SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC573: Automating Information Security with Python
SEC573Cyber Defense
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
- GIAC Python Coder (GPYC)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Advanced Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 128 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Learn Python in depth and gain essential skills for customizing and developing your own information security tools.
Featured Quote
I have had a few Python courses in the past in school, but I am already learning new things and ways to find new information on Day 1.
Course Overview
Are you ready to embrace the AI revolution or cloud automation and tackle the dynamic challenges of today’s cybersecurity landscape? The skill you need is PYTHON. Want to harness massive data streams for real-time threat detection, leverage data science to uncover hidden attack patterns, or build custom tools to outpace adversaries? From AI-driven anomaly detection to advanced data analytics, Python is the backbone of modern infosec, data science, machine learning, and automation. Do you need to hunt attackers in cloud environments, analyzing forensic artifacts, or developing penetration testing exploits? Without Python your options are limited.
Python for cyber security is the must-have skill for defending modern networks. Python equips you to stay ahead in a world where threats evolve faster than ever. And SEC573 gives you just what you need to get started. Have you ever wondered why so many SANS courses include a crash course in Python? It’s because you can’t finish the labs and master those essential skills without it.
When you’re ready to stop treating Python as optional—and start wielding it as your infosec superpower—you’re ready for SEC573. This course also prepares you for the GPYC certification (GIAC Python Coder), which validates your ability to apply Python to solve real-world cybersecurity problems.
What You’ll Learn
- Leverage Python to perform routine tasks quickly and efficiently
- Automate log analysis and packet analysis with file operations, regular expressions, and analysis modules to find evil
- Develop forensics tools to carve binary data and extract new artifacts
- Read data from databases and the Windows Registry
- Interact with websites to collect intelligence
- Develop UDP and TCP client and server applications
- Automate system processes and process their output
Business Takeaways
- Automate system processes and process their input quickly and efficiently
- Create programs that increase efficiency and productivity
- Develop tools to provide the vital defenses our organizations need
Meet Your Author
Mark Baggett
Mark BaggettMark Baggett
FellowSANS Faculty Fellow Mark Baggett authored SEC573 and SEC673, leads as CTO of the SANS Internet Storm Center, and empowers defenders to automate security through practical, real-world application.
Read more about Mark BaggettCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC573: Automating Information Security with Python.
Section 1Essentials Workshop with pyWars
The course launches with a fast-paced Python intro and the pyWars lab environment, backed by more than 100 hands-on labs. Beginners master the fundamentals, while advanced students dive into bonus challenges. You'll gain the skills to build Python tools for AI, cloud, pen testing, network defense, and beyond—no filler, just what gets results.
Topics covered
- Variables and Math Operators
- Strings and Functions
- Control Statements
- Modules & VMs
Section 2Essentials Workshop with MORE pyWars
This section strengthens your core Python skills with hands-on labs on essential data structures like lists and dictionaries, managing isolated environments with venv, and mastering advanced debugging in VS Code. These skills are foundational across many fields, from software development to cybersecurity and data science.
Topics covered
- Python Virtual Environments
- Lists, Loops, and Tuples
- Dictionaries
- Debugging with Visual Studio Code
Section 3Defensive Python
In the role of a network defender, you’ll analyze logs and packet captures to identify indicators of compromise. You’ll develop scripts for continuous monitoring and master file handling, data analysis and working with network packets—fundamental skills for threat detection, incident response, and broader security operations.
Topics covered
- File Operations and Python Sets
- Log Parsing, Data Analysis Tools and Techniques
- Long-Tail/Short-Tail Analysis
- Geolocation Acquisition
- Packet Analysis and Reassembly
Section 4Forensics Python
In this forensics-themed section, you’ll develop the skills to manually extract and analyze digital artifacts in the absence of automated tools. You'll work with embedded data in disk images, SQL databases, and web content, and extract critical metadata—capabilities essential across incident response, threat hunting, and investigative roles.
Topics covered
- Disk, Memory, and Network Analysis
- File Carving and Binary Structures
- Image and SQL Data Extraction
- Window Registry IO
- Web Requests and API Usage
Section 5Offensive Python
In this offensive-themed section, you’ll build a custom remote access agent to bypass defenses when standard tools fail. Skills like process interaction, error handling, and TCP communication, while offensive in context, are essential across many cybersecurity roles.
Topics covered
- Network Socket Operations
- Exception Handling and Process Execution
- Blocking and Non-blocking Sockets
- Using the Select Module for Asynchronous Operations
- Python Objects
Section 6Capture-the-Flag Challenge
The Capstone section challenges students to apply their skills in real-world scenarios—exploiting systems, analyzing packets, parsing logs, automating tasks, and interacting with websites. Live students compete as teams, while OnDemand students tackle challenges independently, with expert support available when needed.
Things You Need To Know
Relevant Job Roles
Data Analysis (OPM 422)
NICE: Implementation and OperationResponsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.
Explore learning pathTechnology Research and Development (OPM 661)
NICE: Design and DevelopmentResponsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
Explore learning pathMalware Analyst
Digital Forensics and Incident ResponseMalware analysts face attackers’ capabilities head-on, ensuring the fastest and most effective response to and containment of a cyber-attack. You look deep inside malicious software to understand the nature of the threat – how it got in, what flaw it exploited, and what it has done, is trying to do, or has the potential to achieve.
Explore learning pathDigital Forensic Analyst Training, Salary, and Career Path
Digital Forensics and Incident ResponseThis expert applies digital forensic skills to a plethora of media that encompass an investigation. The practice of being a digital forensic examiner requires several skill sets, including evidence collection, computer, smartphone, cloud, and network forensics, and an investigative mindset. These experts analyze compromised systems or digital media involved in an investigation that can be used to determine what really happened. Digital media contain footprints that physical forensic data and the crime scene may not include.
Explore learning pathDigital Forensics (OPM 212)
NICE: Protection and DefenseResponsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.
Explore learning pathMilitary Operations / Law Enforcement Agents
Digital Forensics and Incident ResponseExecute digital forensic operations under demanding conditions, rapidly extracting critical intelligence from diverse devices. Leverage advanced threat hunting and malware analysis skills to neutralize sophisticated cyber adversaries.
Explore learning pathVulnerability Assessment
SCyWF: Protection And DefenseThis role tests IT systems and networks and assesses their threats and vulnerabilities. Find the SANS courses that map to the Vulnerability Assessment SCyWF Work Role.
Explore learning pathMedia Exploitation Analyst
Digital Forensics and Incident ResponseThis expert applies digital forensic skills to a plethora of media that encompasses an investigation. If investigating computer crime excites you, and you want to make a career of recovering file systems that have been hacked, damaged or used in a crime, this may be the path for you. In this position, you will assist in the forensic examinations of computers and media from a variety of sources, in view of developing forensically sound evidence.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price8,780ドル USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,230ドル EUR*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..Course price7,160ドル GBP*Prices exclude applicable taxes | EUR price available during checkout
Showing 9 of 9
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3Python is a tool required in the world of InfoSec, and SEC573 helped me build that tool belt.
- Slide 2 of 3Very well put together. I have been afraid of learning how to code for years. Within the first days' worth of material my mind has been put at ease.
- Slide 3 of 3SEC573 is excellent. I went from having almost no Python coding ability to being able to write functional and useful programs.
Slide 1 of 0
Benefits of Learning with SANS
Instructor teaching to a class
Get feedback from the world’s best cybersecurity experts and instructors
OnDemand Mobile App
Choose how you want to learn - online, on demand, or at our live in-person training events
Resources
Get access to our range of industry-leading courses and resources