sans.org/sec540 • Watch a preview of this course • Discover how to take this course: Online, In-Person SEC540: Cloud Security and DevSecOps Automation The Cloud Moves Fast. Automate to Keep Up. Common security challenges for organizations struggling with the DevOps culture include issues such as: • Malicious code, credential theft, and compromised extensions from improperly protected continuous integration and delivery pipelines. • Unenforced peer code reviews and security approvals that do not meet change approval and audit requirements • False positives, noise, and build failures from incorrectly automated security scanners • Configuration drift between environments, resource misconfigurations, and public data exposure from insufficiently managed cloud infrastructure • Failure to standardize golden virtual machine and container base images across the organization • Ignoring software supply chain vulnerabilities inherited from malicious libraries, third-party software, and compromised build artifacts • Operating Kubernetes services without policies that prevent lateral movement between workloads, reduce pod permissions, and monitor cluster activity • Failing to release patches and close vulnerability windows due to code freezes and failed deployments • Lacking inventory and visibility between microservices and serverless systems Security teams can help organizations prevent these issues by developing a DevOps mindset and learning to apply cloud native security controls. This course provides development, operations, and security professionals with a deep understanding of and hands-on experience with the DevOps methodology used to build and deliver cloud native infrastructure and software. Students learn how to attack and then harden the entire DevOps workflow, from version control to continuous integration and running cloud native workloads. Each step of the way, students explore the security controls, configuration, and policies required to improve the reliability, integrity, and security of on-premises and cloud-hosted systems. Students learn how to implement more than 20 DevSecOps security controls to build, test, deploy, harden, and monitor cloud native infrastructure and services. Business Takeaways • Build a modern security team that understands cloud native security and DevSecOps workflows • Partner with DevOps and engineering teams to inject security into automated pipelines and earlier into the development process • Leverage cloud native services to deploy, harden, and monitor software products • Ensure your organization is ready to refactor, revise, and rebuild products during their cloud migration • Use cloud monitoring and event triggered automation to improve security capabilities and respond to risk effectively You Will Be Able To • Understand how DevOps works and identify keys to success • Wire security scanning into automated CI/CD pipelines and workflows • Parse security scanning results and display the data on CI/CD dashboards • Manage secrets for CI/CD servers and cloud native applications • Automate configuration management using Infrastructure as Code (IaC) • Build, harden, and publish golden virtual machine images using CI/CD workflows • Operate and secure container technologies using Docker and Kubernetes • Manage the software supply chain using software provenance, attestations, artifact signing, software bill of materials (SBOM), and SBOM vulnerability scanning. • Harden Kubernetes clusters with workload identity and admission control • Monitor Kubernetes audit logs using cloud logging and monitoring services • Deploy patches using cloud and Kubernetes blue / green deployments • Refactor systems to take advantage of microservice and serverless architectures • Automate cloud compliance and security policy guardrails and auto- remediation playbook Hands-On Training SEC540 goes well beyond traditional lectures and immerses students in hands-on application of techniques during each section of the course. Each lab includes a step-by-step guide to learning and applying hands-on techniques, as well as a “no hints” approach for students who want to stretch their skills and see how far they can get without following the guide. This allows students, regardless of background, to choose the level of difficulty they feel is best suited for them – always with a frustration-free fallback path. Immersive hand-on labs ensure that students not only understand theory, but how to configure and implement each security control. The SEC540 lab environment simulates a real-world DevOps environment, with more than 10 automated pipelines responsible for building DevOps container images, cloud infrastructure, automating gold image creation, orchestrating Kubernetes workloads, executing security scans, and enforcing compliance standards. Students are challenged to sharpen their technical skills and automate more than 20 security-focused challenges using a variety of command line tools, programming languages, and markup templates. The SEC540 course labs come in both AWS and Azure versions. Students will choose one cloud provider at the beginning of class to use for the duration of the course. Both options leverage Terraform for Infrastructure as Code (IaC) and the cloud provider’s managed Kubernetes for container orchestration. Students are welcome to do labs for the aternate cloud provider on their own time once they finish the first set of labs. For students who want an extra challenge, 2 hours of CloudWars Bonus Challenges are available during extended hours each day. These CloudWars challenges provide additional opportunities for hands-on experience with the cloud and DevOps toolchain. 5 Day Program 38 CPEs Laptop Required GCSA Cloud Security Automation giac.org/gcsa