SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection

Programme Code D182
Applications Development
Learning Partner(s)
SANS Institute
5 Days
Format Hybrid
Cloud Security Application Security Testing Quality Engineering Cybersecurity Consulting
Job Roles
ICT&SS Professional Software Engineer Security Testing Engineer Quality Engineer DevOps Engineer Data Security Officer Cybersecurity Engineer


This programme is delivered by SANS Institute.

SEC541 is a cloud security course that investigates how attackers are operating against Amazon Web Services (AWS) and Microsoft Azure environments, the attacker's characteristics, and how to detect and investigate suspicious activity in your cloud infrastructure. You will learn how to spot the malice and investigate suspicious activity in your cloud infrastructure. In order to protect against cloud environment attacks, an organisation must know which types of attacks are most likely to happen in your environment, be able to capture the correct data in a timely manner, and be able to analyse that data within the context of their cloud environment and overall business objectives.

Key Takeaways

At the end of this programme, you will be able to:


  • decrease the average time an attacker is in your environment
  • demonstrate how to automate analytics, thus reducing time
  • help your organisation properly set up logging and configuration
  • decreases risk of costly attacks by understanding and leveraging cloud specific security services
  • lessen the impact of breaches that do happen
  • learn how to fly the plane, not just the ability to read the manual


  • research attacks and threats to cloud infrastructure and how they could affect you
  • break down a threat into detectable components
  • effectively use AWS and Azure core logging services to detect suspicious behaviors
  • make use of cloud native API logging as the newest defense mechanism in cloud services
  • move beyond the cloud-provided Graphic User Interfaces to perform complex analysis
  • perform network analysis with cloud-provided network logging
  • understand how application logs can be collected and analyzed inside the cloud environment
  • effectively put into practice the AWS and Azure security specific services
  • integrate container, operating system, and deployed application logging into cloud logging services for more cohesive analysis
  • centralise log data from across your enterprise for better analysis
  • perform inventory of cloud resources and sensitive data using scripts and cloud native tooling
  • analyse Microsoft 365 activity to uncover threats
  • gain ability to leverage cloud native architecture to automate response actions to attacks

Who Should Attend

  • Please refer to the job roles section.
  • ICT&SS Professional who performs monitoring, threat detection, incident response, is responsible for logging in a cloud environment or in a Security Analyst, Security Engineer, Security Architect, Vulnerability Assessor or Incident Responder role.
  • ICT&SS Professiobal in a NICE Framework job role such as 
    • Cyber Defense Analyst: PR-CDA-001
    • Cyber Defense Infrastructure Support Specialist: PR-INF-001
    • Cyber Defense Incident Responder: PR-CIR-0001
    • Adversary Emulation Specialist / Red Teamer: PR-VAM-001
    • Threat/Warning Analyst: AN-TWA-001


You should be familiar with AWS or Azure and have worked with them hands-on, especially security professionals working in the cloud security field who understand basic threats and attack vectors.

The programme assumes that you  can understand or do the following without help:

  • Understand basic cloud resources such as virtual machines, storage services, and Identity Access Management.
  • Hands-on experience in the command line, as much of the labs will be leveraging a Linux command line console.
  • Understand how identity access roles/policies work in cloud environments.
  • Understand basic cloud networking capabilities.

Programme Structure

This programme will cover the following topics in order of day:

  1. Management Plane and Networking Logging
  2. Computer and Cloud Services Logging
  3. Cloud Services and Data Discovery
  4. Microsoft Ecosystem
  5. Automate Response Actions and CloudWars


Full Fee

Full programme fee 


8% GST on nett programme fee


Total nett programme fee payable, including GST S$11944.80

With effect from 1 Jan 2023 till 31 Dec 2023

Full Fee

Exam fee (exl. GST)


Total exam fee payable, including 8% GST S$1434.89

With effect from 1 Jan 2023 till 31 Dec 2023


Additional terms and conditions apply for this programme. For more information, visit

Upcoming Classes

Class 1
13 Nov 2023 to 17 Nov 2023 (Full Time)
Duration: 5 days
When: Nov - 13, 14, 15, 16, 17
Time : Day 1: 8am to 4.30pm; Day 2-5: 8.30am to 4.30pm

How To Register


Step 1 Apply through your organisation's training request system

Step 2 Your organisation's training request system (or relevant HR staff) confirms your organisation's approval for you to take the programme.

Your organisation will send registration information to the academy.

Organisation HR L&D or equivalent staff can click here for details of the registration submission process.

Step 3 GovTech Digital Academy will inform you whether you have been successful in enrolment.