SEC510: SANS Amsterdam August 2024

Provided by

Enquire about this course

What You Will Learn
Prevent real attacks with controls that matter

Protecting multicloud environments is hard. Default controls are insecure more often than not. A security control that works in one of the Big 3 CSPs may not work the same in another. Many cloud security controls are focused on compliance rather than being derived from real attack case studies. Attack-driven controls are necessary to protect an organization's most important cloud-based assets.

Accepting the inevitability of application flaws, whether the application is developed in-house or by a third-party, is fundamental for successful cloud security controls. Not many cybersecurity professionals can fix vulnerable application code. Thankfully, it is typically easier to apply secure cloud configuration to mitigate the impact of these vulnerabilities. Relying on the CSP's security defaults and documentation is insufficient. SEC510 exposes many examples of incorrect, incomplete, or contradictory CSP controls. Additionally, if there is a zero-day vulnerability in a cloud service used by your organization, you must brace for that impact by controlling what you can.

SEC510 leverages standards and frameworks where useful, such as the MITRE ATT&CK Cloud Matrix, the Center for Internet Security (CIS) Cloud Provider Benchmarks, and the Cyber Defense Matrix. These tools have limits, and SEC510 goes beyond them to teach the techniques needed to protect what matters to the organization. Mitigate the risk of common cloud mistakes with cloud security controls that matter and reduce your attack surface by eliminating misconfigurations.

"The course provided so much information and details about common security misconfigurations and mistakes in the cloud that one would not believe fit into the week. Very comprehensive, but the scary thing is that it feels like it is barely scratching the surface! Awesome job by the course authors." - Petr Sidopulos
Business Benefits
  • Reduce the attack surface of your organization's cloud environments
  • Prevent incidents from becoming breaches through defense in-depth
  • Control the confidentiality, integrity, and availability of data in the Big 3 CSPs
  • Increase use of secure automation to keep up with the speed of today's business environment
  • Resolve all unintentional access to business sensitive cloud assets
Skills Learned
  • Make informed decisions in the Big 3 cloud service providers by understanding the inner workings of each of their Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) offerings
  • Implement secure Identity and Access Management (IAM) with multiple layers of defense-in-depth
  • Build and secure multi cloud networks with segmentation and access control
  • Encrypt data at rest and in-transit throughout each cloud
  • Control the confidentiality, integrity, and availability of data in each cloud storage service
  • Support non-traditional computing platforms like Application Services and serverless Functions as a Service (FaaS)
  • Integrate each cloud provider with one another without the use of long-lived credentials
  • Automate security and compliance checks using cloud-native platforms
  • Guide engineering teams in enforcing security controls using Terraform and Infrastructure-as-Code (IaC)
What Are Cloud Security Controls?

Cloud security controls are options provided by cloud service providers to limit exposure of cloud assets. Each CSP provides default controls that are often insecure, failing to consider the business case and needs of each customer. For secure cloud configuration that truly prevents real risk, the cloud security controls must be implemented based on business strategy, goals, and requirements by a professional who understands the nuances of various CSPs.
Hands-On Cloud Security Controls and Mitigation Training

SEC510: Cloud Security Controls and Mitigations reinforces all the concepts discussed in the lectures through hands-on labs in real cloud environments. Each lab includes a step-by-step guide as well as a "no hints" option for students who want to test their skills without assistance. This allows students to choose the level of difficulty that is best for them and fall back to the step-by-step guide as needed. Students can continue to use the lab instructions, application code, and IaC after the course concludes. With this, they can repeat every lab exercise in their own cloud environments as many times as they like.

SEC510 also offers students an opportunity to participate in Bonus Challenges each day in a gamified environment, while also providing more hands-on experience with the Big 3 CSPs and relevant utilities. Can you win the SEC510 Challenge Coin?
  • Section 1: VM Credential Exposure, Hardening AWS IAM Policies, Hardening Azure and GCP Policies, Advanced IAM features, Bonus Challenges Section 1
  • Section 2: Network Lockdown, Analyzing Network Traffic, Private Endpoint Security, Cloud VPN and Managed SSH, Bonus Challenges Section 2
  • Section 3: Audit Decryption Events, "Encrypt all the Things!", Storage Service Lockdown, Sensitive Data Detection and Exfiltration, Bonus Challenges Section 3
  • Section 4: App Service Security, Serverless Prey, Hardening Serverless Functions, Login with the Microsoft Identity Platform, Broken Firebase Database Access Control, Bonus Challenges Section 4
  • Section 5: Secure Multicloud Integration, Automated Benchmarking, Microsoft Defender and Multicloud, Bonus Challenge Finale, Lab Teardown, Bonus Challenges Section 5
"Excellent course and instruction by Brandon! Last month I took a course by one of the three big providers and almost everyday was a sales pitch for the first couple hours in it. That course also was geared towards clicking around in the console versus utilizing command line and terraform which was really cool." - Philip B, US Military

"Labs are amazing, they cover all the content we review over the lecture." - Enrique Gamboa, ALG

"Labs are insane. Such a great setup. I'm learning a ton and plus will be able to build upon this great foundation." - Kevin Sahota, 604 Security

"The exercises exceeded my expectations. They are practical implementations of the information learned in each section, build on each other, and provide a seamless way to validate your knowledge and learn the intricacies of the issues." - David Wayland
Syllabus Summary
  • Section 1 - Securely Use Cloud IAM and Defending IAM Credentials
  • Section 2 - Restrict Infrastructure and Data Access to Private Cloud Networks, Monitor for Suspicious Network Traffic, and Use Secure Remote Access Capabilities
  • Section 3 - Manage Cryptographic Keys, Apply Encryption at Rest and In-Transit Across Cloud Services, Protect Data in Cloud Storage Services, Audit Encryption Key and Storage Access, and Detect Sensitive Data in the Clouds
  • Section 4 - Secure the Cloud Compute Services that Run Applications Including Serverless FaaS, Manage Application Consumer Identities, and Analyze Firebase (a Suite of Services Acquired by and Integrated with Google Cloud)
  • Section 5 - Authenticate Clouds to One Another and Automate Misconfiguration Benchmarking
Additional Free Resources
  • Secure Service Configuration Poster Resource Demo
  • Secure Service Configuration: AWS, Azure, & GCP, Poster
  • Multicloud Survey: Navigating the Complexities of Multiple Clouds, Blog, Webcast, Whitepaper
  • Multicloud Command-Line Interface, Cheat Sheet
  • Cloud Agnostic or Devout, Blog, April 2023
  • Destroying Long-Lived Credentials with Workload Identity Federation, RSA, April 2023
What You Will Receive
  • Printed and Electronic courseware
  • MP3 audio files of the course
  • Access to the SANS Cloud Security Flight Simulator
  • Thousands of lines of IaC and secure configurations for each cloud platform that you can use in your organization
What Comes Next?

SANS offers several courses that are excellent compliments to SEC510 depending on your job role:

Security Engineer
  • SEC540: Cloud Security and DevSecOps Automation
  • SEC522: Application Security: Securing Web Apps, APIs, and Microservices
Security Analyst
  • SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
Learn more about our job role-based training journeys at
Notice to Students

Please plan to arrive 30 minutes early before your first session for lab preparation and set-up. During this time, students can confirm that their cloud accounts are properly provisioned and connect to the Cloud Security Flight Simulator. For live classes (online or in-person), the instructor will be available to assist students with set-up 30 minutes prior to the course start time. The lecture will begin at the scheduled course start time.


Start date Location / delivery
19 Aug 2024 Amsterdam Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...