SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC598: Security Automation for Offense, Defense, and Cloud
SEC598Offensive Operations
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course created by:
Jason Ostrom & Jeroen Vandeleur
Course created by:Jason Ostrom & Jeroen Vandeleur
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Intermediate Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 23 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Transform your security team's potential by automating critical prevention, detection, and response workflows to outmaneuver emerging cyber threats.
Featured Quote
Having these two trainers coming from different fields is an amazing added value. They complement each other so well!
Course Overview
SEC598: Security Automation for Offense, Defense, and Cloud will equip you with the expertise to apply automated solutions to prevent, detect, and respond to security incidents. Students first train to understand the concept of automation then learn how existing technologies can be best leveraged to build automation stories that translate repeatable problems to automated scripts.
What You’ll Learn
- Transform repeatable tasks into automated workflows
- Automate threat prevention and response strategies
- Enhance SOC operational effectiveness
- Implement Infrastructure as Code (IaC) techniques
- Design cloud-native security automation
- Develop advanced incident response capabilities
- Create continuous purple teaming approaches
Business Takeaways
- Boost team efficiency with automation
- Accelerate detection and response workflows
- Streamline SOC operations across tiers
- Automate security in AWS and Azure
- Enhance red and purple team capabilities
- Integrate security into CI CD pipelines
- Increase ROI through scalable automation
Meet Your Authors
- Slide 1 of 2
Jason Ostrom
Certified InstructorJason Ostrom has revolutionized cybersecurity by developing open-source tools like PurpleCloud and Automated Emulation, enabling scalable adversary emulation in cloud environments.
Read more about Jason Ostrom - Slide 2 of 2
Jeroen Vandeleur
Jeroen is the security architecture team lead and incident manager at NVISO where he specializes in security architecture, cloud security, and continuous security monitoring.
Read more about Jeroen Vandeleur
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC598: Security Automation for Offense, Defense, and Cloud.
Section 1Security Automation Concepts
Section one lays the foundation for the remainder of the course by explaining overall security automation concepts and how they can be used within different environments and technology stacks. Concepts to be discussed include automation triggers, desired state configuration and security automation.
Topics covered
- Course Objective and Lab Environment Setup
- Security Automation Fundamentals
- Infrastructure as Code Principles
- Security Engineering CI/CD Approaches
Labs
- Red Team Exercise
- OS Hardening with Ansible
- Linking Triggers to Automation Scripting
- Define First Automation Playbook
Section 2Security Automation Engineering
Here we focus on infrastructure security task automation, exploring scripting, configuration management, and orchestration tools. Participants will learn PowerShell's role in desired state configuration, infrastructure as code strategies, and developing comprehensive incident handling playbooks.
Topics covered
- Security Hardening Techniques
- Configuration Management Tools
- Cloud Automation Strategies
- Python-Based Security Automation
- SOAR Playbook Development
Labs
- PowerShell OS Hardening
- Cloud Management via Terraform
- Deploying Firing Ranges
- Creating SOAR Playbooks
- IOC Malware Analysis Workflow
Section 3Security Automation in the Cloud
For section three we transition to cloud-native automation, providing in-depth exploration of cloud technologies for security automation. Emphasizes blueprinting, compliance validation, and automated remediation using real-world cloud misconfiguration scenarios.
Topics covered
- Cloud Platform Fundamentals
- Azure and AWS Automation
- Security Monitoring Triggers
- Cloud Policy and Compliance
- API Integration Strategies
Labs
- Detecting Exposed Servers with Cloud Policies
- Creating Automated Azure Actions
- Cloud-Native Incident Response
- Third-Party API Integration
Section 4Offensive Security Automation
In section four, we will use the automation techniques we learned in previous sections for offensive security automation activities. This section presents examples on how to automate offensive techniques used by real-world adversaries and goes on to explain how chaining attack techniques can be used to emulate these adversaries.
Topics covered
- Adversary Emulation Principles
- MITRE ATT&CK Framework
- Breach Simulation Strategies
- AI-Powered Cyberattack Techniques
- Chaos Engineering
Labs
- Configuring Adversary Emulation Tools
- Automating Adversary Techniques
- Conducting Breach Simulations
- Cloud Adversary Emulation
Section 5Defensive Security Automation
Section five focuses on defensive security controls and how we use automation to prevent, detect, and respond to security incidents. Students will gain an in-depth understanding of how attacks can be detected and how to enrich incidents to minimize false positives and automatically trigger responses.
Topics covered
- Defensive Security Automation Strategies
- Incident Response Workflow Optimization
- Playbook Development
- Adversary Detection Techniques
Labs
- Automated Incident Triage
- Incident Response Playbook Creation
- Advanced Threat Detection Automation
Section 6Security Automation Capstone
The last section involves our culminating competitive event, allowing participants to apply comprehensive course learnings through challenging, hands-on missions designed to validate and refine security automation skills.
Topics covered
- Advanced Security Control Application
- Detection Capability Refinement
- Automation Workflow Optimization
- Configuration Management
- Playbook Development
Things You Need To Know
Relevant Job Roles
Systems Administration (OPM 451)
NICE: Implementation and OperationResponsible for setting up and maintaining a system or specific components of a system in adherence with organizational security policies and procedures. Includes hardware and software installation, configuration, and updates; user account management; backup and recovery management; and security control implementation.
Explore learning pathSystems Security Analysis (OPM 461)
NICE: Implementation and OperationResponsible for developing and analyzing the integration, testing, operations, and maintenance of systems security. Prepares, performs, and manages the security aspects of implementing and operating a system.
Explore learning pathPurple Teamer
Offensive OperationsIn this fairly recent job position, you have a keen understanding of both how cybersecurity defenses (“Blue Team”) work and how adversaries operate (“Red Team”). During your day-today activities, you will organize and automate emulation of adversary techniques, highlight possible new log sources and use cases that help increase the detection coverage of the SOC, and propose security controls to improve resilience against the techniques. You will also work to help coordinate effective communication between traditional defensive and offensive roles.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchasing Options?Contact Us
OnDemand Bundle
When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.
SANS Skills Quest by NetWars Core Edition
Add 6 months of hands-on skills practice. Add to your cart when purchasing your course.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Jason OstromDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Jason OstromDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Virtual (live)
Instructed by Jeroen VandeleurDate & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxesEnrollment options - Location & instructor
Boston, MA, US & Virtual (live)
Instructed by Jason OstromDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Jason OstromDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Denver, CO, US & Virtual (live)
Instructed by Jason OstromDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Singapore, SG & Virtual (live)
Instructed by Jeroen VandeleurDate & TimeFetching schedule..View event detailsCourse price$8,900 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Orlando, FL, US & Virtual (live)
Instructed by Jason OstromDate & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes
Showing 8 of 10
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources