Talk With an Expert
Talk With an Expert

SEC540: Cloud Native Security and DevSecOps Automation

SEC540Cloud Security
  • 5 Days (Instructor-Led)
  • 38 Hours (Self-Paced)
Course authored by:Eric Johnson, Ben Allen & Frank Kim
Course authored by:Eric Johnson, Ben Allen & Frank Kim
  • GIAC Cloud Security Automation (GCSA)
  • 38 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • Advanced Skill Level

    Course material is geared for cyber security professionals with hands-on experience

  • 35 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

Gain the skills and methodology to secure modern Cloud Native, DevSecOps, and Kubernetes environments through hands-on labs using security controls in CI/CD pipelines for cloud systems.

Featured Quote

BEST class I have ever taken at SANS. This is one of those courses where I can log into work after class ends and immediately start applying into my daily tasks and responsibilities. I already went on my team's Slack channel and told them this needs to be the next class they take.
Brian EsperanzaTeradata

Course Overview

The SANS SEC540 DevSecOps training course prepares security professionals to secure cloud-native and DevOps environments by implementing security controls in automated pipelines. It addresses challenges like insecure CI/CD pipelines, misconfigurations, and Kubernetes vulnerabilities while providing hands-on labs to develop practical skills. The course equips students with a DevSecOps mindset to enhance cloud infrastructure security and resilience.

What You’ll Learn

  • Understand DevOps principles for secure workflows
  • Integrate security scanning into CI/CD pipelines
  • Manage secrets and automate infrastructure with IaC
  • Harden and monitor containers and Kubernetes
  • Secure software supply chain with SBOMs and artifact signing
  • Automate compliance with policy guardrails and remediation

Business Takeaways

  • Build a security team skilled in cloud-native security and DevSecOps
  • Collaborate with DevOps to integrate security early in development
  • Utilize cloud-native services for deployment, hardening, and monitoring
  • Prepare for container and Kubernetes migrations with adaptability
  • Enhance security with cloud monitoring and automated threat response
  • Implement centralized audit pipelines and compliance-as-code

Meet Your Authors

  • Slide 1 of 3
    Eric Johnson
    Eric Johnson

    Eric Johnson

    Fellow

    Eric is a co-founder and principal security engineer at Puma Security, focusing on modern static analysis product development and DevSecOps automation. A SANS Fellow, he is co-author and instructor for three SANS Cloud Security courses.

    Read more about Eric Johnson
  • Slide 2 of 3
    Ben Allen
    Ben Allen

    Ben Allen

    Ben Allen is a Cloud Security Architect at the SANS Institute and a co-author of SEC540: Cloud Security and DevSecOps Automation.

    Read more about Ben Allen
  • Slide 3 of 3
    Frank Kim
    Frank Kim

    Frank Kim

    Fellow

    Frank Kim is the Founder of ThinkSec, a security consulting and CISO advisory firm. He leads the Cybersecurity Leadership and Cloud Security curricula at SANS, as well as authors and instructs multiple SANS courses.

    Read more about Frank Kim
Slide 1 of 0

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC540: Cloud Native Security and DevSecOps Automation.

Section 1DevOps Security Automation

This section introduces DevOps practices by analyzing and securing a vulnerable Version Control and Continuous Integration (CI) system, teaching students to identify risks, harden workflows, automate code analysis, and securely manage secrets with tools like HashiCorp Vault and AWS Secrets Manager.

Topics covered

  • DevOps and Security Challenges
  • DevOps Toolchain
  • Securing DevOps Workflows
  • Pre-Commit Security Controls

Labs

  • Attacking the DevOps Toolchain
  • Version Control Security
  • Automating Code Analysis
  • Protecting Secrets with Vault
  • CloudWars Bonus Challenges

Section 2Cloud Infrastructure Security

In section two, students deploy cloud infrastructure with Terraform, harden network configurations, automate configuration management with Packer and Ansible, and secure container images for Kubernetes by managing misconfigurations, scanning for vulnerabilities, and securing the software supply chain with SBOMs and artifact signing.

Topics covered

  • Cloud Infrastructure as Code
  • Configuration Management as Code
  • Container Security Lifecycle
  • Software Supply Chain Security

Labs

  • Infrastructure as Code Network Hardening
  • Gold Image Creation
  • Container Image Hardening
  • Container Software Supply Chain Security
  • CloudWars Bonus Challenges

Section 3Cloud Native Security Operations

In section three, students deploy and secure Kubernetes workloads in cloud-native services like AWS EKS and Azure AKS, applying security controls such as RBAC, workload identity, and admission control, and enabling real-time monitoring and alerting.

Topics covered

  • Kubernetes Architecture, Resources, and Deployments
  • Kubernetes Risks and Security Controls
  • Kubernetes Workload Security
  • Kubernetes Runtime Security
  • Continuous Security Monitoring

Labs

  • Container Registry Security
  • Kubernetes Workload Identity
  • Kubernetes Admission Control
  • Continuous Security Monitoring
  • CloudWars Bonus Challenges

Section 4Microservice and Serverless Security

In section four, students learn to secure containerized and serverless workloads with blue/green deployments, CDNs, API gateways, and microservice architectures, ending with a deep dive into serverless pipelines for Azure Functions and AWS Lambda.

Topics covered

  • Deployment Orchestration using Cloud Native Services
  • Secure Content Delivery
  • Microservice Security
  • Serverless Security

Labs

  • Automated Patch Deployment
  • Content Protection
  • Microservice Security
  • Serverless Security for Cloud FaaS with GitLab CI
  • CloudWars Bonus Challenges

Section 5Continuous Compliance and Protection

In section five, students learn to automate cloud security compliance with tools like CSPM and WAF, implement policy as code for automated remediation, and manage cloud configuration drift.

Topics covered

  • Continuous Compliance
  • Runtime Security Protection
  • Automated Remediation

Labs

  • Cloud Security Posture Management (CSPM)
  • Blocking Attacks with Azure and AWS WAF
  • Automated Remediation with Cloud Custodian
  • CloudWars Bonus Challenges

Things You Need To Know

Relevant Job Roles

Systems Security Analyst (DCWF 461)

DoD 8140: Software Engineering

Ensures systems and software security from development to maintenance by analyzing and improving security across all lifecycle phases.

Explore learning path

Cloud Security Engineer

Cloud Security

Building security solutions for cloud workflows.

Explore learning path

Systems Developer (DCWF 632)

DoD 8140: Cyber IT

Oversees full lifecycle of information systems from design through evaluation, ensuring alignment with functional and operational goals.

Explore learning path

Vulnerability Assessment Analyst (DCWF 541)

DoD 8140: Cybersecurity

Assesses systems and networks to ensure compliance with policies and identify vulnerabilities in support of secure and resilient operations.

Explore learning path

Technology Research and Development (OPM 661)

NICE: Design and Development

Responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

Explore learning path

IT Investment/Portfolio Manager (DCWF 804)

DoD 8140: Cyber Enablers

Oversees a portfolio of IT capabilities aligned to enterprise goals, prioritizing needs, solutions, and value delivery to the organization.

Explore learning path

Communications Security (COMSEC) Management (OPM 723)

NICE: Oversight and Governance

Responsible for managing the Communications Security (COMSEC) resources of an organization.

Explore learning path

Information Systems Security Developer (DCWF 631)

DoD 8140: Cybersecurity

Designs and evaluates information system security throughout the software lifecycle to ensure confidentiality, integrity, and availability.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchase Options?Contact Us

GIAC Certification Attempt

Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.

OnDemand Course Access

When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.

  • Location & instructor

    Virtual (OnDemand)

    Instructed by
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    8,780ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS Cyber Defense Initiative 2025

    Washington, DC, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    8,780ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS Amsterdam December 2025

    Amsterdam, NL & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    8,230ドル EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS Rockville 2026

    Rockville, MD, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    8,780ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS Surge 2026

    La Jolla, CA, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    8,780ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS Secure Japan 2026

    Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    1,335,000円 JPY*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS Paris March 2026

    Paris, FR

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    8,230ドル EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS 2026

    Orlando, FL, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    8,780ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS Rocky Mountain 2026

    Denver, CO, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    8,780ドル USD*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    SANS Security West 2026

    San Diego, CA, US & Virtual (live)

    Instructed by
    Date & Time
    Fetching schedule..
    Course price
    8,780ドル USD*Prices exclude applicable local taxes
    Registration Options
Showing 10 of 20

Learn Alongside Leading Cybersecurity Professionals From Around The World

  • Slide 1 of 4
    Every single person I've sent to class has loved it. It's been transformational for them because it goes beyond security concepts and teaches how modern operations and DevOps works. It's also impactful sending developers (who are not working in cloud yet) because they want to develop in cloud and get into concepts like Infrastructure as Code.
    Brett Cumming
  • Slide 2 of 4
    This course definitely makes security in DevOps more relatable and concrete. Love that we are asked to fix issues.
    Stephen GermainDisney
  • Slide 3 of 4
    Instructor is fantastic. Extremely knowledgeable in the subject matter and has easily answered many complicated questions.
    Cory Marriott
  • Slide 4 of 4
    SEC540 truly deserves the 5 of 5 excellent rating. I really can't express how impressed I am with my first SANS course.
    Dwayne SanderALERRT
Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources

AltStyle によって変換されたページ (->オリジナル) /