Real-world cloud security is most definitely not business as usual. The fundamental abstraction and automation used to build cloud platforms upends much of how we implement security. The same principles may apply, but *how* they apply is dramatically different, especially at enterprise scale.
This highly technical course expands off the basics of our Cloud Security Hands on Training and delves deep into practical cloud security and applied DevSecOps, which is really the only way to survive when operating in the cloud. It focuses completely on Infrastructure and Platform as a Service, and will not cover Software as a Service. The training is laser focused on technology, and *will not cover policies, risk, or governance issues* except as they come up in passing.
We begin on day one with an in-depth discussion of cloud platform technologies; giving you a look into how the services are built and managed, and the security implications, including the latest server less architectures. We will then quickly start building out a sandbox environment and deploying security controls.
Some of the topics and techniques covered will include (at a minimum):
Use of accounts for managing blast radius.
Building out advanced cloud virtual networks.
Integrating serverless for security.
Leveraging inherent cloud capabilities for network security.
Use of DNS management, auto scale groups, load balancers, and other technologies for immutable infrastructure.
Advanced Identity and Access management for cloud, including setting up SAML federation across providers.
Privileged user management, MFA, and other access essentials.
Securing PaaS and mixed IaaS/PaaS architectures.
Day two shifts gears to focus on designing secure architectures, integrate with DevOps, and build your own SecDevOps toolkit for managing cloud security at scale:
- Fundamentals of SecDevOps.
- Immutable deployments.
- Building secure deployment pipelines.
- Integrating automated security testing into deployment pipelines.
- Cloud security architectural patterns for major application types.
- Cloud data security and encryption.
- Automating continuous security monitoring and alerting using cloud native capabilities.
- Security automation through the console.
- Security automation through code.
- Scaling your security operations to hundreds (or thousands) of accounts through automation.
Most labs will be in Amazon Web Services, with some demonstrations and integrations with Microsoft Azure.
All programming labs will use Ruby. Text snippets will be provided so students don't need to code from scratch, but some knowledge is suggested.
Technical security professionals wanting to expand their hands on knowledge of cloud security and SecDevOps.
Students should have basic familiarity with at least one public cloud provider (Amazon or Azure) and hands-on experience launching and managing basic instances/services. They should also be comfortable with the command line and basic scripting.
Additionally we highly encourage students to understand basic Ruby programming for the coding portions. Code snippets will be provided, so students with experience in other languages should be able to keep up.
A laptop with SSH and wireless connectivity. Students MUST sign up for Amazon Web Services before training begins, and bring their credentials and keys.
Electronic training materials. An improved sense of self worth if they survive the training.
