SEC557: SANS Cyber Security Central: Nov 2022

Provided by

Enquire about this course

What You Will Learn

Measure what matters, not what's easy.

Students learn how to measure and visualize security data using the same tools that developers and engineers are using, as well as how to extract, load, and visualize data from cloud services, on-premise systems, and security tools. The course includes PowerShell scripting, automation, time-series databases, dashboard software, and even spreadsheets to present management with the strategic information it needs and to facilitate the work of your operations staff with sound tactical data.

SEC557 uses the ELVis (Extract, Load, and VISualize) technique to help you gather and present useful security and compliance information to your organization. Students will learn how to use PowerShell scripting and automated tools to gather measurements from cloud service providers, operating systems, Active Directory, security tools, web APIs, and datacenter infrastructure. For some data, you'll prepare tactical visualizations on the fly by building spreadsheets, pivot tables, and graphs using scripts. Then import your data into the Graphite time-series database for strategic analysis and reporting. You'll also build Grafana dashboards for use by management, security, compliance, and operations staff.

  • Measure and report on compliance across the enterprise
  • Visualize data for rapid absorption and decision making
  • Supply appropriate data at the tactical and strategic levels
  • Turn management requirements into actionable data
  • Use the tools you already own to report on compliance
  • Turn policies and management requirements into visually presented security metrics
  • Reduce the time and effort required to gather and report on security and compliance data
  • Measure security and compliance in cloud and traditional infrastructure
  • Use PowerShell scripts and command-line tools to extract relevant data from cloud services
  • Gather information from web APIs and security tools
  • Extract information about virtualization infrastructure
  • Query data from fleets of heterogenous systems
  • Monitor servers and endpoints for proper configuration
  • Work with data formats commonly used by security tools, DevOps pipelines, and cloud services
  • Build tactical visual reports for use by operations staff and management
  • Manage and load time-series databases for tracking metrics over time
  • Build strategic dashboards for security and compliance
"The timing of the industry and the needs / demands are major reasons why one should take this class, as it relates to compliance, cyber audits, and supports senior management initiatives."- Diane D, US Gov


SEC557 focuses very heavily on hands-on activities, with as much as 50% of your day being spent at the keyboard. Students gather compliance data from remote AWS and Azure lab environments and from common on-premise systems, including Windows, Linux and VMWare hosts. Tools used to extract data include PowerShell, Pester, Inspec, SOAP and REST APIs, FleetDM, OSQuery, PowerCLI and Bash commands. Measurement data is loaded into a Graphite time-series database (TSDB), and then visualized in multiple Grafana dashboards. Lab activities for the course include:
  • Section 1: PowerShell fundamentals, Working with the .NET framework, Reading and writing JSON, XML, HTML, and CSV data, Using spreadsheets as data sources and as visualization tools, Configuring Graphite and loading data, Adding Grafana data sources and building dashboards
  • Section2: Consuming web APIs, Verifying Docker security, Using static analysis tools for security testing, Gathering inventory information using the AWS CLI, Assessing identity and access management (IAM) roles and user settings, Verifying AWS security settings, Validating the security of infrastructure as code deployments
  • Section 3: Querying Windows settings, Extracting data from Active Directory, Compliance testing with Pester, VMware infrastructure testing, Querying Linux/Unix, Monitoring patch velocity on Windows and Unix systems
  • Section 4: Gathering inventory information using the AWS CLI and PowerShell, Assessing IAM roles and user settings, Verifying logging settings, Checking for proper resource access control, Auditing network security settings, Validating security of infrastructure as code deployments
  • Section 5: Azure benchmark compliance, Azure AD measurement, Verifying Docker security, Static analysis tools, Alternative visualization tools: ImportExcel XYZ
"The lab exercises are very beneficial for me to work through/learn new processes to be able to deliver relevant data at work." - Andrea M., Law Enforcement

"Love the labs and hands on experience." - Spencer Tani, BCBSLA

"Enjoyed the ability to interact with different types of data sources." - Joe Cecconie, Costco

"Labs reinforced the learned material, so great content overall." - Dmitry Tochilovsky, NTT Data

  • Section 1: All about the modern compliance landscape and the tools to make it easier to navigate
  • Section 2: How to gather and visualize the structured data needed for compliance measurements
  • Section 3: Measure and visualize compliance of OS and virtualization platforms
  • Section 4: Understand cloud compliance issues and report on AWS compliance
  • Section 5: Extend your knowledge to Azure and Google Cloud and DevOps technology

Cheat Sheet: Powershell for Enterprise and Cloud Compliance

3-Part webcast series: PowerShell for Audit, Compliance and Security Automation, and Visualization, Jan 2021
  • Part 1: Introduction to Automation with PowerShell
  • Part 2: Audit and Compliance Data Acquisition with PowerShell
  • Part 3: Beyond CSVs - Visualization using PowerShell, Excel, and Grafana
Corresponding 3-part blog series: PowerShell for Audit, Compliance and Security Automation and Visualization, Jan 2021
  • Part 1 - The PowerShell Tools I Use for Audit and Compliance Measurement
  • Part 2 - Using the VMware PowerCLI Modules to Measure VMware Compliance
  • Part 3 - Accessing Web APIs with PowerShell
  • Printed and electronic courseware
  • Windows 10 Enterprise virtual machine with tools already installed
  • Ubuntu server virtual machine with Graphite, Grafana and FleetDM installed
  • Target virtual machines for Windows and VMWare measurements
  • MP3 audio files of the complete course lecture
  • Exercise workbook with over 25 lab exercises

Depending on your current role or future plans, one of these courses is a great next step after SEC557.
  • MGT514: Security Strategic Planning, Policy, and Communication
  • MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
  • SEC566: Implementing and Auditing CIS Critical Controls


Start date Location / delivery
28 Nov 2022 Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...