SEC510: Cloud Security Engineering and Controls | SANS Institute

SEC510: Cloud Security Engineering and Controls | SANS Institute
AI SKILLS
SEC510: Cloud Security Engineering and Controls
SEC510
Cloud Security
5 Days (Instructor-Led)
38 Hours (Self-Paced)
Course authored by:
Brandon Evans & Eric Johnson
Register Now
Course Preview
Course authored by:
Brandon Evans & Eric Johnson
Register Now
Course Preview
GIAC Public Cloud Security (GPCS)
Learn about certification
38 CPEs
Apply your credits to renew your certifications
In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Advanced Skill Level
Course material is geared for cyber security professionals with hands-on experience
52 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Jump to:
Overview
Syllabus
FAQs
Schedule & Pricing
Prevent cloud incidents from becoming breaches with attack-driven controls. Explore real-world case studies, build multicloud defenses, and secure emerging GenAI workloads through hands-on labs.
Featured Quote
The course provided so much information and details about security misconfigurations and mistakes in the cloud that one would not believe fit into the week. Very comprehensive, but the scary thing is that it feels like it is barely scratching the surface! Awesome job by the course authors.
Course Overview
Protecting multicloud environments is tough but essential. Default controls often fall short, and what works for one CSP may fail in another. SEC510 delivers advanced training for engineering cloud security defenses across AWS, Azure, and GCP, emphasizing attack-driven strategies over compliance. Students also gain skills to secure modern data environments, from encryption and ransomware protection to defending GenAI workloads, learning practical controls that reduce risk and safeguard critical assets at scale.
What You'll Learn
Make informed choices across AWS, Azure, and GCP with deep dives into PaaS and IaaS.
Learn from real-world attack case studies.
Test and validate security controls instead of relying on vendor documentation.
Build layered IAM and integrate identity into network security.
Automate encryption and compliance checks.
Prevent, mitigate, and recover from ransomware.
Secure FaaS, multicloud, IaC deployments, and GenAI workloads.
Business Takeaways
Prevent incidents from becoming breaches with attack-driven, preventive controls—including defenses for emerging GenAI workloads
Reduce the attack surface of your organization's cloud environments
Control the confidentiality, integrity, and availability of data in the Big 3 CSPs
Increase use of secure automation to keep up with the speed of today's business
Resolve unintentional access to sensitive cloud assets
Reduce the risk of ransomware impacting your organization's cloud data
Meet Your Authors
Slide 1 of 2
Brandon Evans
Senior Instructor
Brandon is a Partner at Cyverity and SANS Senior Instructor at the SANS Institute. He is lead author for SEC510: Cloud Security Engineering and Controls; GPCS holder #1, multi-year RSA Conference presenter, and cloud Bug Bounty collector.
Read more about Brandon Evans
Slide 2 of 2
Eric Johnson
Fellow
Eric is a co-founder and principal security engineer at Puma Security, focusing on cloud security, Kubernetes, and DevSecOps automation. A SANS Fellow, he is co-author and instructor for three SANS Cloud Security courses.
Read more about Eric Johnson
Slide 1 of 0
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC510: Cloud Security Engineering and Controls.
Syllabus Overview
Download full syllabus
Justify Training to Your Manager
Use this justification letter template to share the key details of this training and certification opportunity with your boss.
Download the letter
Section 1
Cloud Engineering and Identity Access Management (IAM)
SEC510 begins with cloud breach trends and the challenges of multicloud. Students explore IAM and machine identity risks, practice real-world attacks, and use tools like IAM analyzers to detect Broken Access Control. The section ends with strategies to prevent privilege escalation.
Topics covered
Cloud Identity and Access Management
Cloud Managed Identity and Metadata
Broken Access Control and Policy Analysis
IAM Privilege Escalation
Labs
IAM Fundamentals
Virtual Machine Credential Exposure
Broken Access Control and Policy Analysis
IAM Privilege Escalation
Bonus Challenges (Section 1)
Section 2
Cloud Private Networks and Endpoints
Section 2 focuses on securing cloud infrastructure and data by locking down network access. Students learn to restrict traffic, secure VMs, use private endpoints for PaaS, prevent RCE with data exfiltration, and analyze flow logs to detect malicious activity across all three major clouds.
Topics covered
Cloud Virtual Networks
Protecting Public Virtual Machines
Private Endpoint Security and Abuse
Enabling Traffic Monitoring
Labs
Control Ingress Traffic
Protecting Public Virtual Machines
Control Egress Traffic with Private Endpoints
Remote Code Execution via Private Endpoint Abuse
Bonus Challenges (Section 2)
Section 3
Cloud Data Security and GenAI Controls
Section 3 focuses on cloud data security, covering encryption, secure storage, ransomware defense, and access control. Students explore key management, in-transit encryption, and advanced storage protections like file versioning, data retention, and detecting sensitive data exposure.
Topics covered
Cryptographic Key Management
Encryption with Cloud Services
Cloud Storage Platforms
GenAI-Driven Mitigations
Securing Cloud GenAI Infrastructure
Labs
Detect and Prevent Improper Key Usage
Recover From Ransomware
GenAI-Driven Mitigations
Securing Cloud GenAI Infrastructure
Bonus Challenges (Section 3)
Section 4
Serverless Workloads and End-User Security
Section 4 covers securing cloud app infrastructure and users, starting with serverless FaaS benefits and risks. Students harden real serverless functions, explore Customer Identity and Access Management (CIAM) threats like account takeover via Amazon Cognito, and protect the most critical services in Google Cloud’s Firebase platform.
Topics covered
Cloud Serverless Functions
Cloud Customer Identity and Access Management
Firebase Databases and Google Cloud Implications
Labs
Serverless Prey
Harden Serverless Functions
Using and Exploiting CIAM
Broken Firebase Database Access Control
Bonus Challenges (Section 4)
Section 5
Multicloud, CSPM, and Third-Party Integrations
The final section covers multicloud operations, focusing on IAM risks, safe credential use, and Workload Identity Federation. Students automate security checks with CSPM tools, explore trust issues with third-party platforms, and study how to mitigate a real cloud security vendor vulnerability using Microsoft Defender as a case study.
Topics covered
Multicloud Access Management
Cloud Security Posture Management
Vendor Integration and Multicloud Security
Summary and Additional Resources
Labs
Secure Multicloud Integration
Automated Benchmarking
Prevent Cross-Cloud Confused Deputy
Bonus Challenges (Section 5)
Things You Need To Know
Relevant Job Roles
Cloud Security Engineer Training, Salary, and Career Path
Cloud Security
Cloud Security Engineers integrate advanced security measures into cloud and cloud-native environments, maximize security automation within DevOps workflows, and proactively mitigate threats to safeguard modern cloud infrastructures.
Explore learning path
Cloud Security Analyst Training, Salary, and Career Path
Cloud Security
A Cloud Security Analyst monitors and analyzes activity across cloud environments, proactively detects and assesses threats, and implements preventive controls and targeted defenses to protect critical business systems and data.
Explore learning path
Cybersecurity Architecture (OPM 652)
NICE: Design and Development
Responsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.
Explore learning path
Technology Research and Development (OPM 661)
NICE: Design and Development
Responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning path
Enterprise Architecture (OPM 651)
NICE: Design and Development
Responsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Explore learning path
Secure Systems Development (OPM 631)
NICE: Design and Development
Responsible for the secure design, development, and testing of systems and the evaluation of system security throughout the systems development life cycle.
Explore learning path
Course Schedule and Pricing
Have Questions?
GIAC Certification Attempt
Add a GIAC certification attempt and receive two free practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Group and Private Pricing
Enroll your team as a group or arrange a private session for your organization. We’ll help you choose the format that fits your goals.
Contact Sales
Location & instructor
Date & Time
Course price
Registration Options
Location & instructor
Virtual (OnDemand)
Instructed by
Brandon Evans
Date & Time
OnDemand (Anytime)
Self-Paced, 4 months access
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
Self-Paced
Location & instructor
SANS Security West 2026
San Diego, CA, US & Virtual (live)
Instructed by
Brandon Evans
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Madrid June 2026
Madrid, ES
Instructed by
Simon Vernon
Date & Time
Fetching schedule..
Course price
€8,230 EUR
*Prices exclude applicable local taxes
Registration Options
In-Person
Location & instructor
SANS Austin 2026
Virtual (live)
Instructed by
Brandon Evans
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
Virtual
Location & instructor
SANS Cyber Defence Singapore 2026
Singapore, SG & Virtual (live)
Instructed by
Brandon Evans
Date & Time
Fetching schedule..
Course price
S$11,390 SGD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Cloud Security Exchange Summit & Training 2026
San Francisco, CA, US & Virtual (live)
Instructed by
Simon Vernon
Date & Time
Fetching schedule..
Course price
$8,780 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Paris September 2026
Paris, FR
Instructed by
Brandon Evans
Date & Time
Fetching schedule..
Course price
€8,230 EUR
*Prices exclude applicable local taxes
Registration Options
In-Person
Location & instructor
SANS Cyber Safari 2026
Riyadh, SA & Virtual (live)
Instructed by
Brandon Evans
Date & Time
Fetching schedule..
Course price
$8,900 USD
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Amsterdam November 2026
Amsterdam, NL & Virtual (live)
Instructed by
Simon Vernon
Date & Time
Fetching schedule..
Course price
€8,230 EUR
*Prices exclude applicable local taxes
Registration Options
In-Person
Virtual
Location & instructor
SANS Cloud Security South Asia 2026
Virtual (live)
Instructed by
Brandon Evans
Date & Time
Fetching schedule..
Course price
$8,900 USD
*Prices exclude applicable local taxes
Registration Options
Virtual
Showing
10
of
11
Learn Alongside Leading Cybersecurity Professionals From Around The World
Slide 1 of 4
One of the best SANS courses I have taken. I am going to recommend this training to other company InfoSec Professionals in our company.
Slide 2 of 4
I maintain that this is the single best SANS class available (and I just got my 8th cert). If you can only take one course - this is the one.
Slide 3 of 4
If you Cloud, you need this course - .
Slide 4 of 4
I would definitely recommend this course. I consider the security topics covered to be critical knowledge for companies that are hosting in the cloud. The course content has been very well put together, well researched, and is very applicable.
Slide 1 of 0
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources
Filter by: