SEC488: SANS 2022

Provided by

Enquire about this course

What You Will Learn

License to Learn Cloud Security

  • Navigate your organization through the security challenges and opportunities presented by cloud services
  • Identify the risks of the various services offered by cloud service providers (CSPs)
  • Select the appropriate security controls for a given cloud network security architecture
  • Evaluate CSPs based on their documentation, security controls, and audit reports
  • Confidently use the services of any of the leading CSPs
  • Articulate the business and security implications of multiple cloud providers
  • Secure, harden, and audit CSP environments
  • Protect the access keys and secrets used in cloud environments
  • Use application security tools and threat modeling to assess the security of cloud-based applications
  • Automatically create and provision patched and hardened virtual machine images
  • Deploy a complete "infrastructure as code" environment to multiple cloud providers
  • Leverage cloud logging capabilities to establish accountability for events that occur in the cloud environment
  • Detect and respond to security incidents in the cloud and take appropriate steps as a first responder
  • Perform a preliminary forensic file system analysis of compromised cloud resources

More businesses than ever are moving sensitive data and shifting mission-critical workloads to the cloud - and not just to one cloud service provider (CSP). Research shows that most enterprises have strategically decided to deploy a multicloud platform, including Amazon Web Services, Azure, Google Cloud, and others.

Organizations are responsible for securing their data and mission-critical applications in the cloud. The benefits in terms of cost and speed of leveraging a multicloud platform to develop and accelerate delivery of business applications and analyze customer data can quickly be reversed if security professionals are not properly trained to secure the organization's cloud environment and investigate and respond to the inevitable security breaches.

The SANS SEC488: Cloud Security Essentials course will prepare you to advise and speak about a wide range of topics and help your organization successfully navigate both the security challenges and opportunities presented by cloud services. Like foreign languages, cloud environments have similarities and differences, and SEC488 covers all of the major CSPs and thus all of the languages of cloud services.

We will begin by diving headfirst into one of the most crucial aspects of cloud - Identity and Access Management (IAM). From there, we'll move on to securing the cloud through discussion and practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models of: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

New technologies introduce new risks. This course will equip you to implement appropriate security controls in the cloud, often using automation to "inspect what you expect." Mature CSPs have created a variety of security services that can help customers use their products in a more secure manner, but nothing is a magic bullet. This course covers real-world lessons using security services created by the CSPs as well as open-source tools. As mentioned, each course book features hands-on lab exercises to help students hammer home the lessons learned. We progressively layer multiple security controls in order to end the course with a functional security architecture implemented in the cloud.

You Will Be Able To:
  • Identify the risks and risk control ownership based on the deployment models and service delivery models of the various products offered by cloud service providers (CSPs).
  • Evaluate the trustworthiness of CSPs based on their security documentation, service features, third-party attestations, and position in the global cloud ecosystem.
  • Create accounts and use the services of any one the leading CSPs and be comfortable with the self-service nature of the public cloud, including finding documentation, tutorials, pricing, and security features.
  • Articulate the business and security implications of a multicloud strategy.
  • Secure access to the consoles used to access the CSP environments.
  • Use command line interfaces to query assets and identities in the cloud environment.
  • Use hardening benchmarks, patching, and configuration management to achieve and maintain an engineered state of security for the cloud environment.
  • Evaluate the logging services of various CSPs and use those logs to provide the necessary accountability for events that occur in the cloud environment.
  • Configure the command line interface (CLI) and properly protect the access keys to minimize the risk of compromised credentials.
  • Use basic Bash and Python scripts to automate tasks in the cloud.
  • Implement network security controls that are native to both AWS and Azure.
  • Employ an architectural pattern to automatically create and provision patched and hardened virtual machine images to multiple AWS accounts.
  • Use Azure Security Center to audit the configuration in an Azure deployment and identify security issues.
  • Use Terraform to deploy a complete "infrastructure as code" environment to multiple cloud providers.
  • Leverage the Cloud Security Alliance Cloud Controls Matrix to select the appropriate security controls for a given cloud network security architecture and assess a CSP's implementation of those controls using audit reports and the CSP's shared responsibility model.
  • Follow the penetration testing guidelines put forth by AWS and Azure to invoke your "inner red teamer" to compromise a full stack cloud application
  • Use logs from cloud services and virtual machines hosted in the cloud to detect a security incident and take appropriate steps as a first responder according to a recommended incident response methodology.
  • Perform a preliminary forensic file system analysis of a compromised virtual machine to identify indicators of compromise and create a file system timeline.

SEC488: Cloud Security Essentials reinforces the training material via multiple hands-on labs in each section of the course. Every lab is designed to impart practical skills that students can bring back to their organizations and apply on the first day back in the office. The labs go beyond the step-by-step instructions providing the context of "why" the skill is important and instilling insights as to why the technology works the way it does.

Highlights of what students will learn in SEC488 labs include:
  • Leveraging the web consoles of AWS, Azure, and GCP to secure various cloud service offerings
  • Hardening and securing cloud environments and applications using open source security tools and services
  • Hardening, patching, and securing virtual machine images
  • Using the command line interface (CLI) and simple scripts to automate work
  • Preventing secrets leaking in code deployed to the cloud
  • Using logs and security services to detect malware on a cloud virtual machine and perform preliminary file-system forensics
  • Using Terraform to deploy a complete environment to multiple cloud providers
"Cloud Wars was a very fun challenge. Each section had a good test of knowledge questions." Evelyn Saucedo, USAA

Hands-On Training:
  • Deploying the SEC488, Inc. Environment
  • Securing Console Access
  • Preventing Leakage of Secrets
  • IAM Access Analyzer
  • Deploy and Harden Threat Intelligence Instance
  • Serverless Dynamic Application Security Testing (DAST)
  • Which Reality
  • Bucket Lock Down
  • Data at Rest Encryption
  • Data in Transit Encryption
  • Terraform Code Assessment
  • CASB Techniques
  • Restricting Network Access
  • Web Application Firewall (WAF)
  • Cloud Log Retrieval
  • Azure Security Center
  • Security Hub Compliance Assessment
  • Government Clouds
  • Multi-Cloud Penetration Testing
  • Multi-Cloud Forensics
  • SEC488 CloudWars Challenge
"The labs were great at reinforcing the concepts in the lecture." Chris M., US Government

  • MP3 audio files of the complete course lectures
  • Digital download package with supplementary content
  • Printed and Electronic courseware

Take your learning beyond the classroom. Explore and the SANS Cloud Security YouTube channel for a wide variety of cloud security-specific content.


SANS offers a wide variety of courses to take after SEC488, depending on your professional goals and direction. Please review our SANS Cloud Security Flight Plan for a full picture. Many students follow with one of the following courses:
  • SEC540: Cloud Security and DevOps Automation
  • SEC510: Multicloud Security Assessment and Defense


Start date Location / delivery
10 Apr 2022 Orlando Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...