Sans Cloud ACE

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search


SANS Cloud ACE is an initiative that offers a variety of training and courses to educate and further train cloud security experts. According to the SANS Institute, the ongoing transition and increased use of cloud services by companies is leading to a significant increase in the need for cloud security specific professionals, for whose training the institute’s initiative should help. [1]

SANS Institute

SANS is a leading institution for education and training in the field of IT security. The acronym SANS stands for SysAdmin, Audit, Network and Security.[2] The organization was founded in 1989 and is the world’s largest source of IT security training and certification according to its own claims. [3]
SANS offers various methods to deliver the course content for every required level, including degree programs, certificates, and training. Some of the subfields include “Digital Forensics and Incident Response”, “Cyber Defense and Blue Team Operations”, and “Cloud Security”. These courses are led by experienced industry experts. Training events in various cities are also part of the SANS offerings. A dedicated blog, newsletter, and podcasts provide the opportunity to stay up-to-date on the latest security topics. [4]
Depending on the specific subfield of IT security, SANS offers various programs in the form of a series of online courses for in-depth knowledge. One of these programs is SANS Cloud ACE. [5]

Topics and Contents

Participation in the SANS Cloud ACE Program is chargeable, and therefore not all learning content is freely accessible. However, there is a variety of videos of recorded workshops available on YouTube. These workshops usually last between 20 minutes and an hour and cover various topics related to cloud security. The workshops are designed in a practical way. They do not focus on a specific security risk in the field of cloud computing, but rather on the handling of one of the three cloud security providers, Amazon Web Services, Google Cloud, and Microsoft Azure. In general, the content focuses more on general precautions and misconfigurations of the three most famous cloud service providers. [6]
The speakers are security specialists who are supposed to pass on the knowledge they have acquired through their previous professional experience to the participants. Their workshops are often held online so that people from all over the world can participate regardless of their location. Generally, the presentation always consists of a series of slides summarizing the core elements of the course content. Another characteristic is that many workshops not only convey theory but also practical exercises for the participants so that they can apply what they have learned and consolidate their knowledge. Slack is often used as a messenger service for asking questions during the workshop. The speakers are cooperative and apparently motivated to answer participants’ questions. [7]
Outside of the workshops, SANS also offers podcasts and blogs on cloud security for interested parties, where you can follow regular updates on the latest developments in cloud security. [8]


Currently, there are ten courses available for SANS Cloud ACE that are specifically designed for cloud security. These courses are listed in orange on the Flight Plan image below and are organized from basic knowledge (top) to more specific and in-depth topics (bottom). The courses are classified from basic knowledge to management on the left side of the names, and icons of different types of aircraft underline the top-to-bottom classification. This metaphorically represents that as a SANS Cloud ACE, you start as a pilot with a small plane and switch to larger planes, symbolizing an expanded knowledge of cloud security by completing more courses. The five columns to the right of the courses in the graph represent the five career orientations covered by the program. The gray circles at the intersections between the work areas and the courses indicate whether the course in the corresponding row is suitable for people in this field or individuals who wish to further their education in this area.


Some courses include a signature in the graph, each of which refers to a specific GIAC certification. GIAC stands for ‘Global Information Assurance Certification’[9] and offers the opportunity to obtain certification after completing the corresponding training. This allows course participants to demonstrate their knowledge and acquire a document with which they can prove their newly acquired knowledge to themselves and their employer. [10]

Gaining an ACE status

As the name implies, participants in the SANS Cloud ACE program have the opportunity to become a ‘Cloud ACE’. As shown in the Flight Plan, the program is divided into five more specific job categories:

  • Cloud Security Analyst: Use of cloud security solutions for defense and attack detection
  • Cloud Security Architect: Designing cloud security solutions
  • Cloud Security Engineer: Developing solutions for cloud security
  • Dev Sec Ops: Developing, implementing, and managing secure systems
  • Cloud Detection and Response: Detecting threats by monitoring and testing cloud environments

Participants in the program choose one of the five specializations according to their own job or interests. For each category, there is a journey that must be completed to obtain the title of that journey. Each journey includes three courses, selected according to the topic of the field of work. However, to be designated as a SANS Cloud ACE, one can also take only one course and obtain the corresponding GIAC certification. The target groups are people with previous knowledge in the field of IT and cloud security, but also career changers with the desire to further their education, as the program offers introductory courses on the topic. [11]