SANS SEC595 Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Created in January 31, 2026

2026   ·   notes   learning

I took my first SANS course at SANS Fire in DC in the summer of 2017. The course was SEC 542 with Seth Misenar, who was great. I had no idea what I was doing. I learned a lot and passed the GWAPT that December. Since then I’ve finished their master’s program and the cloud security certificate, been a part of the work-study program, and had an org leader that saw the value in these courses and somehow found the budget for me to keep taking them. I’ve also taken SEC 660 Advanced Penetration Testing, Exploit Writing, and Ethical Hacking, and 610 Reverse-Engineering Malware courses.

SEC 595 was my 26th SANS course and by far the hardest and most dense material. The course author, David Hoelzer, tries to warn you of this in the intro in the on-demand videos. However, I will say, like other tough SANS courses, I learned an incredible amount. If you are hoping this course will teach you how to make your own general LLM, you are taking the wrong course. The course attempts to sit in the middle between teaching you the how and why of AI and machine learning (the math), how you would actually accomplish it with hands-on labs (lots of Python), and applying these concepts to information security.

I would highly recommend taking the prerequisites for this course seriously. There is a LOT of Python. I had taken the SEC 573 course on Python back in late 2019 with the exam in early 2020. It had “been a minute” as the youth say, for Python and me. After struggling through the labs a bit, it started to come back. Not so much the concepts but the syntax. I frequently knew what I needed to do; I just didn’t know how.

The course is a full 6 days. Day 1 is focused on a very common, overlooked step. How do you get the data you need to be able to accomplish your goal. Day 2 is the heaviest math day, focusing on statistics and really cleaning your data. Another thing that is overlooked. Day 3 is really classical machine learning. Much of this will be the foundation for the remaining days. Day 4 is the fundamentals of deep learning and neural networks. Day 5 is Convolutional Neural Networks and Autoencoders. The last day is focused on more advanced topics that you might leverage in the future as well as getting started on how to deploy all the work you did in production.

If this seems like a lot, it is because it is. However, if you can stick it out and spend the time, you really can learn how to apply all of this to information security problems. I’ve also been going through some of the DeepLearning.AI Coursera courses just to get a different perspective, and 595 does a really great job explaining the underlying math. Better than some of the DeepLearning.AI courses.

I know some of you are thinking, enough of all that, how difficult was the exam? The course books for this course were a little different. Days 1-6 were actually quite small compared to other SANS courses. Book 1 was 110 pages, the largest, and Book 6 was the smallest at 60 pages. It does come with 2 very large workbooks. The practice exams were very representative of the actual exam. Having a strong index will help, but something I did differently for this exam was to create a math index and a Python cheat sheet. Anytime I saw a formula in the books, I wrote it down in my math index. The Python index was just so I could quickly find different pieces of code throughout the course. I’m pleased to say I passed with a 94%.

GMLE

I will say this course, out of all the other courses I’ve taken, I feel like I’m just getting started in this space. Not only that, but I felt like I could have reviewed this material for several months and still be picking little things up. I plan on continuing to take more of the DeepLearning.AI courses on Coursera and applying this knowledge in my day-to-day. Overall, I would say if you really, really want to get your feet wet in this space with practical use cases, this is a great course. Just be prepared; it is a steep mountain to climb.

I have one more elective left for my Incident Response graduate certificate that I will start in the next few months. Looking forward to finishing this program.

If you are interested of applying to the SANS EDU program, feel free to reach out with any questions and I also have a referral code that removes the entrace fees. Happy to chat!