CURRICULUM: Cloud Security 3 Day Course 18 CPEs 11 Labs Currently, industry security practices for Generative AI (GenAI) are not standardized due to the novelty of this field. This course aims to contribute to the development of GenAI security best practices, guiding the security community through ongoing research and an evolving curriculum. SEC545 training provides an in-depth exploration of GenAI technologies, starting with core principles and underlying technologies. It will assess security risks by identifying and analyzing real-world threats impacting GenAI applications. As students progress, they will learn to establish security best practices by exploring different measures for securing GenAI applications effectively. The course begins with an introduction to the fundamentals of GenAI, covering key concepts and terminologies such as Large Language Models (LLMs), embeddings, and Retrieval- Augmented Generation (RAG). It then examines the security risks associated with GenAI, including prompt injection attacks, malicious models, and third-party supply chain vulnerabilities. Following this, the course dives into the essential components needed to build a GenAI application, including coverage of vector databases, LangChain, and AI agents. The course concludes with a comprehensive overview of hosting GenAI applications, discussing options for local deployment, cloud solutions, and platforms like AWS Bedrock. Business Takeaways ▐ Understanding GenAI applications ▐ Identifying potential risks associated with GenAI applications ▐ Learning how to mitigate GenAI risks effectively Syllabus Summary SECTION 1: GenAI, Large Language Models (LLMs), and Security Risks SECTION 2: Securing GenAI Applications SECTION 3: MLSecOps and Securing GenAI Applications Lifecycle You Will Be Able To ▐ Understand key concepts and terminologies: Gain a deep understanding of GenAI, LLM architectures, and their application in real-world scenarios ▐ Explore various models and tools: Examine the types of models and tools available for building and deploying GenAI applications ▐ Explore fine-tuning and customization: Learn how to fine-tune and customize models for specific use cases ▐ Assess risks and mitigation strategies: Identify security risks unique to GenAI applications and explore effective mitigation techniques ▐ Secure RAG, embeddings, and vector databases: Understand Retrieval-Augmented Generation (RAG), Embeddings, and VectorDB, and how to securely configure different components ▐ Explore operations and security controls: Explore the operational aspects of building and deploying GenAI applications and learn about the relevant security controls ▐ Compare hosting options: Understand the various GenAI hosting options and their differences from a security perspective ▐ Leverage cloud security controls: Learn about the security controls offered by cloud providers for LLM hosting services ▐ Explore GenAI adjacent technologies: Examine technologies such as LangChain and agents, and understand the security risks they introduce ▐ Integrate GenAI into security frameworks: Learn how to build or integrate GenAI security practices into existing organizational security frameworks Who Should Attend ▐ Application security engineers ▐ Cloud security engineers ▐ SOC analysts, incident handlers, and threat intelligence professionals ▐ Security professionals ▐ Security auditors, compliance, and risk managers For detailed course description, visit SANS.ORG/SEC545 WAYS TO TAKE SEC545 Live Online In-Person FEATURED NEW COURSE SEC545: GenAI and LLM Application Security™ Ahmed Abugharbia Course Author
