Part of the Cloud Security Alliance CCSK Suite
Learn to embrace cloud and build secure and resilient applications and infrastructure that blow away what you can do in traditional environments. This advanced training program covers cutting-edge techniques for building secure cloud deployments, from networking and identity management through application security and serverless architectures. This two day training is predominantly hands-on labs as we build out a secure cloud environment and cloud-native application architecture, then create a deployment pipeline with integrated security testing. We finish with security automation and a live fire incident response exercise. All labs are in Amazon Web Services but we also discuss the implementation differences for Azure and Google Compute Platform.
Real-world cloud security is most definitely not business as usual. The fundamental abstraction and automation used to build cloud platforms upends much of how we implement security. The same principles may apply, but how they apply is dramatically different, especially at enterprise scale.
This highly technical course expands the basics of our Cloud Security Hands on Training and delves deep into practical cloud security and applied DevSecOps for enterprise-scale cloud deployments. It focuses completely on Infrastructure and Platform as a Service, and will not cover Software as a Service. The training is technical and will not cover policies, risk, or governance issues except as they come up in passing.
We begin on day one with an in-depth discussion of cloud platform technologies; giving you a look into how the services are built and managed, and the security implications. We will then quickly start building out a landing zone in Amazon Web Services and a multi-account sandbox environment and deploying security controls.
Day two shifts gears to focus on designing secure architectures, integrate with DevOps, and build your own DevSecOps toolkit for managing cloud security at scale:
The content includes:
All labs will be in Amazon Web Services, with some demonstrations and integrations with Microsoft Azure. All labs can be completed outside of class for students unable to keep up with the rapid pace of the training.
Programming labs will use Python. Text snippets will be provided so students don’t need to code from scratch, but students without Python skills may be limited to using only the provided snippets.
WHO SHOULD TAKE THIS COURSE
Technical security professionals wanting to expand their hands on knowledge of cloud security and DevSecOps at enterprise scale. Non-technical professionals are welcome to attend and absorb the information but need to understand they will not be able to complete the labs and the instructors will not be able to adjust the pace of the training.
Students should have experience with at least one public cloud provider (Ideally AWS) and hands-on experience configuring virtual networks, launching and managing basic instances/services, and navigating cloud management consoles that may not match screenshots due to the rapid rate of cloud provider changes (Amazon has changed entire service interfaces in the middle of training in the past). They should also be comfortable with the command line and basic bash scripting. Python experience is strongly encouraged for the best experience.
WHAT STUDENTS SHOULD BRING
A laptop with SSH and wireless connectivity and their pre-class assessment token. Students MUST sign up for Amazon Web Services before training begins, and bring their credentials and keys.
WHAT WILL BE PROVIDED
Electronic training materials
Rich Mogull – With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum.