Skip to content

Workshops

Identity

Title Description
Access Delegation In this workshop you will learn how to use Amazon IAM to delegate access to these services to AWS Security Administrators and AWS Security Operators. AWS Security Administrators require full access to AWS security services while AWS Security Operators only require "read only" access to the services. You will use AWS IAM roles to do this and thereby promote the Principle of Least Privilege - giving users the minimum level of privilege they need to do their tasks.
  • Level: 200
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
AWS Identity: Using Amazon Cognito for serverless consumer apps In this workshop, you learn how to build a serverless customer-facing microservices application demonstrating end-to-end authentication and authorization using Amazon Cognito, Amazon API Gateway, AWS Lambda, and all things AWS Identity and Access Management (IAM). You have the opportunity to build an end-to-end functional app with a secure identity provider showcasing user authentication patterns.
  • Level: 400
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
Infrastructure Identity in AWS This workshop is designed to help you get familiar with AWS Security services and learn how to use them to securely administer systems in your environment. You'll be working with services such as AWS Systems Manager Session Manager, Amazon EC2 Instance Connect, and AWS Identity and Access Management. You will learn how to use these services to securely connect and administer your Amazon EC2 Instances as well as systems on-premises, you will setup tagged based access, and configure logging which will enable auditing of administrative activities and improve the security posture of your environment.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect, Detect
  • CAF Components: Preventive, Detective
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
Permissions boundaries: how to delegate permissions on AWS In this workshop, you learn how to secure access permissions for multiple teams operating in a single AWS account. We provide an example three-tier web application running in production, and you practice delegating permissions to web administrators so they can modify only their own resources without impacting the permissions needed to do their job.All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services.
  • Level: 400
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
Serverless Identity In this workshop you will be focused on improving the identity controls of the a serverless application. You will get exposed to different identity concepts through the use of a variety of services such as AWS IAM, Amazon S3, Amazon CloudFront, and Amazon Cognito. Upon completion you should have a better idea of how to use native AWS identity controls to improve the security posture of a serverless application.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers

Data Protection

Title Description
Data Protection These set of workshops demonstrate concepts of Data protection using services such as AWS KMS and AWS Certificate manager. You will learn about server side encryption, client side encryption - with and without data key caching and how AWS private certificate authority can be used to create private certificates for private domains or devices.
  • Personas: Data Protection Analyst, Security analysts and Security operations engineers.

Infrastructure Security

Title Description
Amazon VPC Endpoint Workshop In this workshop, you will learn how to leverage VPC Endpoints to privately connect your VPC to supported AWS services and use network and IAM based security configurations to restrict access to your AWS resources and data.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventative
  • Personas: Security analysts, Security operations engineers and Network administrators.
Build a Vulnerability Management Program Using AWS for AWS In this workshop we start by guiding you through tagging your resources and maintaining an asset inventory for visibility and governance purposes with AWS Tags and Systems Manager (SSM). We then build an Amazon Machine Image (AMI) baking pipeline, harden the AMI with AWS SSM and install the Amazon Inspector agent. Within the pipeline we look for vulnerabilities and apply patches before promoting the AMI for use by an application. Next we construct a continuous detection framework to detect change in state of security or detection of vulnerabilities using Amazon Inspector and AWS SSM’s Patch Manager. Finally we put all these pieces together to manage your Amazon EC2 fleet at scale.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Identify, Protect, Detect, Respond, Recover
  • CAF Components: Detective, Responsive
  • Personas: Security analysts and Security operations engineers
Finding and addressing Network Misconfigurations on AWS In this workshop you will learn how to use the Amazon Inspector Network Reachability report to validate your network configuration without needing a deep background in networking. You will use this report to find misconfigurations that may result in unintended behaviors and unexpected vulnerabilities. You will finish the workshop by remediating these vulnerabilities by integrating the findings of Amazon Inspector with other AWS services.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Detect, Respond
  • CAF Components: Detective, Responsive
  • Personas: Network administrators, Security analysts and Security operations engineers.
Protecting workloads on AWS from the instance to the edge Your mission in this workshop is to use AWS Web Application Firewall (WAF), Inspector and Amazon Systems Manager to help build an effective set of controls around your AWS workloads. You will learn to use AWS WAF to mitigate common attack vectors against web applications such as SQL injection and Cross Site Scripting. You will also learn how to use Amazon Inspector and Amazon Systems Manager to automate security assessments and operational tasks such as patching and configuration management across your EC2 fleet.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Security analysts, Security operations engineers and Network administrators

Detection and Response

Title Description
Detection with Machine Learning This workshop shows how you can use an IP-based machine learning algorithm with Amazon SageMaker to augment and enrich findings from AWS Security services such as Amazon GuardDuty. You'll learn how to load the notebook in SageMaker, train the model, and score findings to determine abnormality of the activity.
  • Personas: Incident responders, Security analysts and Security operations engineers
Integration, Prioritization, and Response with AWS Security Hub Overview This workshop is designed to get you familiar with AWS Security Hub so that you can better understand how you would use it in your own AWS environment(s). This workshop is broken into two sections. The first section will guide you through a demonstration of the features and functions of Security Hub. The second section will show you how to use Security Hub to import findings from different data sources, analyze findings so you can prioritize response work, and implement responses to findings to help improve your security posture.
  • Level: 300
  • Duration: 2 - 3 hours
  • NIST CSF Functions: Detect and Respond
  • CAF Components: Detective, Responsive
  • Personas: Incident responders, Security analysts and Security operations engineers
Scaling threat detection and response on AWS This hands-on workshop is where you will learn about a number of AWS services involved with threat detection and response as we walk through real-world threat scenarios. Learn about the threat detection capabilities of Amazon GuardDuty, Amazon Macie and AWS Security Hub and the available response options. For each hands-on scenario, we review methods to detect and respond to threats using the following services: AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch Events, Amazon Macie, AWS Lambda, Amazon Inspector, Amazon GuardDuty and Amazon Security Hub.
  • Level: 300
  • Duration: 2 - 3 hours
  • NIST CSF Functions: Detect and Respond
  • CAF Components: Detective, Responsive
  • Personas: Incident responders, Security analysts and Security operations engineers

DevSecOps

Title Description
DevSecOps: Integrating security into pipelines In this workshop, you practice running an environment with a test and production deployment pipeline. Along the way, we cover topics such as static code analysis, dynamic infrastructure review, and workflow types. You also learn how to update your process in response to security events. As an example, we write new AWS Lambda functions, aligned with controls, to automate security at scale.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Security analysts and Security operations engineers