Black Hat West Coast Trainings Home Black Hat West Coast Trainings Home Black Hat West Coast Trainings Registration Black Hat West Coast Trainings Registration Black Hat West Coast Training Black Hat West Coast Trainings Summit Black Hat West Coast Trainings Schedule Black Hat West Coast Trainings Schedule Black Hat West Coast Trainings Sponsors Black Hat West Coast Trainings Sponsors Black Hat West Coast Trainings Venue Black Hat West Coast Trainings Venue

On This Page

Cloud Security Plus (CCSK-Plus)

Rich Mogull | December 9-10 & December 11-12



Ends Oct 24
11:59PM EST



Ends Dec 5
11:59PM EST



Ends Dec 12


This course provides a solid foundation in cloud security, and includes a full day of hands-on labs to apply the principles in practice. We cover all the material needed to pass the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) exam, but add a pragmatic approach to immediate kick start your cloud security projects. For Black Hat we also add expanded material to show you how to take cloud security to the next level by leveraging DevOps techniques and the characteristics of the cloud.

The course is designed to appeal to a wide range of skill levels, but we highly recommend a solid security foundation and, for the labs, experience making SSH connections. While most of the labs occur in a web browser, you will need to connect to Linux cloud servers and copy and paste a handful of command lines.

The first day of the class is all lecture, with 6 modules that cover the 14 domains of the CSA Guidance. The material is expanded to show the theory working in practice.

The modules are:

Day 2- The second day of CCSK Plus training includes expanded material and extensive hands-on activities. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud. This second day of training includes additional lecture, although student¹s will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.

Course Outline:

What Makes Your Course Unique?

This course meets the Cloud Security Alliance CCSK Plus requirements, which were developed by Securosis. For Black Hat we build upon the base course with the inclusion of advanced material that is not taught anyplace else.

Who Should Take This Course

Security professionals who need to understand cloud computing security.

Student Requirements

A basic understanding of security fundamentals. You should know what most or all of the following terms mean: IAM, federated identity, hypervisor, SSH, key management, SDLC, IDS, and DLP. We cover more, but if you know most of those, you are ready. We also highly recommend you know how to use SSH and aren't afraid of entering a few pre-scripted commands into a terminal since we will be connecting to Linux instances.

What Students Should Bring

A laptop with wireless connectivity. Preferably a 64-bit processor with a minimum of 4 MB of RAM (students can still use less powerful laptops if needed). Students will also need to create an Amazon Web Services account prior to the start of class (instructions will be provided).

What Students Will Be Provided With

Training Materials


Rich Mogull, Analyst & CEO Rich has twenty years experience in information security, physical security, and risk management. He specializes in cloud security, data security, emerging security technologies, and security management. Rich is the primary developer of the Cloud Security Alliance CCSK training program. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading, and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).