price$8,900 USD*Prices exclude applicable local taxes - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Eric Johnson & Dakota RileyDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
San Antonio, TX, US & Virtual (live)
Instructed by Eric JohnsonDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by David HazarDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxes - Location & instructor
Virginia Beach, VA, US & Virtual (live)
Instructed by Jon ZeollaDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Virginia Beach, VA, US & Virtual (live)
Instructed by Jon ZeollaDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Raleigh, NC, US & Virtual (live)
Instructed by David HazarDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes
Showing 8 of 26
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4Every single person I've sent to class has loved it. It's been transformational for them because it goes beyond security concepts and teaches how modern operations and DevOps works. It's also impactful sending developers (who are not working in cloud yet) because they want to develop in cloud and get into concepts like Infrastructure as Code.
- Slide 2 of 4This course definitely makes security in DevOps more relatable and concrete. Love that we are asked to fix issues.
- Slide 3 of 4Instructor is fantastic. Extremely knowledgeable in the subject matter and has easily answered many complicated questions.
- Slide 4 of 4SEC540 truly deserves the 5 of 5 excellent rating. I really can't express how impressed I am with my first SANS course.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources