LDR520: Cloud Security for Leaders

  • In Person (5 days)
  • Online
30 CPEs

This cloud security strategy for leaders training course focuses on what managers, directors, and security leaders need to know about developing their plan/roadmap while managing cloud security implementation capabilities. To safeguard the organization's cloud environment and investments, a knowledgeable management team must engage in thorough planning and governance. We emphasize the essential knowledge needed to develop a cloud security roadmap and effectively implement cloud security capabilities. Making informed security decisions when adopting the cloud necessitates understanding the technology, processes, and people associated with the cloud environment. 12 Hands-on Cyber42 Exercises + Capstone.

What You Will Learn

What is Cloud Security Strategy?

Cloud Security Strategy is a comprehensive plan to protect the organization's data, workload, and infrastructure residing in the cloud(s) environment.

Cloud adoption is popular across all types of industries, and many organizations are taking strategic advantage of the cost and speed benefits of transitioning to the cloud. Since cloud environments differ significantly from traditional on-premises IT environments, in terms of protection requirements and threat vectors, the traditional network perimeter is no longer the most effective defense in cloud solutions. Organizations are migrating mission-critical workloads and sensitive data to private and public cloud solutions without always understanding the numerous key decisions needed for an organization's successful cloud transition. This cloud security implementation course walks the audience through the journey to mature their cloud security in each of the relevant security domains of cloud security strategy from beginning to high maturity state.

LDR520 complements traditional IT management techniques that leaders are accustomed to and helps with making appropriately informed decisions around strategy, financial investment, and necessary team technical knowledge and skill. We cover the key objectives of security controls in the cloud environment, including planning, deploying, and running the environment from the starting point to a progressively more mature state. There will be a focus on locking down the environment, securing the data, maintaining compliance, enhancing security visibility to the operations, and managing the security response on a continuous basis. Students will learn the essentials to lead the security effort for the cloud transition journey.

"This type of training, ie: cloud security from a management perspective, is rare and the quality of this one is definitely amazing." - Benoit Ramillion, UEFA

Business Takeaways

  • Establish cloud security program supporting the fast pace business transformation
  • Understand current and future maturity level of the cloud security in contrast to the industry benchmarks
  • Make informed decisions on cloud security program
  • Anticipate the security capabilities and guardrails to build for the securing the cloud environment
  • Safeguard the enterprise data as workloads are migrated to the cloud

Skills Learned

  • Define a strategy for securing a workload in the cloud for medium and large enterprises that can support their business objectives
  • Establish a security roadmap based on the security strategy that can support a fast-paced cloud adoption and migration path while maintaining a high degree of security assurance
  • Understand the security fundamentals of the cloud environment across different types of service offerings, then explain and justify to other stakeholders the relevant strategic decisions
  • Build an effective plan to mature a cloud security posture over time, leveraging security capabilities offered by cloud providers to leapfrog in security capabilities
  • Explain the security vision of the organization in the Cloud domain to your Board Directors and executives, collaborate with your peers, and engage your workforce, driving the security culture change required for the cloud transformation

Hands-On Cloud Security Strategy Training

LDR520 uses case scenarios, group discussions, team-based security leadership simulations with embedded real life technical components to help students absorb both technical and management topics. About 60 minutes per day is dedicated to these learning experiences using the Cyber42 leadership simulation game. This web application-based game is a continuous exercise where students play to improve security culture, manage budget and schedule, and improve security capabilities at a fictional organization. This puts you in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work.

  • Section 1: Cloud security planning, Landing Zone, IAM account and access
  • Section 2: Config management, Container/Image management security, Firewall/Network architecture
  • Section 3: Data Protection, Security monitoring, Cost Management
  • Section 4: Application Protection, Security validation and assessment, Validation and security testing
  • Section 5: Capstone

"Love "seeing" the cloud." - Ivan Clatanoff, CME Group

"Loved the labs. They really help emphasize what we are learning." - Jana Laney

"Team is collaborative. We are all able to bounce ideas of each other comfortably and using AWS to get hands on makes it feel more real than if we were answering questions on a quiz." - Richard Sanders, Best Western International

Syllabus Summary

  • Section 1: Cloud Security Fundamentals and Identity Management
  • Section 2: Cloud Security Environment Protection and Architecture
  • Section 3: Data Protection, Security Detection and Cloud Security Governance
  • Section 4: Securing Workload and Security Assurance
  • Section 5: Roadmap Planning and Capstone Exercise

NOTE: This course will have limited overlap with the SANS SEC488: Cloud Security Essentials course because it will provide foundational information on cloud services and cloud security to ensure that students are on the same page.

Additional Free Resources:

What You Will Receive:

  • Printed and Electronic courseware
  • MP3 audio files of the course
  • Access to the Cyber42 web application

What Comes Next:

Syllabus (30 CPEs)

Download PDF
  • Overview

    The first section of the course aims to help management professionals develop a solid fundamental knowledge into cloud adoption models and gain understanding on one of the most important security domain within cloud security which is Identity and Access Management (IAM).

    • Cloud security planning
    • Landing Zone template scenario
    • IAM account and access-based scenario

    Introduction to Cloud

    • Industry Cloud Adoption Rate

    Cloud Service Model

    • Cloud services fundamentals
    • IaaS/PaaS/SaaS

    Transition Process

    • Planning process
    • Initial setup and Landing Zone establishment

    IAM - Segregation

    • Multi-account/subscription
    • Isolation to reduce blast radiation

    IAM - Identity Management

    • MFA/passwordless
    • Single Sign-on for cloud
    • Customer IAM integration
    • Centralized management of identity, process and workflow

    IAM - Access Management

    • Leadership support in access management
    • Managed policies/custom access policies
    • Role management with workflow
    • Risk reduction access rationalization drive on recurring basis
    • Temporary just in time access management for privileged access
    • Access management transformation for cloud adoption
  • Overview

    The second section of the course is dedicated to managing the technology aspect of the cloud environment. Securing cloud technology is rather different than securing technologies on-premise. This section will highlight the difference and discuss the capabilities and competencies that matter the most.

    • Config Management
    • Container/Image Management security
    • Firewall/Network Architecture

    Config Management

    • Security configuration span and importance
    • Configuration guardrail across services
    • CSPM services and native tooling
    • Maturity transformation over the journey of cloud adoption

    Image Management

    • VM and container image security management
    • OS images in hybrid environment
    • OS image automation and pipeline

    Resource Management

    • Resource management security automation
    • Enterprise strategy to provide assistance and reference material

    Network Management

    • Cloud network design principles, IP schemes, network architecture
    • Secure Network to support workforce, customers, partners and work locations
    • Network Firewall challenges in cloud and identity based perimeter transformation

    Cloud Architecture

    • Security Best practices (Well architected framework and Security Reference Design)
    • Zero Trust and Segmentation Transformation
  • Overview

    In section three, we delve into three key cloud security domains: data asset protection, security detection and response in the cloud environment, and governance aspects of cloud security.

    • Data Protection
    • Security Monitoring
    • Cost Management

    Data Encryption and Key Management

    • Encryption at rest/in use and in transit within cloud
    • Key management in cloud and hybrid environment, both strategy and implementation
    • Common compliance driven requirements in encryption

    Data Classification and Protection

    • Automated data discovery across various cloud services
    • Automated encryption and de-identification
    • Enterprise practices and transformation in data protection (tagging, identification...)

    Data Backup

    • Data backup strategy in cloud
    • Continuity vs recovery/resiliency
    • Immutable backup
    • Measuring metrics and validation

    Security Intelligence

    • Intelligence collection and generation
    • Detection logic translation and transformation
    • Feed evaluation and prioritization

    Security Detection Analysis and Monitoring

    • Security Monitoring and analysis
    • Logs normalization
    • Network flows/traffic based logs and application based logs
    • Alerts tuning
    • Hybrid environment monitoring operations
    • Data level monitoring (CASB)

    Security Response and Transformation

    • Runbooks and playbooks in security response
    • Metrics based operations and tuning
    • Automation and effectiveness based transformation in cloud
    • Modeling via table top and purple team exercises

    Log Management

    • Logging configuration, collection and device configuration
    • Consolidated logs visibility across hybrid environments

    Security Governance Committee

    • Strategy for executive involvement
    • Organization for collaboration and driving proper ownership
    • Goals, cadence and operations of the committee

    Security Policy

    • Structuring the policy and connecting the policy with implementation policies
    • Enforcement of policy
    • Communication of policy

    Cost Management

    • Cost management principles
    • Model, budget and optimization
    • Automation to assist with cost management
    • Importance of tagging
  • Overview

    Section four begins with a focus on securing applications/workloads within the cloud environment. The discussion then transitions to security assurance, followed by an exploration of workforce transformation required to support cloud security transformation.

    • Application Protection
    • Security validation and assessment
    • Validation and Security testing


    Cloud Application Practices

    • DevSecOps best practices, security throughout the lifecycle
    • SBOM
    • CI/CD pipeline and security protection + integration
    • Empowering development teams supported by security guidance
    • Full stack development -- impact to IAM and traditional organization alignment

    Application Assessment

    • SAST/DAST integrated into CI/CD pipeline
    • Threat modeling and manual testing

    Security Protection Services

    • Cloud based protection services such as DDoS and DNS protection
    • WAF services
    • CWPP and RASP that can be integrated into the application or running environment
    • Progression of protection capabilities

    Posture Validation

    • Roles and responsibilities defined, ownership of vulnerabilities identified
    • Getting consensus and commitment to remediate
    • Benchmark selection and implementing the assessments in automatic fashion
    • Operationalize the validation
    • Rolling into a measurable program supporting 3rd line visibility

    Regulatory Compliance

    • Provider compliance
    • Split of responsibilities for compliance
    • Data level analysis to determine best compliance requirements

    Security Testing

    • Vulnerability assessment in cloud
    • Penetration testing with deliberate scoping
    • Threat modeling of the environment

    Skill Readiness

    • Structuring a training program
    • Define training and learning models
    • Skills requirements definition
    • Scaling the program

    Organizational Alignment

    • Teams involvement at inception
    • Teams supporting the transformation
    • DevSecOps team evolution
    • Decentralized vs centralized approaches
  • Overview

    In section five, we delve into the growing trend of adopting multi-cloud systems and emphasize the significance of a security strategy tailored for multi-cloud environments. Additionally, we examine the management aspects of the Software as a Service (SaaS) model and its application in enterprise settings. The section concludes with a capstone exercise, allowing students to apply the concepts, management tools, and methodologies they have learned in a practical scenario.


    Capstone: Large scale traditional enterprise moving to the cloud. Working in groups, students are to draft the roadmap to modernize the entire security program and present to the class on their approach.


    SaaS security management

    • Multicloud Management
      • Security governance with multicloud
      • Technical config alignment
      • Workload mobility
      • Data level security alignment
      • Security monitoring across CSP


Students should have three to five years of experience in IT and/or cybersecurity. This course covers the core areas of security leadership in migrating workloads to the cloud environment and assumes a basic understanding of technology, networks, and security.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.
  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 11.7.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
  • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.

If you have additional questions about the laptop specifications, please contact

Author Statement

"Cloud transition is common in many organizations these days, but many security leaders feel overwhelmed and underprepared for the security aspects of the cloud. When organizations accept security as an integral part of the transformation path, they can not only achieve the same level of security as their in-house IT environment, but also take advantage of a huge opportunity to leapfrog in security using cloud capabilities. In LDR520, we discuss industry-proven techniques to plan for the security aspects of cloud transformation. This course will arm students with the necessary information to confidently lead their organization towards securing the cloud workload and leveraging cloud capabilities to further enhance their security maturity in the IT environment."

- Jason Lam

"I like how the content builds and progresses. Jason clearly thought a lot about how to sequence the information to make it easy to digest." - Jim Pruitt, Revolutionary Security


Perfect for understanding the inner workings without getting too in the weeds.
Krupa Levinson
Blue Shield of CA
The game platform [Cyber42] and challenges are really interesting and add a nice dimension to the class.
Karl Mueller
Great course, a lot of material to go through but it really shows the model an organization should follow to increase the security on cloud environments.
Jesus Fernandez

    Register for LDR520

    Learn about Group Pricing

    Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.