SEC595: SANS Munich October 2024

Provided by

Enquire about this course

What You Will Learn
Harness Data Science and AI for Advanced Cybersecurity Threat Hunting Solutions

Data Science, Artificial Intelligence, and Machine Learning aren't just the current buzzwords, they are fast becoming one of the primary tools in our information security arsenal. The problem is that, unless you have a degree in mathematics or data science, you're likely at the mercy of the vendors. This course completely demystifies machine learning and data science. More than 70% of the time in class is spent solving machine learning and data science problems hands-on rather than just talking about them. You will leave the class not only understanding how these tools and techniques work, but understanding how to think about your data, making it into something that you can apply machine learning and AI techniques to.

Unlike other courses in this space, this course is squarely centered on solving information security problems - in other words, applied rather than theoretical. Where other courses tend to be at the extremes, teaching almost all theory or solving trivial problems that don't translate into the real world, this course strikes a balance. While this course will cover necessary mathematics, we cover only the theory and fundamentals you absolutely must know, and only so as to allow you to understand and apply the machine learning tools and techniques effectively. We show you how the math works but don't expect you to do it. The course progressively introduces and applies various statistic, probabilistic, or mathematic tools (in their applied form), allowing you to leave with the ability to use those tools and to be able to troubleshoot your results since you have developed strong intuitions about the underlying mathematics. The hands-on projects covered were selected to provide you a broad base from which to build your own machine learning solutions. If you want or need to know how AI tools like ChatGPT really work so that you can intelligently discuss their potential uses in your organization, in addition to knowing how to build effective solutions to solve real cybersecurity problems using machine learning and AI today, this is the class you need to take. Check out the extensive course description below for a detailed run down of course content and don't miss the free demo available by clicking the "Course Demo" button above!

NOTE: All the concepts in this course are discussed using Python examples. You should have an intermediate understanding of the Python language! There is no need to be a Python expert. If you have successfully written at least a handful of Python scripts, your Python knowledge is likely sufficient. We will review key Python data structures in class in the first section of the course. If you need assistance determining if your Python knowledge is sufficient, please contact us for more information.

This course is for cybersecurity professionals who are seeking to add machine learning, data science, and artificial intelligence skills to their repertoire. This course is also very useful for individuals with a data science background who are seeking to understand how to use cybersecurity data in meaningful ways for threat hunting, anomaly detection, and monitoring. Intermediate Python fluency is important. Pre-calculus mathematics skills are important, but not required.

"The course content's design is superb in my opinion. It begins by covering the fundamentals of data extraction from diverse sources using Python, followed by a dive into the basics of statistics. From there, it delves into ML models and DNNs. I appreciate the thoughtfulness behind this progression." -Viswanath Chirravuri, Thales
What Is Machine Learning?

Machine Learning is a branch of artificial intelligence that enables systems to learn and improve from experience without being explicitly programmed. It involves the development of algorithms that can analyze and make predictions or decisions based on data. This technology is fundamental in creating applications that adapt and become more accurate over time, revolutionizing industries by automating complex tasks and unlocking new insights from data.
Business Takeaways

This course will help your organization:
  • Generate useful visualization dashboards
  • Solve problems with Neural networks
  • Improve the effectiveness, efficiency, and success of cybersecurity initiatives
  • Build custom machine learning solutions for your organization's specific needs
  • This course prepares you for the GMLE certification
Skills Learned
  • Apply statistical models to real world problems in meaningful ways
  • Generate visualizations of your data
  • Perform mathematics-based threat hunting on your network
  • Convert the data you have into representations to which ML/AI techniques can be applied
  • Understand and apply unsupervised learning/clustering methods
  • Build Deep Learning Neural Networks
  • Build and understand Convolutional Neural Networks
  • Understand how to build representative synthetic data
  • Understand and build Genetic Search Algorithms
  • Understand the fundamentals of containerized deployment
Major Topics Covered Include
  • Data acquisition from SQL, NoSQL document stores, web scraping, and other common sources
  • Data exploration and visualization
  • Descriptive statistics
  • Inferential statistics and probability
  • Bayesian inference
  • Unsupervised learning and clustering
  • Deep learning neural networks
  • Autoencoders
  • Anomaly detection with neural networks
  • Loss fuctions
  • Convolutional networks
  • Embedding layers
  • Practical containerized deployment
Hands-On Machine Learning Training

The hands-on portion of SEC595 and especially suited to the student with a data science background who are seeking to understand how to use cybersecurity data in meaningful ways for threat hunting, anomaly detection, and monitoring. The course includes 30 hands-on labs and over 70% of the class is spent solving machine learning and data science problems hands-on.
  • Section 1: Python Refresher; Accessing, Manipulating, and Retrieving SQL Data; Accessing, Manipulating, and Retrieving NoSQL data: MongoDB; Webscraping for data acquisition
  • Section 2: Statistics Fundamentals: Medians and Means; Statistics Fundamentals: Variance, Deviations, and Robust Measures; Applications of Statistics to Data Identification; Probability, Beyes, and Phishing; Threat Hunting through Signals Analysis
  • Section 3: K-Means/KNN; Elbow Functions and PCA; DNSCAN for Clustering; Support Vector Classifiers; Support Vector Machines; Decision Trees; Random Forests
  • Section 4: Polyfit Regressions; Hello, World! Sentiment Analysis; Ham vs. Spam via Deep Learning; Identifying Protocols; Protocol Anomaly Detection
  • Section 5: Predictive Malware Identification -- Finding Zero Days; Ham vs. Spam, CNN Style; Multi-class text classifications via CNNs; Log Anomaly Detection using Autoencoders; Real-time Network Anomalies
  • Section 6: Solving CAPTCHAs: POC; Solving CAPTCHAs: Functional API; Solving Algorithms
"Labs and exercises have been very helpful, going over them a second time is helping to reinforce what I've learned this week, and to put it all in better context." - Blake Hickson

"The labs gave me the opportunity to use theory that we were taught during the training and gain some hands on experience." - Vasiliki Politopoulou

"SANS SEC595 emphasizes practical, hands allows participants get to work with Python scripts and tools to automate various aspects of information security. This approach ensures that students can apply what they learn immediately in their work." - Louis Valencia, US Government
Syllabus Summary
  • Section 1: Data Acquisition, Cleaning, and Manipulation
  • Section 2: Data Exploration and Statistics
  • Section 3: Essentials of Machine Learning: Trees, Forests, & K-Means
  • Section 4: Essentials of Machine Learning: Deep Learning
  • Section 5: Essentials of Machine Learning: Autoencoders
  • Section 6: Essentials of Machine Learning: Functional Models and Deployment
Additional Free Resources
  • Anaconda
  • TensorFlow (and supporting libraries)
  • Matploitb
  • VMWare Workstation/Player/Fusion
What You Will Receive
  • Jupyter notebooks of all labs and complete solutions
  • Sample data for real-world cybersecurity problems


Start date Location / delivery
14 Oct 2024 Munich Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...