Cloud Security Training

... > Corsi di formazione > Cloud Security Training

Cloud Security Training

Many organizations are adopting cloud services to complement their production infrastructure. The number of cloud services that are offered is constantly increasing and includes options such as web servers, SQL servers, virtual machines, and office productivity tools. Many of these cloud-based resources are connected directly to an organization’s production infrastructure.

How do you address the security of your cloud infrastructure? How to ensure your security is sufficient? Learn how a hacker thinks and how you should protect your cloud environment.

Many organizations approach cloud development in a similar manner as they would to traditional IT infrastructure. With cloud-based authentication being available to the public internet, a whole new attack surface emerges. This is especially notable when cloud is used to store sensitive data that is normally protected within the boundaries of a traditional IT environment. By learning you to think as a hacker, you can avoid many pitfalls in configuring your systems in the cloud securely.

Students will also be taught different techniques to escalate their privileges in a cloud environment and finally to compromise different services within the cloud environment.

Why should you attend?

  • Understand the basics of Cloud Security and Cloud Security Architecture
  • To be able to protect your Cloud and hybrid environment
  • Address common misconfiguration and vulnerabilities
  • Learn tips and tricks from experts in Cloud Security
  • To configure a more secure Cloud environment

Intended Audience

This training is suitable for:

  • Blue team members
  • Network administrators
  • Security testers
  • General security practitioners
  • Developers
  • Security management staff (recommended: day 1 only)
  • Non-technical staff with technical affinity (recommended: day 1 only)

Cloud infrastructure is constantly being adopted by organizations across the world. As cloud infrastructure is built and managed differently than on-premise infrastructure, security assessments must also be approached in a different manner. This course aims at demonstrating the new attack vectors that are presented when migrating to a new cloud environment, and to train red teamers and blue teamers alike to identify misconfigurations that can lead to cloud infrastructure compromise.

Required Skills & Expertise

This training is devised for technical personnel. A basic understanding of Linux and Windows command line and infrastructure is needed.

Program

The duration of this training course is of two days but can be adapted for your company needs.

Day 1:

09:00 - 10:30 Cloud Strategic Understanding

  • How is the cloud different to a traditional environment
  • Different types of clouds
  • Cons and Pros of the Cloud
  • Cloud Security Basics


10:30 - 12:30 Cloud Architecture Basics

  • Cloud Architect security principles
  • Cloud Architect mindset


12:30 - 15:00 Cloud Security Elements/Tools

  • Common cloud security built-in tools (AWS focus)


15:00 CTF

  • At the end of the day we will perform a CTF event to reinforce what was learned in the course

Day 2:

09:00 - 10:30 Vulnerability Management

  • CIS benchmark
  • Cloud vulnerability scanners


10:30 - 12:30 Cloud Specific Vulnerabilities

  • How are cloud vulnerabilities different


12:30 - 14:00 Azure specific security

  • Azure specific infrastructure, vulnerabilities and architectures


14:00 - 14:30 Infra as a Code

  • How to find and assess vulnerabilities in IaC
  • What is IaC, benefits and challenges

14:30 - 15:30 Container/Kubernetes security introduction

  • Container and kubernetes introduction
  • Container and kubernetes security principle
  • Common tools for assessing containers and kubernetes


15:30 CTF

  • At the end of the day we will perform a CTF event to reinforce what was learned in the course

Learning Objectives

  • Understand the basics of Cloud Security and Cloud Security Architecture
  • Gain an insight in how critical vulnerabilities in a Cloud corporate infrastructure can be exploited
  • Learn the basics of how an effective vulnerability scan and a Cloud Penetration test can be performed in an enterprise environment
  • Learn how to think like a cloud hacker to be able to better protect your Cloud environment

Why should you attend?

Understand the basics of Cloud Security and Cloud Security Architecture

  • To be able to protect your Cloud and hybrid environment
  • Address common misconfiguration and vulnerabilities
  • Learn tips and tricks from experts in Cloud Security
  • To configure a more secure Cloud environment

Intended Audience

This training is suitable for:

  • Blue team members
  • Network administrators
  • Security testers
  • General security practitioners
  • Developers
  • Security management staff
  • Non-technical staff with technical affinity

Required Skills and Expertise

This training is devised for technical personnel. A basic understanding of Linux and Windows command line and infrastructure is needed.

Image in image block

Program

01

Day 1: Cloud Fundamentals and Hands-On Learning

  • Cloud Basics: Understand what makes cloud environments different from traditional setups. Overview of cloud models and security implications.
  • Security Principles: Introduction to the mindset and responsibilities of a cloud architect.
  • Cloud Tooling (AWS Focus): Overview of built-in security tools commonly used in cloud deployments.
  • Capture the Flag (CTF): Interactive challenge to apply concepts from the day in a practical, scenario-based exercise.

02

Day 2: Cloud Threats and Platform-Specific Security

  • Vulnerability Management: Use of CIS Benchmarks and tools for scanning cloud environments.
  • Cloud Vulnerabilities: Analysis of threats specific to cloud environments and how they differ from on-premise risks.
  • Azure Focus: Explore Azure’s unique architecture, risks, and security tools.
  • Infrastructure as Code (IaC): Introduction to IaC, its role in security, and how to spot vulnerabilities.
  • Containers & Kubernetes: Basics of containerization, Kubernetes, and related security tools.
  • Final CTF: Apply the full spectrum of course knowledge in a second hands-on challenge.

read more

Related image

Related image

Related image

In-Company Training

If you are interested in hosting this interactive and tailored training at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00 or email cybersecurity@bureauveritas.com.

USP

Perché scegliere Bureau Veritas Cybersecurity?

Bureau Veritas Cybersecurity è il vostro partner esperto in materia di sicurezza informatica. Aiutiamo le organizzazioni a identificare i rischi, rafforzare le difese e conformarsi agli standard e alle normative in materia di sicurezza informatica. I nostri servizi riguardano persone, processi e tecnologie, dalla formazione sulla consapevolezza e l'ingegneria sociale alla consulenza sulla sicurezza, la conformità e i test di penetrazione.

Operiamo in ambienti IT, OT e IoT, supportando sia i sistemi digitali che i prodotti connessi. Con oltre 300 professionisti della sicurezza informatica in tutto il mondo, uniamo una profonda competenza tecnica a una presenza globale. Bureau Veritas Cybersecurity fa parte del Bureau Veritas Group, leader mondiale nel settore dei test, delle ispezioni e delle certificazioni.