Douglas R. Seidler
Author, Educator, Designer

Sign In

549: Sans Sec

Traditional incident response (IR) assumes you own the logs, the network, and the kernel. In AWS, Azure, and GCP, you own nothing but a set of APIs.

You cannot run Volatility on a misconfigured S3 bucket. You cannot capture network traffic from a Lambda function that executed for 300ms and vanished. sans sec 549

The final lab is brutal. You are given a compromised AWS Organization. You have 4 hours to: Identify the root cause, kick the attacker out (without deleting production data), and preserve evidence for legal. It simulates the panic of a real breach perfectly. The "SANS Tax" (Honest Review) Let’s be real. SANS courses are expensive and intense. SEC549 is a GIAC Cloud Incident Responder (GCLD) cert prep course, so expect 12+ hour days. Traditional incident response (IR) assumes you own the

Here is the breakdown of the magic:

Seidler Studio LLC
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.