SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC510: Cloud Security Controls and Mitigations
SEC510Cloud Security
- 5 Days (Instructor-Led)
- 38 Hours (Self-Paced)
Course created by:
Brandon Evans & Eric Johnson
Course created by:Brandon Evans & Eric Johnson
- GIAC Public Cloud Security (GPCS)
- 38 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 24 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Learn to prevent cloud incidents from becoming breaches using controls that matter. Analyze real case studies and implement the exact strategies that would have mitigated them.
Featured Quote
The course provided so much information and details about security misconfigurations and mistakes in the cloud that one would not believe fit into the week. Very comprehensive, but the scary thing is that it feels like it is barely scratching the surface! Awesome job by the course authors.
Course Overview
Protecting multicloud environments is tough but essential. Default controls often fall short, and what works for one cloud service provider (CSP) may fail in another. SEC510 delivers advanced training in attack-driven controls over compliance and teaches practical strategies to reduce risk and defend critical cloud assets.
What You’ll Learn
- Make informed choices across AWS, Azure, and GCP with deep dives into their Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) offerings
- Learn from real-world case studies of attacks impacting even mature cloud security programs
- Test and validate how security controls actually work instead of trusting vendor documentation
- Build layered Identity and Access Management (IAM) with advanced conditions, and integrate identity into network security
- Automate encryption and compliance checks at scale
- Acquire techniques to prevent, mitigate, and recover from ransomware
- Secure modern environments, including Function as a Service (FaaS) architecture, cross-cloud setups, and Infrastructure as Code (IaC)-based deployments
Business Takeaways
- Reduce the attack surface of your organization's cloud environments
- Prevent incidents from becoming breaches through defense in-depth
- Control the confidentiality, integrity, and availability of data in the Big 3 CSPs
- Increase use of secure automation to keep up with the speed of today's business environment
- Resolve unintentional access to sensitive cloud assets
- Reduce the risk of ransomware impacting your organization's cloud data
Meet Your Authors
- Slide 1 of 2
Brandon Evans
Senior InstructorBrandon is an independent security consultant and SANS Senior Instructor. He is lead author for SEC510: Cloud Security Controls and Mitigations; GPCS holder #1, multi-year RSA Conference presenter, and cloud Bug Bounty collector.
Read more about Brandon Evans - Slide 2 of 2
Eric Johnson
Senior InstructorEric is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. He is co-author and instructor for three SANS Cloud Security courses.
Read more about Eric Johnson
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC510: Cloud Security Controls and Mitigations.
Section 1Cloud Identity and Access Management
SEC510 begins with cloud breach trends and the challenges of multicloud. Students explore IAM and machine identity risks, practice real-world attacks, and use tools like IAM analyzers to detect Broken Access Control. The section ends with strategies to prevent privilege escalation.
Topics covered
- Cloud Identity and Access Management
- Cloud Managed Identity and Metadata
- Broken Access Control and Policy Analysis
- IAM Privilege Escalation
Labs
- IAM Fundamentals
- Virtual Machine Credential Exposure
- Broken Access Control and Policy Analysis
- IAM Privilege Escalation
- Bonus Challenges (Section 1)
Section 2Cloud Virtual Networks
Section 2 focuses on securing cloud infrastructure and data by locking down network access. Students learn to restrict traffic, secure VMs, use private endpoints for PaaS, prevent RCE with data exfiltration, and analyze flow logs to detect malicious activity across all three major clouds.
Topics covered
- Cloud Virtual Networks
- Protecting Public Virtual Machines
- Private Endpoint Security and Abuse
- Enabling Traffic Monitoring
Labs
- Control Ingress Traffic
- Protecting Public Virtual Machines
- Control Egress Traffic with Private Endpoints
- Remote Code Execution via Private Endpoint Abuse
- Bonus Challenges (Section 2)
Section 3Cloud Data Security
Section 3 focuses on cloud data security, covering encryption, secure storage, ransomware defense, and access control. Students explore key management, in-transit encryption, and advanced storage protections like file versioning, data retention, and detecting sensitive data exposure.
Topics covered
- Cryptographic Key Management
- Encryption with Cloud Services
- Cloud Storage Platforms
- Sensitive Data Exfiltration
- Sensitive Data Detection
Labs
- Detect and Prevent Improper Key Usage
- Encrypt All the Things!
- Recover From Ransomware
- Sensitive Data Detection and Exfiltration
- Bonus Challenges (Section 3)
Section 4Cloud Application Services and User Security
Section 4 covers securing cloud app infrastructure and users, starting with serverless FaaS benefits and risks. Students harden real serverless functions, explore Customer Identity and Access Management (CIAM) threats like account takeover via Amazon Cognito, and protect the most critical services in Google Cloud’s Firebase platform.
Topics covered
- Cloud Serverless Functions
- Cloud Customer Identity and Access Management
- Firebase Databases and Google Cloud Implications
Labs
- Serverless Prey
- Harden Serverless Functions
- Using and Exploiting CIAM
- Broken Firebase Database Access Control
- Bonus Challenges (Section 4)
Section 5Multicloud and Cloud Security Posture Management
The final section covers multicloud operations, focusing on IAM risks, safe credential use, and Workload Identity Federation. Students automate security checks with CSPM tools, explore trust issues with third-party platforms, and study how to mitigate a real cloud security vendor vulnerability using Microsoft Defender as a case study.
Topics covered
- Multicloud Access Management
- Cloud Security Posture Management
- Vendor Integration and Multicloud Security
- Summary and Additional Resources
Labs
- Secure Multicloud Integration
- Automated Benchmarking
- Prevent Cross-Cloud Confused Deputy
- Bonus Challenges (Section 5)
Things You Need To Know
Relevant Job Roles
Cloud Security Engineer
Cloud SecurityBuilding security solutions for cloud workflows
Explore learning pathCloud Security Analyst
Cloud SecurityUsing cloud security solutions to respond to incidents and enable defenses
Explore learning pathCybersecurity Architecture (OPM 652)
NICE: Design and DevelopmentResponsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.
Explore learning pathTechnology Research and Development (OPM 661)
NICE: Design and DevelopmentResponsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning pathEnterprise Architecture (OPM 651)
NICE: Design and DevelopmentResponsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Explore learning pathSecure Systems Development
NICE: Design and DevelopmentResponsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.
Explore learning pathSecurity Control Assessment (OPM 612)
NICE: Oversight and GovernanceResponsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Brandon EvansDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Singapore, SG & Virtual (live)
Instructed by Brandon EvansDate & TimeFetching schedule..View event detailsCourse price$8,900 USD*Prices exclude applicable local taxes - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Brandon EvansDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Boston, MA, US & Virtual (live)
Instructed by Simon VernonDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
London, GB & Virtual (live)
Instructed by Simon VernonDate & TimeFetching schedule..View event detailsCourse price£7,160 GBP*Prices exclude applicable taxes | EUR price available during checkout - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Brandon EvansDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Denver, CO, US & Virtual (live)
Instructed by Brandon EvansDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Brandon EvansDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxes
Showing 8 of 12
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4One of the best SANS courses I have taken. I am going to recommend this training to other company InfoSec Professionals in our company.
- Slide 2 of 4I maintain that this is the single best SANS class available (and I just got my 8th cert). If you can only take one course - this is the one.
- Slide 3 of 4If you Cloud, you need this course - <period>.
- Slide 4 of 4I would definitely recommend this course. I consider the security topics covered to be critical knowledge for companies that are hosting in the cloud. The course content has been very well put together, well researched, and is very applicable.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources