SEC557: SANS Cloud Security Amsterdam 2022

Provided by

Enquire about this course

What You Will Learn

Measure What Matters - Not What's Easy


Agile development, DevOps, cloud technologies, and virtualization have enabled organizations to build and deploy systems at a terrifyingly fast rate. The old and cumbersome manual ways to test security and compliance can't keep up. You need to understand and use the same tools and techniques that your developers and engineers are using, and you need to be able to generate results quickly and often - without slowing down your organization.

SEC557 uses the ELVis (Extract, Load, and VISualize) technique to help you gather and present useful security and compliance information to your organization. Students will learn how to use PowerShell scripting and automated tools to gather measurements from cloud service providers, operating systems, Active Directory, security tools, web APIs, and datacenter infrastructure. For some data, you'll prepare tactical visualizations on the fly by building spreadsheets, pivot tables, and graphs using scripts. Then import your data into the Graphite time-series database for strategic analysis and reporting. You'll also build Grafana dashboards for use by management, security, compliance, and operations staff.

This Course Will Prepare You To:
  • Turn policies and management requirements into visually presented security metrics
  • Reduce the time and effort required to gather and report on security and compliance data
  • Measure security and compliance in cloud and traditional infrastructure
  • Use PowerShell scripts and command-line tools to extract relevant data from cloud services
  • Gather information from web APIs and security tools
  • Extract information about virtualization infrastructure
  • Query data from fleets of heterogenous systems
  • Monitor servers and endpoints for proper configuration
  • Work with data formats commonly used by security tools, DevOps pipelines, and cloud services
  • Build tactical visual reports for use by operations staff and management
  • Manage and load time-series databases for tracking metrics over time
  • Build strategic dashboards for security and compliance
"The timing of the industry and the needs / demands are major reasons why one should take this class, as it relates to compliance, cyber audits, and supports senior management initiatives."- Diane D, US Gov


SEC557 focuses very heavily on hands-on activities, with as much as 50% of your day being spent at the keyboard. Lab activities for the course include:
  • Introduction to PowerShell
  • Using .NET objects in PowerShell
  • PowerShell date/time handling
  • Working with common data input/output formats: JSON, XML, CSV, HTML, spreadsheets
  • Data acquisition from Web APIs: REST and SOAP
  • Building Excel spreadsheets, pivot tables, and graphs with code
  • Configuring the Graphite time-series database (TSDB)
  • Importing data into Graphite
  • Managing data sources and building dashboards with Grafana
  • Extracting data from the Amazon Web Services (AWS) Command Line Interface (CLI)
  • Acquiring data from AWS security tools
  • Acquiring data from VMWare infrastructure
  • Electronic courseware and printed course books
  • Digital download package with a virtual machine

Cheat Sheet: Powershell for Enteprise and Cloud Compliance

3-Part webcast series: PowerShell for Audit, Compliance and Security Automation, and Visualization
  • Part 1: Introduction to Automation with PowerShell, January 2021
  • Part 2: Audit and Compliance Data Acquisition with PowerShell, January 2021
  • Part 3: Beyond CSVs - Visualization using PowerShell, Excel, and Grafana, January 2021
Corresponding 3-part blog series: PowerShell for Audit, Compliance and Security Automation and Visualization
  • Part 1 - The PowerShell Tools I Use for Audit and Compliance Measurement
  • Part 2 - Using the VMware PowerCLI Modules to Measure VMware Compliance
  • Part 3 - Accessing Web APIs with PowerShell

Depending on your current role or future plans, one of these courses is a great next step after SEC557.
  • MGT514: Security Strategic Planning, Policy, and Communication
  • MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
  • SEC566: Implementing and Auditing CIS Critical Controls


Start date Location / delivery
14 Mar 2022 Amsterdam Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...