Jul 14, 2019
Review of SEC545 Cloud Security Architecture and Operations
SEC545: Cloud Security Architecture and Operations
Just recently I went to attend a local SANS Community class in my city. For those that are not aware, SANS Community classes are usually smaller classes with 5-10+ students. It’s a small venue with more of a small class size, but the material would be the same that SANS would teach on vLive, OnDemand, or at a SANS conference.
I can say that the SEC545: Cloud Security Architecture and Operations class is VERY popular. There were many students there that were not hardcore SANS enthusiasts such as myself. Many people were there on the basis that companies are all now starting to move to the cloud. And, many companies are worried about the security implications of moving, and with larger concerns on if the architecture is not setup and configured correctly.
The class was very much AWS focused, which was great for me in terms of learning AWS. However, my main focus lately has been to learn Azure, as a lot larger enterprises seem to be making use of Microsoft products. And, I’m finding smaller and mid-sized companies lean towards AWS as a cloud service provider. There wasn’t a whole lot of Azure in terms of labs. But, a lot of the concepts and ideas can still be applied to Azure or any other cloud service provider. There was an extra book provided that is related to Azure. However, I was told by the instructors that it was outdated by the time they edified, reviewed, and printed the manuals.
The course details can be found on SANS’s website (https://www.sans.org/course/cloud-security-architecture-and-operations )
Day 1 – SEC545.1: Cloud Security Foundations
The instructors were great, one of them being local. And, the other who flew in just to teach the class. You can expect some snacks to be provided during break times. The venue was hosted at a decent hotel, though it had a more class type vibe rather than a SANS Conference vibe where there would be much more space.
This is probably the day where there is a lot of more dry content. And, I think this is expected for most SANS classes for the 1st day. The first day is really about core concepts and setting the foundation of each course. The core concepts are very important, because any one that plans on going to the Cloud will need to work on contracts, and know what type of questions to ask. The content for Day 1 is very policy based, and will teach you things about the cloud at a high level. Overall, this day really sets the tone for what is to come in the next few days.
Day 2 – SEC545.2: Core Security Controls for Cloud Computing
Day 2 is when you finally get to spend more time on labs, and being able to deploy your own instances. You’ll learn more about setting up secure networks, managing user accounts and role based policies. You will learn important concepts regarding securing VM’s, and setting secure VPC’s. And, you’ll get an understanding of various configurations within AWS. You will also look into how to conduct effective cloud risk assessment. The big one for me was topics on identity and access management, as this would be a huge topic for anyone in security and would like to control what users can access on AWS.
Day 3 – SEC545.3: Cloud Security Architecture and Design
Day 3 really focuses on how to best design and secure your infrastructure in the cloud. This means looking at access controls and policies to be sure there is segregation of duties. For example, a person should only be able to delete their own instance and not have permission to delete all or other instances. You also learn about how encryption is made easy through AWS. The content will really make you think on how you segregate systems, networks, policies and access to files. The labs once again really allow you to learn and apply these concepts.
Day 4 – SEC545.4: Cloud Security – Offense and Defense
This day was one that I felt was very important. It mainly focuses Cloud Incident response, cloud forensics, and cloud pen testing all in the cloud. Personally, I think the concepts are huge, because each of these is done does differ slightly compared to how you may conduct these tasks on-prem. Day 4 will teach you how to find security issues and how to defend against them. The labs were the best part, because you learn how this is all done in AWS.
Day 5 – SEC545.5: Cloud Security Automation and Orchestration
I’d like to say this was probably my most favorite day out of all 5 days. You spend much more time on larger labs and go through many labs. One of my favorite topics was covered which is all about DevOps and DevSecOps. I’ve been fairly new to the DevOps concept, by after learning about it I really think DevOps is the future. It is the way we should be automating our processes and the class will teach you a lot about it.
Certification
One unfortunate part is that SEC 545 does not yet contain a certificate through GIAC. From my email with GIAC, it does look like it is in the works. But, at the moment there are no immediate decisions on when it would be officially offered. For all SANS courses, I usually also go for the certification. In this case, I’ll need to wait till they offer one for SEC 545. So keep in mind that taking this course will benefit you a lot. But, there is no cert that exists for it at the time of this post.
Final Thoughts
Overall, if you’re going to be working in the cloud, or already are working in the cloud. This is an excellent course to take. I’ve learned a lot and it’s allowed me to bring up several questions, ideas and concepts to bring to my team on how we plan to transition to the cloud. And, what types of options we have available to be sure all security controls and requirements are met to our specific needs.
I hope this review of the class helps out if you plan on taking SEC 545. I definitely recommend it!
If you have any other questions or want to share your own experience feel free to leave them below in the comment box.
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
How useful would you have found this training if your company was going with Azure rather than AWS?
Hi Duane,
Personally, the first 2 books will help, because it relates to policies, standards and things you should be conducting in the cloud regardless on the cloud provider.
I moved from AWS to Azure, so there are some things in the course that are AWS specific. However, the concept is the same whether using Azure or AWS. eg. Cloud logging, locking down network/resource groups etc..
Just the labs are AWS specific, so if you don’t know much about AWS it will be a great learning experience. Just remember, the cloud concepts all can apply to any cloud provider. When thinking about security, the same situations will usually apply.
Hi, Harry.
Do you know if there is much difference between SEC545 and SEC540? I am dealing with security engineering and architecture, hence thinking about which of the courses to take. If a course offers hands-on time, this is, of course, a better way to learn, but from what I know SANS courses often have hands-on parts.
Thank you
Hey Res,
I haven’t taken SEC 540 myself. However, this was a question another student has posed in class.
The instructor had stated that Sec 540 is more for developers.
I’m assuming it means the class is more developer focused.
Say if you’re conducting DevOps and now want to move to a more SecDevOps role.
The course I took Sec 545 was more security engineer focused.
So it all depends on your role.
Hope that helps you out.