SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
- GIAC Machine Learning Engineer (GMLE)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- 30 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Acquire practical data science and machine learning skills to build custom AI-driven security solutions that transform your organization's threat detection capabilities.
Featured Quote
The course content's design is superb in my opinion. It begins by covering the fundamentals of data extraction from diverse sources using Python, followed by a dive into the basics of statistics. From there, it delves into ML models and DNNs. I appreciate the thoughtfulness behind this progression.
Course Overview
Harness practical data science and machine learning in cybersecurity. This course transforms complex AI concepts into accessible tools through hands-on labs comprising over 70% of class time. Designed specifically to focus on machine learning in cybersecurity, the course prepares students to apply AI techniques to real-world security problems—making it a powerful option for those pursuing the GMLE certification (GIAC Machine Learning Engineer for Cybersecurity).
Participants solve actual security challenges using statistical models, probabilistic tools, and neural networks rather than engaging in theoretical discussions. You will develop skills to extract, analyze, and visualize security data, construct predictive models for threat detection, and implement anomaly detection systems.
The curriculum achieves an optimal balance between essential theory and practical application, requiring only intermediate Python skills and basic mathematics knowledge. Security professionals gain immediately applicable techniques for enhancing security operations, incident response, and threat hunting through targeted AI implementation.
What You'll Learn
- Design custom machine learning solutions for security data
- Implement AI-based anomaly detection and threat hunting
- Build neural networks for security classification tasks
- Create effective data visualizations for security insights
- Develop Python automation for security data analysis
Business Takeaways
- Reduce alert fatigue and false positives in security operations
- Enhance threat detection with predictive AI capabilities
- Automate routine security tasks through machine learning
- Identify previously undetectable security anomalies
- Optimize security resource allocation with data insights
- Improve incident response time through intelligent analysis
- Strengthen security posture with proactive AI detection
Meet Your Author
David Hoelzer
David HoelzerDavid Hoelzer
FellowDavid Hoelzer has fundamentally advanced cybersecurity by pioneering the GIAC Security Expert (GSE) certification, leading AI-driven threat detection initiatives, and developing MAVIS, an open-source ML tool enhancing code review processes.
Read more about David HoelzerCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals.
Section 1Data Acquisition, Cleaning, and Manipulation
On day one we focus on essential Python skills for data acquisition and manipulation in security contexts. Students will learn methods for retrieving data from SQL databases, NoSQL document stores, and web sources. This foundation enables effective data collection for subsequent analysis and machine learning applications in security operations.
Topics covered
- Python refresher for data science applications
- SQL database access and data extraction
- NoSQL document stores and MongoDB integration
- Web scraping for security intelligence
- Data cleaning and preparation techniques
Labs
- Building data pipelines from security databases
- Extracting indicators from unstructured sources
- Implementing web scraping for threat intelligence
- Creating data transformation workflows
- Automating data collection processes
Section 2Data Exploration and Statistics
Section two covers the statistical foundations necessary for effective security data analysis. Students learn to apply statistical measures to security datasets, interpret probability distributions, and use Bayesian inference for security decision-making. These skills form the basis for understanding anomaly detection and predictive security analytics.
Topics covered
- Descriptive statistics for security metrics
- Inferential statistics and hypothesis testing
- Probability distributions in security data
- Bayesian inference for threat assessment
- Statistical anomaly detection methods
Labs
- Analyzing security event frequency distributions
- Applying statistical tests to detect outliers
- Building probabilistic models for alert triage
- Implementing Bayesian analysis for threat scoring
- Developing statistical baselines for normal behavior
Section 3Essentials of Machine Learning: Trees, Forests, & K-Means
This introduction to machine learning techniques focuses specifically on security use cases. Students explore supervised and unsupervised learning approaches for threat detection, classification, and anomaly identification. The section progresses from basic clustering methods to advanced classification algorithms; all applied to security datasets.
Topics covered
- Unsupervised learning for anomaly detection
- Support Vector Machines for classification
- K-Means and KNN clustering techniques
- Dimensionality reduction with PCA
- Feature selection for security data
Labs
- Building anomaly detection for network traffic
- Classifying malicious vs. benign behavior
- Implementing clustering for threat hunting
- Applying dimensionality reduction to log data
- Designing feature extraction pipelines
Section 4Essentials of Machine Learning: Deep Learning
Our exploration into deep learning methods addresses advanced security challenges. Participants discover ways to design, train, and evaluate neural networks for security applications including malware detection, phishing identification, and behavioral analysis. We also cover network architectures optimized for security data types and formats.
Topics covered
- Neural network fundamentals for security
- Deep learning for malware detection
- Convolutional networks for pattern recognition
- Autoencoders for anomaly detection
- Embedding layers for categorical security data
Labs
- Building neural networks for threat classification
- Implementing autoencoders for outlier detection
- Training convolutional networks for malware analysis
- Developing embedding models for user behavior
- Creating deep learning pipelines for security data
Section 5Essentials of Machine Learning: Autoencoders
This section focuses on convolutional networks and autoencoder architectures. The first half concentrates on CNNs for text classification and zero-day malware detection, while the second half examines autoencoder fundamentals, latent representations, and reconstruction loss functions for signature-free anomaly detection in logs and network traffic.
Topics covered
- Convolutional neural networks
- Embedding layers
- CNN text applications
- Autoencoder architecture
- Reconstruction loss measurement
Labs
- Predictive malware identification
- CNN-based message filtering
- Multi-class text classification
- Log anomaly detection
- Real-time network anomaly detection
Section 6Essentials of Machine Learning: Functional Models and Deployment
This section focuses on practical implementation of complex neural networks using TensorFlow's functional API. We also cover effective synthetic data generation, data augmentation, genetic hyperparameter optimization, and deployment strategies including standalone solutions for time-critical applications and containerized approaches using Docker/Kubernetes.
Topics covered
- CNN regression applications
- Functional network architecture
- Multi-input/multi-output neural networks
- Machine learning problem framing
- Genetic algorithms andmodel deployment
Labs
- CAPTCHA solving proof-of-concept
- Functional API implementation
- Split model architecture
Things You Need To Know
Relevant Job Roles
Data Analysis (OPM 422)
NICE: Implementation and OperationResponsible for analyzing data from multiple disparate sources to provide cybersecurity and privacy insight. Designs and implements custom algorithms, workflow processes, and layouts for complex, enterprise-scale data sets used for modeling, data mining, and research purposes.
Explore learning pathCybersecurity Research & Development
SCyWF: Cybersecurity Architecture, Research And DevelopmentThis role conducts conducts cybersecurity research and development. Find the SANS courses that map to the Cybersecurity Research & Development SCyWF Work Role.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price8,780ドル USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price7,160ドル GBP*Prices exclude applicable taxes | EUR price available during checkout
- Date & TimeFetching schedule..View event detailsCourse price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price8,230ドル EUR*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price8,780ドル USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price8,230ドル EUR*Prices exclude applicable local taxesRegistration Options
Showing 10 of 24
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 4Automation is a critical skill in the field of cybersecurity. SANS SEC595 addresses this need by focusing on using Python to automate security tasks, making it highly relevant to the industry's demands.
- Slide 2 of 4I really like that this is pulling from experience rather than a textbook. The added anecdotes about the history behind various topics really helped pull it together for me.
- Slide 3 of 4This course covers a wide breath with great depth. I am excited to apply everything after the course.
- Slide 4 of 4AI/ML for cybersecurity is poorly understood and misrepresented too often. This course provides that balance between what management needs to know in order to grow understanding of the technologies and hands-on experience.
Slide 1 of 0
Benefits of Learning with SANS
Instructor teaching to a class
Get feedback from the world’s best cybersecurity experts and instructors
OnDemand Mobile App
Choose how you want to learn - online, on demand, or at our live in-person training events
Resources
Get access to our range of industry-leading courses and resources