While cloud networks are software-defined, network isolation remains highly relevant. SEC549 shifted focus away from basic Virtual Private Clouds (VPCs) toward advanced hub-and-spoke topologies.
Certification costs $999 USD in addition to course tuition, with recertification requiring 30 Continuing Professional Education (CPE) credits every four years.
All network traffic must be encrypted using secure protocols (TLS 1.3). The course covers the deployment of internal Service Meshes to handle mutual TLS (mTLS) between microservices, ensuring that even internal lateral traffic is fully encrypted and authenticated. 3. Data in Use
The course teaches architects how to normalize security controls across different cloud service providers (CSPs). It covers how to map AWS Security Groups to Azure Network Security Groups, reconcile identity models across disparate providers, and implement unified Cloud Security Posture Management (CSPM) platforms for single-pane-of-glass visibility. Security Layer AWS Component Azure Component GCP Component SEC549 Architectural Focus AWS IAM / Organizations Entra ID / Management Groups Cloud IAM / Resource Manager Unified federated control plane Encryption AWS KMS / CloudHSM Azure Key Vault / Managed HSM Cloud KMS / Cloud HSM Envelope encryption & rotation Networking VPC Traffic Mirroring / Transit Gateway Azure Virtual WAN / Firewall Cloud VPC / Cloud NAT Microsegmentation & egress control Logging CloudTrail / CloudWatch Azure Monitor / Log Analytics Cloud Logging / Cloud Monitoring Centralized SIEM/SOAR ingestion 4. Preparing for the Course and Certification sans sec 549 2021
Configuring secure single sign-on (SSO) across complex, multi-tenant cloud ecosystems.
: Security Architects, Solutions Architects, and Security Engineers tasked with designing enterprise-wide cloud footprints.
To prove mastery of these skills, students typically sit for the certification. This certification focuses on the practical application of the skills learned, emphasizing the ability to design secure systems rather than just identifying vulnerabilities. Why Choose SEC549 (2021–2022 Updates) All network traffic must be encrypted using secure
Centralizing network inspection points for cross-account and hybrid-cloud traffic.
: Students observe "anti-patterns" (flawed architectural designs) and must correct them to match best practices.
The answer is a qualified , with one caveat. Data in Use The course teaches architects how
Pricing for the course starts at approximately , with the GCAD certification exam costing an additional $999 USD . Prices exclude applicable local taxes.
In April 2021, The Register reported that the SANS Institute had significantly expanded its cloud-focused security course lineup. Six new courses were launched, with a seventh in beta—bringing the total cloud security curriculum to twelve offerings spanning foundational topics to deep dives into specific technologies. The expansion was a direct response to a pressing reality: more enterprise computing was moving to the cloud than ever before, making cloud environments an ever-growing target for cyber attackers.
The course features approximately 35 design-focused labs that use real-world case studies to illustrate secure architectural patterns.