Do I need a technical background?

Yes, a background in cloud engineering or security is recommended to fully benefit from this sprint.

How much time should I expect to commit each week?

Expect to commit 10–12 hours weekly, including live sessions and project work.

Are sessions recorded?

Yes, all sessions are recorded and available within 24 hours. However, participation in live sessions is encouraged for interactive components.

What is the refund policy?

Full refund within 7 days of cohort start — no questions asked.

Will I get a certificate?

Yes, you'll receive a certificate upon completion, which can be showcased on LinkedIn.

What tools will I use?

AWS Security Hub, AWS IAM Access Analyzer, CloudTrail, GuardDuty, Microsoft Sentinel, Microsoft Defender for Cloud, Entra ID, and VPC Flow Logs. Familiarity with AWS and Azure consoles is sufficient — no prior security tooling experience required.

Can I apply this knowledge immediately?

Absolutely. The skills and frameworks you'll learn are designed to be applied to your cloud infrastructure immediately.

Is there support outside of class time?

Yes, you will have access to a community forum where you can discuss challenges and solutions with peers and instructors.

Free Live Kickoff

Your cloud logs captured the breach. Your alerts didn't fire.

Join Sanjay Dhar (Cloud & AI Solutions Leader · Microsoft) for a free live session.

📅 April 19, 2026⏰ 5:30 PM PDT⏱ 60 minutes🆓 Free to Join

Sanjay Dhar

Cloud & AI Solutions Leader · Microsoft

⭐ 4.9 / 5

You have detection rules. They're not tuned for how attackers actually move.

GuardDuty, Sentinel, Security Hub — configured yes, tuned no. In 6 weeks you'll write detection rules that catch IAM role chaining and S3 exfiltration, build a Zero Trust architecture, and ship an IR playbook tested against real attack patterns.

6 WeeksLive instruction

3 ProjectsReal deliverables

30 SeatsPer cohort, capped

What You'll Learn

🗺️

Cloud Attack Surface Map

Map IAM privilege paths, exposed endpoints, and lateral movement vectors across AWS and Azure — a reusable starting point for every security review.

🔍

Detection Engineering in Microsoft Sentinel

Write custom analytics rules for real attacker TTPs — IAM role chaining, S3 exfiltration, Lambda persistence — and ship a rule library your team deploys.

🔒

Zero Trust IAM Architecture

Design a least-privilege IAM architecture across AWS and Azure with workload identity and a network segmentation plan that limits blast radius.

📋

Cloud Incident Response Playbook

Build an IR playbook against CloudTrail, Azure Activity Logs, and VPC Flow Logs — containment procedures per attack type, tested against real scenarios.

Who Is This For?

This sprint is designed for:

☁️

Cloud Engineers Running Misconfigured Security Tools

Who have GuardDuty, Sentinel, or Security Hub turned on — but haven't tuned them and don't trust the alerts they're getting.

🔧

DevSecOps Engineers Plugging Security Into CI/CD

Who own the pipeline and need detection and hardening to ship with the product, not bolt on after.

🛡️

Security Engineers Moving Into Cloud

Who know traditional security well but haven't yet built the cloud-native detection and IR muscle their new role demands.

Sprint Outline

6 weeks · 3 sessions per week

Projects You'll Ship

Leave with real work to show, not just a certificate.

Cloud Attack Surface Map

A comprehensive map of your cloud infrastructure's attack surface, identifying potential vulnerabilities and entry points. This artifact is crucial for ongoing security assessments and can be showcased in your professional portfolio.

Threat Detection Framework

A robust framework employing tools like Splunk and Azure Sentinel to detect and analyze threats in real-time. This project demonstrates your ability to implement advanced threat detection systems and is ready for use in live environments.

Incident Response Playbook

A detailed playbook outlining procedures for managing cloud security incidents. This reusable artifact is essential for any organization looking to improve their cloud incident response capabilities.

Your Instructors

Sanjay Dhar

Cloud & AI Solutions Leader · Microsoft

⭐ 4.9 / 5

Sanjay architects secure, production-ready Azure and AI solutions for enterprise customers at Microsoft, applying Cloud Adoption Framework and Well-Architected Framework across hybrid and multi-cloud environments. Before Microsoft, he spent nine years at AWS as Principal Solutions Architect and Senior Manager for Global & Strategic Accounts, driving cloud transformation for some of the world's largest organizations. He also served as VP & CTO at Veolia North America, where he led multi-cloud platform strategy and enterprise-wide data governance.

What Students Say

⭐⭐⭐⭐⭐

"The Sentinel detection rule library from Week 2 is now in production. It caught a real IAM role chaining attempt two weeks after the sprint ended."

Alex Kim

Cloud Security Engineer · Rippling

⭐⭐⭐⭐⭐

"The Zero Trust IAM architecture from Week 3 cut our blast radius analysis from days to hours. We shipped it to staging before the sprint was over."

Jamie Nguyen

DevSecOps Engineer · Figma

⭐⭐⭐⭐⭐

"We ran the IR playbook in a real incident three weeks after the sprint. The CloudTrail forensics section alone saved us two hours of manual investigation."

Morgan Lee

Security Engineer · Notion

Sprint Schedule

All sessions are instructor-led and live. Recordings available within 24 hours.

SUNDAY

9:00 AM PDT

Live Class

Dive deep into cloud security strategies and tools, with real-world case studies and interactive demos.

WEDNESDAY

6:00 PM PDT

Lab Session

Apply frameworks to your cloud setup, solve real-world challenges with peer and instructor support.

THURSDAY

6:00 PM PDT

Build & Ship

Hands-on project work, peer reviews, and feedback sessions to refine your weekly deliverables.

Frequently Asked Questions

LIVE KICKOFF

Your cloud logs captured the breach. Your alerts didn't fire.

with Sanjay Dhar · Cloud & AI Solutions Leader, Microsoft

📅 April 19, 2026

⏰ 5:30 PM PDT

⏱ 60 minutes

💻 Live on Zoom

What you'll walk away with:

✔Map a live AWS attack surface using Security Hub — find at least two misconfiguration paths.

✔Write a Sentinel detection rule for IAM role chaining and fire it against a live event stream.

✔Build a Zero Trust IAM policy that blocks lateral movement — tested live in the session.

✔Detailed preview of the 6-week sprint

🎁 Bonus for attendees:

Get "The AWS + Azure Detection Starter Kit"

12 pre-built Sentinel analytics rules for IAM abuse, S3 exfiltration, and Lambda persistence — deploy to your workspace in under 20 minutes.

Claim your free seat

Skills you can deploy on Monday morning.