Skip to content


Title Description
Data Protection These set of workshops demonstrate concepts of Data protection using services such as AWS KMS and AWS Certificate manager. You will learn about server side encryption, client side encryption - with and without data key caching and how AWS private certificate authority can be used to create private certificates for private domains or devices.
Detection with Machine Learning This workshop shows how you can use an IP-based machine learning algorithm with Amazon SageMaker to augment and enrich findings from AWS Security services such as Amazon GuardDuty. You'll learn how to load the notebook in SageMaker, train the model, and score findings to determine abnormality of the activity.
Identity Round Robin "Identity Round Robin" is a collection of identity workshops covering a range of identity and access management topics. Each workshop can be done separately and there is no dependency between the workshops. These topics cover identity in general, not just the AWS IAM service. To that end you will find coverage for platform identity, application identity and infrastructure identity on AWS. Some of the services covered include AWS IAM, AWS CloudTrail, Amazon CloudWatch Events, Amazon S3, AWS Lambda, Amazon Macie, Amazon Inspector AWS Security Hub and Amazon GuardDuty. Each round (workshop) is 2 hours long with 30 minutes devoted to a presentation and 1.5 hours of hands on work.
  • Level: 300
  • Duration: Each round is a separate workshop and takes 2 hours: Serverless, External Security Services and Permissions boundaries
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
Scaling threat detection and response on AWS This hands-on workshop is where you will learn about a number of AWS services involved with threat detection and response as we walk through real-world threat scenarios. Learn about the threat detection capabilities of Amazon GuardDuty, Amazon Macie and AWS Security Hub and the available response options. For each hands-on scenario, we review methods to detect and respond to threats using the following services: AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch Events, Amazon Macie, AWS Lambda, Amazon Inspector, Amazon GuardDuty and Amazon Security Hub.
  • Level: 300
  • Duration: 2 - 3 hours
  • NIST CSF Functions: Detect and Respond
  • CAF Components: Detective, Responsive