CURRICULUM: Cloud Security 3 Day Course 18 CPEs 11 Labs SEC545 training focuses on understanding the security risks associated with Generative AI (GenAI) applications and implementing security controls throughout their lifecycle— from development to hosting and deployment. The course begins with an introduction to core GenAI concepts, covering popular tools and vendors. It then explores specific topics such as large language models (LLMs), agents/Agentic AI, MCP, retrieval-augmented generation (RAG), and best practices for hosting GenAI applications. Security controls and risk mitigation strategies are examined at each stage. The course concludes with guidance on establishing a GenAI security practice or integrating it into existing security frameworks. The course begins with an introduction to the fundamentals of GenAI, covering key concepts and terminologies such as Large Language Models (LLMs), embeddings, and Retrieval- Augmented Generation (RAG). It then examines the security risks associated with GenAI, including prompt injection attacks, malicious models, and third-party supply chain vulnerabilities. Following this, the course dives into the essential components needed to build a GenAI application, including coverage of vector databases, LangChain, AI agents, and MCP. The course concludes with a comprehensive overview of hosting GenAI applications, discussing options for local deployment, cloud solutions, and platforms like AWS Bedrock. Business Takeaways ▐ Understand GenAI applications ▐ Identify potential risks associated with GenAI applications ▐ Learn how to mitigate GenAI risks effectively Syllabus Summary SECTION 1: GenAI, Large Language Models (LLMs), and Security Risks SECTION 2: Securing GenAI Applications SECTION 3: MLSecOps and Securing GenAI Applications Lifecycle You Will Be Able To ▐ Understand key concepts and terminologies—Gain a deep understanding of GenAI, LLM architectures, and their application in real-world scenarios. ▐ Explore various models and tools—Examine the types of models and tools available for building and deploying GenAI applications. ▐ Explore fine-tuning and customization—Learn how to fine-tune and customize models for specific use cases. ▐ Assess risks and mitigation strategies—Identify security risks unique to GenAI applications and explore effective mitigation techniques. ▐ Secure RAG, embeddings, and vector databases— Understand Retrieval-Augmented Generation (RAG), Embeddings, and VectorDB, and how to securely configure different components. ▐ Explore operations and security controls—Explore the operational aspects of building and deploying GenAI applications and learn about the relevant security controls. ▐ Compare hosting options—Understand the various GenAI hosting options and their differences from a security perspective. ▐ Leverage cloud security controls—Learn about the security controls offered by cloud providers for LLM hosting services. ▐ Explore GenAI adjacent technologies—Examine technologies such as LangChain, agents and MCP, and understand the security risks they introduce. ▐ Integrate GenAI into security frameworks—Learn how to build or integrate GenAI security practices into existing organizational security frameworks. Who Should Attend ▐ Application security engineers ▐ Cloud security engineers ▐ SOC analysts, incident handlers, and threat intelligence professionals ▐ Security professionals ▐ Security auditors, compliance, and risk managers For detailed course description, visit SANS.ORG/SEC545 WAYS TO TAKE SEC545 Live Online In-Person FEATURED NEW COURSE SEC545: GenAI and LLM Application Security™ Ahmed Abugharbia Course Author
