SEC510: Cyber Security Training at SANSFIRE Washington, DC 2025
Provided by SANS
What You Will Learn
Prevent real attacks with controls that matter
Protecting multicloud environments is challenging; Default security controls often fall short, and controls that work in one of the Big Three CSPs may not work in the others. Rather than focusing solely on compliance, organizations should prioritize attack driven controls to safeguard their most critical Cloud assets.
Whether an application is developed in-house or by a third party, accepting the inevitability of application flaws is key for implementing successful cloud security controls. While few cybersecurity professionals can fix vulnerable code, it's often easier to apply secure cloud configurations to mitigate these risks. Relying solely on CSP defaults and documentation is insufficient. SEC510 reveals numerous instances of incorrect, incomplete, or contradictory CSP controls. Additionally, if there is a zero-day vulnerability in a cloud service used by your organization, you must brace for that impact by controlling what you can.
While standards and frameworks, such as the MITRE ATT&CK Cloud Matrix, the Center for Internet Security (CIS) Cloud Provider Benchmarks, and the Cyber Defense Matrix, are helpful tools of the trade, they still have limits. That's why SEC510 goes beyond them to teach the techniques necessary to protect what matters to your organization. Mitigate the risk of common cloud mistakes with cloud security controls that matter and reduce your attack surface by eliminating misconfigurations.
"The course provided so much information and details about common security misconfigurations and mistakes in the cloud that one would not believe fit into the week. Very comprehensive, but the scary thing is that it feels like it is barely scratching the surface! Awesome job by the course authors." - Petr Sidopulos
What are Cloud Security Controls?
Cloud security controls are options provided by cloud service providers to limit exposure of cloud assets. Each CSP provides default controls that are often insecure, failing to consider the business case and needs of each customer. For secure cloud configuration that truly prevents real risk, the cloud security controls must be implemented based on business strategy, goals, and requirements by a professional who understands the nuances of various CSPs.
Business Benefits
SEC510: Cloud Security Controls and Mitigations reinforces all the concepts discussed in the lectures through hands-on labs in real cloud environments. Each lab includes a step-by-step guide as well as a "no hints" option for students who want to test their skills without assistance. This allows students to choose the level of difficulty that is best for them and fall back to the step-by-step guide as needed. Students can continue to use the lab instructions, application code, and IaC after the course concludes. With this, they can repeat every lab exercise in their own cloud environments as many times as they like.
SEC510 also offers students an opportunity to participate in Bonus Challenges each day in a gamified environment, while also providing more hands-on experience with the Big 3 CSPs and relevant utilities. Can you win the SEC510 Challenge Coin?
"This course is a MUST for anyone in this industry. I realized things in the cloud were (potentially) disastrous, but this has opened my eyes to how bad it really is. I already filed like 5 helpdesk tickets for my staff to get things fixed - Anita Simoni, County of Monterey ITD
"The exercises exceeded my expectations. They are practical implementations of the information learned in each section, build on each other, and provide a seamless way to validate your knowledge and learn the intricacies of the issues." - David Wayland
Syllabus Summary
SANS offers several courses that are excellent compliments to SEC510 depending on your job role:
Security Engineer
Prevent real attacks with controls that matter
Protecting multicloud environments is challenging; Default security controls often fall short, and controls that work in one of the Big Three CSPs may not work in the others. Rather than focusing solely on compliance, organizations should prioritize attack driven controls to safeguard their most critical Cloud assets.
Whether an application is developed in-house or by a third party, accepting the inevitability of application flaws is key for implementing successful cloud security controls. While few cybersecurity professionals can fix vulnerable code, it's often easier to apply secure cloud configurations to mitigate these risks. Relying solely on CSP defaults and documentation is insufficient. SEC510 reveals numerous instances of incorrect, incomplete, or contradictory CSP controls. Additionally, if there is a zero-day vulnerability in a cloud service used by your organization, you must brace for that impact by controlling what you can.
While standards and frameworks, such as the MITRE ATT&CK Cloud Matrix, the Center for Internet Security (CIS) Cloud Provider Benchmarks, and the Cyber Defense Matrix, are helpful tools of the trade, they still have limits. That's why SEC510 goes beyond them to teach the techniques necessary to protect what matters to your organization. Mitigate the risk of common cloud mistakes with cloud security controls that matter and reduce your attack surface by eliminating misconfigurations.
"The course provided so much information and details about common security misconfigurations and mistakes in the cloud that one would not believe fit into the week. Very comprehensive, but the scary thing is that it feels like it is barely scratching the surface! Awesome job by the course authors." - Petr Sidopulos
What are Cloud Security Controls?
Cloud security controls are options provided by cloud service providers to limit exposure of cloud assets. Each CSP provides default controls that are often insecure, failing to consider the business case and needs of each customer. For secure cloud configuration that truly prevents real risk, the cloud security controls must be implemented based on business strategy, goals, and requirements by a professional who understands the nuances of various CSPs.
Business Benefits
- Reduce the attack surface of your organization's cloud environments
- Prevent incidents from becoming breaches through defense in-depth
- Control the confidentiality, integrity, and availability of data in the Big 3 CSPs
- Increase use of secure automation to keep up with the speed of today's business environment
- Resolve unintentional access to sensitive cloud assets
- Reduce the risk of ransomware impacting your organization's cloud data
- Make informed decisions in the Big 3 cloud service providers by understanding the inner workings of each of their Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) offerings
- Implement secure Identity and Access Management (IAM) with multiple layers of defense-in-depth
- Build and secure multi cloud networks with segmentation and access control
- Encrypt data at rest and in-transit throughout each cloud
- Control the confidentiality, integrity, and availability of data in each cloud storage service
- Support non-traditional computing platforms like serverless Functions as a Service (FaaS)
- Integrate each cloud provider with one another without the use of long-lived credentials
- Automate security and compliance checks using cloud-native platforms
- Quickly adopt third-party cloud vendors while minimizing the risk introduced by granting them access to cloud resources
- Guide engineering teams in enforcing security controls using Terraform and Infrastructure-as-Code (IaC)
SEC510: Cloud Security Controls and Mitigations reinforces all the concepts discussed in the lectures through hands-on labs in real cloud environments. Each lab includes a step-by-step guide as well as a "no hints" option for students who want to test their skills without assistance. This allows students to choose the level of difficulty that is best for them and fall back to the step-by-step guide as needed. Students can continue to use the lab instructions, application code, and IaC after the course concludes. With this, they can repeat every lab exercise in their own cloud environments as many times as they like.
SEC510 also offers students an opportunity to participate in Bonus Challenges each day in a gamified environment, while also providing more hands-on experience with the Big 3 CSPs and relevant utilities. Can you win the SEC510 Challenge Coin?
- Section 1: IAM Fundamentals, Virtual Machine Credential Exposure, Broken Access Control and Policy Analysis, IAM Privilege Escalation, Bonus Challenges Section 1
- Section 2: Control Ingress Traffic, Protecting Public Virtual Machines, Control Egress Traffic with Private Endpoints, Remote Code Execution via Private Endpoint Abuse, Bonus Challenges Section 2
- Section 3: Detect and Prevent Improper Key Usage, "Encrypt all the Things!", Recover From Ransomeware, Sensitive Data Detection and Exfiltration, Bonus Challenges Section 3
- Section 4: Serverless Prey, Hardening Serverless Functions, Using and Exploiting CIAM, Broken Firebase Database Access Control, Bonus Challenges Section 4
- Section 5: Secure Multicloud Integration, Automated Benchmarking, Prevent Cross-Cloud Confused Deputy, Bonus Challenges Section 5
"This course is a MUST for anyone in this industry. I realized things in the cloud were (potentially) disastrous, but this has opened my eyes to how bad it really is. I already filed like 5 helpdesk tickets for my staff to get things fixed - Anita Simoni, County of Monterey ITD
"The exercises exceeded my expectations. They are practical implementations of the information learned in each section, build on each other, and provide a seamless way to validate your knowledge and learn the intricacies of the issues." - David Wayland
Syllabus Summary
- Section 1 - Securely Use Cloud IAM and Defending IAM Credentials
- Section 2 - Restrict Infrastructure and Data Access to Private Cloud Networks, Protect Public Virtual Machines, Use Secure Remote Access Capabilities, Prevent Remote Code Execution, and Enable Traffic Monitoring Capabilities
- Section 3 - Manage Cryptographic Keys, Apply Encryption at Rest and In-Transit Across Cloud Services, Prevent Ransomware in Cloud Storage Services, Prevent Data Exfiltration, and Detect Sensitive Data in the Clouds
- Section 4 - Secure Applications Running on Serverless FaaS, Protect Cloud Customer Identity and Access Management (CIAM) Platforms, Manage Application Consumer Identities, and Mitigate Security Issues in Firebase (a Suite of Services Acquired by and Integrated with Google Cloud)
- Section 5 - Securely Authenticate Clouds to One Another, Automate Misconfiguration Benchmarking, and Mitigate Risks from Integrating with Cloud Vendors, including Cloud Security Posture Management (CSPM) Platforms.
- Cloud Vendor Integrations Gone Wrong, Blog
- Aviata Cloud Chapter 2: Prevent Remote Code Execution with Private Endpoints, Workshop, May 2024
- Secure Service Configuration Poster Resource Demo
- Secure Service Configuration: AWS, Azure, & GCP, Poster
- Multicloud Command-Line Interface, Cheat Sheet
- Cloud Vendor Integrations Gone Wrong, Blog, August 2024
- Cloud Agnostic or Devout? Why Securing Multiple Clouds Using Terraform is Harder Than You Think, Blog, April 2023
- Destroying Long-Lived Credentials with Workload Identity Federation, RSA, April 2023
- Printed and Electronic courseware
- MP3 audio files of the course
- Access to the SANS Cloud Security Flight Simulator
- Thousands of lines of IaC and secure configurations for each cloud platform that you can use in your organization
SANS offers several courses that are excellent compliments to SEC510 depending on your job role:
Security Engineer
- SEC540: Cloud Security and DevSecOps Automation
- SEC522: Application Security: Securing Web Apps, APIs, and Microservices
- SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection
Enquire
Start date | Location / delivery | |
---|---|---|
14 Jul 2025 | Washington | Book now |