In January 2025, Eric Johnson, a SANS Fellow and co-author of SEC549, announced that GCAD had officially launched as a new GIAC certification. Simon Vernon, Head of R&D at SANS EMEA, commented on the announcement: "Amazing, this is such a valuable certification in a critical part of cyber security. If the architecture is wrong everything else is far harder to secure".
The course was born from a realization that many security professionals were focusing on operational cloud security (fixing misconfigurations) rather than architectural security (preventing them by design). SANS Institute The Problem:
Designing strict key-rotation policies and separating key administrative duties from data access. sans sec 549 2021
A SANS Fellow and Principal Security Engineer at Puma Security. He co-authors multiple SANS cloud security courses, including SEC540 and SEC510, and develops open-source tools for cloud security.
“The Kubernetes labs were brutal but realistic. We actually faced a container breakout attempt six months after the course, and I immediately knew how to respond using Falco. Money well spent.” – In January 2025, Eric Johnson, a SANS Fellow
with centralized inspection firewalls for both "north-south" (internet) and "east-west" (internal) traffic. Zero-Trust Integration : Implementing Conditional Access Policies
: Designing telemetry streams that pull logs from various clouds into a single SIEM, such as Microsoft Sentinel , to empower Security Operations Centers (SOC). Course Structure & Hands-On Methodology The course is built around a fictional case study The course was born from a realization that
SEC549 emphasizes practical experience through 35 hands-on labs using AWS, Azure, or GCP, where students identify and fix architectural anti-patterns. The training utilizes a case study approach, following a fictional company's cloud migration. SANS Institute Professional Certification Completion of the course prepares students for the GIAC Cloud Security Architecture and Design (GCAD)
As of 2021 and beyond, SANS SEC549 filled a critical gap in cybersecurity training. It addressed the reality that most cloud security failures are not due to technology flaws but to . By teaching a clear, repeatable methodology for centralizing identity, network, and data controls, the course empowered security professionals to build cloud environments that are not just functional, but fundamentally defensible.
(the company "Delos") where students must solve real-world migration challenges. Lab Unique Format