Whether you are an auditor, software developer, IT professional, a security professional, or an executive who wants to know more about cloud security, this class is for you. On each day, we dive into different aspects of cloud security from managing security as a whole for an organization to specific cloud security services, architecture best practices, and configuration. The class covers AWS, Azure, and Google Cloud Platform security plus some SAAS, micro-services, and hybrid cloud architecture. You'll get a reinforcement of basic security knowledge and best practices along the way but in the context of how they apply to cloud.
How to sign up
Cloud Security Instructor
, your class instructor, specializes in cloud security. She introduced cloud security concepts through her SANS whitepapers, presentations, and blog posts and has helped multiple companies move to the cloud, including Capital One and companies where she architected secure solutions and oversaw the migration. She can tell you what went right - and what didn't work out so well. She now offers cloud penetration testing, assessments, audit assistance, and training through her company 2nd Sight Lab
. Her security certifications include GSE, GXPN, GCIH, GPEN, GCIA, GCPM, GCCC, GSEC, and GREM
. She also has a Master of Software Engineering and a Master of Security Engineering. She speaks at conferences around the world like RSA, AWS re:Invent, AWS re:Inforce, BSides Seattle and Vancouver, ServerlessDays London, IANS security forums, and will be speaking at ISACA Congress in Quebec City and OWASP AppSec Day in Melbourne, Australia. She has a book in progress called Cybersecurity for Executives
on her blog
. You can follow her on Twitter @teriradichel
Cloud Security Labs
This class has hands-on labs
. If you don't like running scripts and typing in web consoles then you can follow along anyway, but the labs are a good portion of the class, along with some lecture. The labs work for varying levels of experience, so if you're a beginner or familiar with DevOps, it's OK! You will need to bring a laptop with the ability to connect to wi-fi in the classroom and your own cloud accounts
. You'll be provided instructions to set up accounts a few weeks in advance. You need to set up your accounts at least one week before class so we can prepare to provide you the materials for class. We suggest you create new accounts and do not use production accounts! Shared accounts and non-admin accounts may not be able to do all steps in every lab, but you'll still learn a lot.
Day 1: Cloud Security Strategy
Introduction to AWS, Azure, GCP, and automation.
On day one, we set up the lab environments in AWS, Azure, and GCP and do some security automation. If you haven't used all three platforms before it's a good idea to start here. You'll also learn about costs and budgeting. If you already are familiar with the basics, we have some more advanced tasks along with the basic setup.
Governance, Risk, and Compliance (GRC).
Security is a lot more than turning on cloud services! On this first day, we also cover GRC - Governance, Risk, and Compliance - but hopefully not in a boring, dry way. All it takes is one mistake in your environment to let the bad guys infiltrate your systems and network. Find out how to manage this risk and compliance to prevent mistakes like open S3 buckets and other configuration errors.
Top cloud threats.
How is someone going to break into your cloud? What do you really need to be worried about based on what's happening to other companies in the industry?
Overview of Cloud Security Services.
You'll get an overview of the cloud services available and an updated version of my chart comparing cloud security services on AWS, Azure, and GCP
Networking, Networking, and more Networking! Day two is a full day of networking. Network security is so critical in the cloud because everything connects to everything. Your network can either be the source of Internet attacks, or a strategic way to reduce your attack surface and "pivoting" in your account. Proper network design can also help you spot attacks more effectively. What's the best way to connect from your on-premises environment to the cloud? What options does each cloud offer? How about SAAS applications connecting from everywhere - what can you do about that? Get real-world, hands-on experience with cloud networking services and monitoring tools. Learn to decipher what's going on in your cloud network logs.
Day 3: Data and Application Security
Data Security: Find out what options the cloud platforms offer in terms of data security. Learn about different types of encryption and encryption services in transit and at rest, PKI, IOT options, HSMs. Learn the pros and cons of managing your own keys versus using the services provided by the cloud platform. Use encryption to protect your data wherever it is stored - on disks, in new types of cloud storage like S3 buckets, and databases hosted in the cloud. Leveraging DLP (data loss prevention) tools to protect your data. Learn how to protect and rotate secrets and SSL certificates - so they don't take down your applications when you forgot they were about to expire!
Application Security and Monitoring: Learn how to manage your virtual machines securely - things like patching in a new cloudy way. Of course, we must cover containers and serverless technologies, along with related threats and benefits. Learn about some of the cloud vendor tools and options. We'll talk about API, IOT, and application storage security. We briefly cover application security basics like the OWASP top 10 (not complete coverage as that alone could be a five-day class), but application security is still critically important in the cloud and a primary attack vector. We'll also cover things the many types of logging available to monitor your application security. Learn about different types of agents and monitoring that can help you with vulnerability assessments and monitoring for top cloud threats.
Day 4: IAM, DevOps, and Multi-Cloud
IAM: Stolen credentials is one of your most significant risks in the cloud. On day four, we look at how you can better protect your account with IAM policies, MFA, and other strategies like segregation of duties. We cover IAM from multi-cloud and multi-account perspectives as well since so many companies are moving to a multi-cloud environment. Your IAM strategies are critical for balancing security and innovation when creating your cloud access model. We also cover IAM in a micro-services environment.
DevOps: On day one, we covered what security is from an organizational perspective at its core - GRC. On Day four, we get into the nuts and bolts of how you can implement GRC in the cloud by leveraging your DevOps pipeline and security automation. We want to get security into the flow of how developers work to prevent problems in advance but still let people get things done, and catch them in an automated fashion after the fact.
Multi-Cloud: We'll also cover some strategies for multi-cloud deployments and multi-cloud security tools.
Day five is a culmination of everything you've learned! We'll put some of these concepts into practice.
Disaster Recovery and Business Continuity:
Now that you understand cloud architectures, tools, deployments, and automation, we can talk about exciting new ways to handle DR and BCP.
Architecture and Threat Modeling:
Put all the pieces together in an exercise designed to use all the cloud services based on the information you learned in days one through four to prevent a data breach.
Pentesting and Assessments:
Using the information you learned about best practices for cloud security on prior days and application security issues, we'll do a cloud security assessment
. Next you'll learn the fundamentals of cloud penetration testing
and apply them to the cloud.
Using all the information you learned on prior days - how the cloud platforms work, what attackers do, and how to review logs, we'll look at an incident and try to decipher what happened! Learn the essential steps of incident handling and some incident handling tools you can use in the cloud.
Cloud Security Certification
If you are interested in cloud security certification this class will help you prepare for a number of different certifications. Of course, with any certification, you will still need to study the specific material for that specific test. We'll cover all the general knowledge you need and point you in the right direction to better your chances for certification if that is one of your objectives. We're also considering writing a certification test. Let us know if you are interested when you register for the class!
2nd Sight Lab offers this class in the following formats all over the world:
Invitation-only classes include students from different organizations. If you would like to get on the waiting list contact Teri Radichel. When a spot becomes available you will receive an invitation and an invoice to pay for the class. Your spot is not reserved until the invoice is paid. Fees are non-refundable because we have to pay for the room, food, class materials, visa, etc. in advance. You can transfer the class to another person. In the event the class is not held for some reason all fees are refundable.
November 11-15 in Melbourne, Australia
to join waiting list if there's extra space in these or future classes.
2nd Sight Lab can come on site and teach this class to a single organization. We only do this in person. We require a minimum number of students.
on LinkedIn to schedule a class for your organization.
If an organization cannot meet the mimimum number of students and payment for the full class in advance, the organization can make an up front non-refundable sponsorship payment and 2nd Sight Lab will host an invitation-only class near your location. 2nd Sight Lab will arrange the facilities. The organization can commit to a smaller number of students and 2nd Sight Lab will invite others to fill the class. Please note that 2nd Sight Lab collects all class payments directly and students must sign an agreement directly with 2nd Sight Lab in this case.