Cloud Security Training

... > Training Courses > Cloud Security Training

Cloud Security Training

Many organizations are adopting cloud services to complement their production infrastructure. The number of cloud services that are offered is constantly increasing and includes options such as web servers, SQL servers, virtual machines, and office productivity tools. Many of these cloud-based resources are connected directly to an organization’s production infrastructure.

How do you address the security of your cloud infrastructure? How to ensure your security is sufficient? Learn how a hacker thinks and how you should protect your cloud environment.

Many organizations approach cloud development in a similar manner as they would to traditional IT infrastructure. With cloud-based authentication being available to the public internet, a whole new attack surface emerges. This is especially notable when cloud is used to store sensitive data that is normally protected within the boundaries of a traditional IT environment. By learning you to think as a hacker, you can avoid many pitfalls in configuring your systems in the cloud securely.

Students will also be taught different techniques to escalate their privileges in a cloud environment and finally to compromise different services within the cloud environment.

Why should you attend?

  • Understand the basics of Cloud Security and Cloud Security Architecture
  • To be able to protect your Cloud and hybrid environment
  • Address common misconfiguration and vulnerabilities
  • Learn tips and tricks from experts in Cloud Security
  • To configure a more secure Cloud environment

Intended Audience

This training is suitable for:

  • Blue team members
  • Network administrators
  • Security testers
  • General security practitioners
  • Developers
  • Security management staff (recommended: day 1 only)
  • Non-technical staff with technical affinity (recommended: day 1 only)

Cloud infrastructure is constantly being adopted by organizations across the world. As cloud infrastructure is built and managed differently than on-premise infrastructure, security assessments must also be approached in a different manner. This course aims at demonstrating the new attack vectors that are presented when migrating to a new cloud environment, and to train red teamers and blue teamers alike to identify misconfigurations that can lead to cloud infrastructure compromise.

Required Skills & Expertise

This training is devised for technical personnel. A basic understanding of Linux and Windows command line and infrastructure is needed.

Program

The duration of this training course is of two days but can be adapted for your company needs.

Day 1:

09:00 - 10:30 Cloud Strategic Understanding

  • How is the cloud different to a traditional environment
  • Different types of clouds
  • Cons and Pros of the Cloud
  • Cloud Security Basics


10:30 - 12:30 Cloud Architecture Basics

  • Cloud Architect security principles
  • Cloud Architect mindset


12:30 - 15:00 Cloud Security Elements/Tools

  • Common cloud security built-in tools (AWS focus)


15:00 CTF

  • At the end of the day we will perform a CTF event to reinforce what was learned in the course

Day 2:

09:00 - 10:30 Vulnerability Management

  • CIS benchmark
  • Cloud vulnerability scanners


10:30 - 12:30 Cloud Specific Vulnerabilities

  • How are cloud vulnerabilities different


12:30 - 14:00 Azure specific security

  • Azure specific infrastructure, vulnerabilities and architectures


14:00 - 14:30 Infra as a Code

  • How to find and assess vulnerabilities in IaC
  • What is IaC, benefits and challenges

14:30 - 15:30 Container/Kubernetes security introduction

  • Container and kubernetes introduction
  • Container and kubernetes security principle
  • Common tools for assessing containers and kubernetes


15:30 CTF

  • At the end of the day we will perform a CTF event to reinforce what was learned in the course

Learning Objectives

  • Understand the basics of Cloud Security and Cloud Security Architecture
  • Gain an insight in how critical vulnerabilities in a Cloud corporate infrastructure can be exploited
  • Learn the basics of how an effective vulnerability scan and a Cloud Penetration test can be performed in an enterprise environment
  • Learn how to think like a cloud hacker to be able to better protect your Cloud environment

In-Company Training

If you are interested in hosting this interactive and tailored training at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00 or email info@secura.com.

USP

Why choose Secura | Bureau Veritas

At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.

Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.