Cloud Security Hands On (CCSK-Plus)

This course provides a solid foundation in cloud security, and includes a full day of hands-on labs to apply the principles in practice. It also includes new, expanded material for advanced students. We cover all the material needed to pass the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) exam, but add a pragmatic approach to immediate kick start your cloud security projects.

We also add expanded material to show you how to take cloud security to the next level by leveraging DevOps techniques and the characteristics of the cloud.

The class intermingles lecture and labs, with 6 lecture modules that cover the 14 domains of the CSA Guidance and 5 lab modules. The material is expanded to show the theory working in practice.

map[class:max-h-64 w-auto object-contain src:images/services/desk-and-chair.png]

The Course Modules

Module 1: Introduction to Cloud Computing

Covers the fundamentals of cloud computing, including definitions, architectures, and the role of virtualization. Key topics include cloud computing service models, delivery models, fundamental characteristics, and a model for assessing the risk of moving to the cloud.

Module 2: Securing Cloud Infrastructure

Digs into the details of the different cloud delivery models and their basic security issues. Students learn the differences between security responsibilities for SaaS, PaaS, and IaaS, and key questions to ask a potential provider. Includes recommendations for both public and private cloud.

Module 3: Managing Cloud Security and Risk

Covers risk assessment and governance, legal and compliance issues such as discovery requirements in the cloud, portability and interoperability, and managing incident response when working with cloud providers.

Module 4: Securing Cloud Data

Covers information lifecycle management for the cloud and how to apply security controls. Topics include the Data Security Lifecycle, cloud storage models, data security issues with different delivery models, and managing encryption in and for the cloud.

Module 5: Securing Cloud Users and Applications

Covers identity management and application security for cloud deployments. Topics include federated identity and different IAM applications, secure development, and managing application security in and for the cloud.

Module 6: Selecting and Working with Cloud Providers

Reviews the key questions and considerations when selecting a cloud provider, and how to work with them over time. This includes both cloud computing providers and Security as a Service providers.

Module 7: Hands-On Scenario

Students apply their knowledge performing a series of exercises to bring a fictional organization securely into the cloud. This second day of training includes additional lecture, with most time spent assessing, building, and securing a cloud infrastructure.

Note

All labs use Amazon Web Services, and students will need to have an AWS account (instructions are sent before class) AND A LAPTOP. We do include demonstrations of some other major cloud platforms, such as Microsoft Azure, but all exercises are restricted to AWS. The course is designed to appeal to a wide range of skill levels, but we highly recommend a solid security foundation and, for the labs, experience making SSH connections. While most of the labs occur in a web browser, you will need to connect to Linux cloud servers and copy and paste a handful of command lines.

Lab Exercises

Exercise 1: Introduction and Risk Analysis

Students will be introduced to the day's scenario and build a threat model for migrating to the cloud.

Exercise 2: Create and Secure a Public Cloud Instance

Students will secure their root account and then create a basic cloud instance on a public cloud infrastructure and establish a security baseline. Topics include root account security, creating an AWS instance, establishing network security, and understanding machine images.

Exercise 3: Encrypt Cloud Data

Students will dive into cloud storage options and learn the basics to encrypt data for their public cloud deployment.

Exercise 4: Create and Secure a Cloud Application

Students will secure their first public application for the cloud, following best practices such as cloud monitoring and logging, architecting their cloud application stack, and managing appropriate network security.

Exercise 5: Identity Management for the Cloud

Students will configure AWS IAM and then create a basic federated identity infrastructure to support their cloud application and learn additional details on standards like SAML and OAuth.

Advanced Exercises

  • Building dynamic security alerts in AWS
  • Understanding and securing VPCs
  • Writing intermediate Amazon IAM policies

Course Logistics

Who Should Take This Course

Security professionals who need to understand cloud computing security.

Student Requirements

A basic understanding of security fundamentals — you should know most of the following: IAM, federated identity, hypervisor, SSH, key management, SDLC, IDS, and DLP. We also highly recommend knowing how to use SSH and basic command-line comfort, as you will be connecting to Linux instances.

What Students Should Bring

A laptop and an active Amazon Web Services account (instructions will be provided).

What Students Will Be Provided With

Electronic training materials.