SANS SEC540 - Cloud Security and DevOps Automation

SANS SEC540 - Cloud Security and DevOps Automation

Register & Get access to index

SEC540 provides security professionals with a methodology for securing modern Cloud and DevOps environments. Students learn how to implement over 20 DevSecOps Security Controls for building, testing, deploying, and monitoring cloud infrastructure and services. Immersive hand-on labs ensure students not only understand theory, but how to configure and implement each security control. By embracing the DevOps culture, you will walk away battle tested and ready to build to your organization's Cloud & DevOps Security program.

What You Will Learn
The Cloud Moves Fast. Automate to Keep Up.

SEC540 provides development, operations, and security professionals with a methodology to build and deliver secure infrastructure and software using DevOps and cloud services. Students will explore how DevOps principles, practices, and tools of DevOps can improve the reliability, integrity, and security of on-premise and cloud-hosted applications.

SEC540 examines the Secure DevOps methodology and its implementation using lessons from successful DevOps security programs. Students will gain hands-on experience using popular tools such as Jenkins, GitLab, Puppet, Vault, and Grafana to automate Configuration Management ("Infrastructure as Code"), Continuous Integration (CI), Continuous Delivery (CD), cloud infrastructure, containerization, micro-segmentation, Functions as a Service (FaaS), Compliance as Code, and Continuous Monitoring.

The lab environment starts with an on-premise CI/CD pipeline that automatically builds, tests, and deploys infrastructure and containerized applications. Leveraging the Secure DevOps toolchain, students perform a series of labs injecting security into the CI/CD pipeline using a variety of security tools, patterns, and techniques. After laying the DevSecOps foundation, students put their DevSecOps skills to work by deploying and managing a real-world cloud infrastructure. Hands-on exercises deploy containerized workloads in the cloud, integrate on-premise configuration management with Puppet, and manage secrets with HashiCorp Vault and Cloud Key Management Service (KMS). Students analyze and fix cloud infrastructure vulnerabilities, perform cloud-hosted application vulnerability scanning, and defend microservices using tools such as API Gateway and FaaS. Cloud security compliance tools help monitor the infrastructure using code-drive Web Application Firewall (WAF) services, continuous auditing with CloudMapper, and continuous monitoring with Cloud Custodian.

SEC540 Will Prepare You To:

Understand the Core Principles and Patterns behind DevOps​
  • Recognize how DevOps works and identify keys to success

Map and Implement a Continuous Delivery/Continuous Deployment Pipeline​
  • Utilize Continuous Integration, Continuous Delivery, and Continuous Deployment workflows, patterns, and tools
  • Identify the security risks and issues associated with DevOps and Continuous Delivery

Understand the DevSecOps Methodology and Workflow​
  • Use DevOps practices to secure DevOps tools and workflows
  • Conduct effective risk assessments and threat modeling in a rapidly changing environment
  • Design and write automated security tests and checks in CI/CD
  • Understand the strengths and weaknesses of different automated testing approaches in Continuous Delivery
  • Implement self-serve security services for developers
  • Inventory and patch your software dependencies
  • Threat model and secure your build and deployment environment

Integrate Security into Production Operations​
  • Automate configuration management using Infrastructure as Code
  • Secure container technologies (such as Docker and Kubernetes)
  • Build continuous monitoring feedback loops from production to engineering
  • Securely manage secrets for continuous integration servers and applications
  • Automate compliance and security policy scanning

Move Your DevOps Workloads to the Cloud​
  • Understand how to automate cloud architecture components
  • Use CloudFormation and Terraform to create Infrastructure as Code
  • Build CI/CD pipelines using Jenkins and CodePipeline
  • Wire security scanning into Jenkins and CodePipeline workflows
  • Containerize applications with Elastic Container Service and Azure Kubernetes Service
  • Integrate cloud logging and metrics with Grafana
  • Create Slack alerts from CloudWatch metrics
  • Manage secrets with Vault, KMS, and the SSM Parameter store

Consume Cloud Services to Secure Cloud Applications​
  • Protect static content with CloudFront Signatures
  • Leverage Elastic Container Service for blue/green deployments
  • Secure REST APIs with API Gateway
  • Implement an API Gateway custom authorization Lambda function
  • Deploy the AWS WAF and build custom WAF rules
  • Perform continuous compliance scans with CloudMapper
  • Enforce cloud configuration policies with Cloud Custodian

SEC540 goes well beyond traditional lectures and immerses students in hands-on application of techniques during each section of the course. Each lab includes a step-by-step guide to learning and applying hands-on techniques, as well as a "no hints" approach for students who want to stretch their skills and see how far they can get without following the guide. This allows students, regardless of background, to choose a level of difficulty they feel is best suited for them - always with a frustration-free fallback path.

SEC540 also offers students an opportunity to participate in NetWars Bonus Challenges each day. The gamified environment allows students to compete against each other in a race to win the SEC540 challenge coin, while also providing more hands-on experience with the cloud and DevOps toolchain.​
First release
Last update
1.00 star(s) 1 ratings

More resources from TUTProfessor

Latest reviews

Link is dead