Module 1: Cloud Computing and Security Fundamentals

This module will introduce you to the course and provide foundational information about cloud infrastructure and security.

Student Objectives:

Students will learn the cloud principles and terminology essential for talking to customers and cloud engineers.

Students will be introduced to key cloud security concepts and threats and attacks that are common in cloud environments.

After completing this module, students will have these foundational cloud and cloud security principles, as well as the key understanding of design and architecture necessary for the rest of the course.

Topics Covered:

Cloud Computing Types and Service Models

Cloud Security Challenges and Concerns

Cloud and Security Responsibility

Evaluating Cloud Service Providers

Cloud Security Benefits

Threats and Attacks in Cloud Environments

Cloud Security Design Principles

Cloud Security Architecture

Module 2: Identity and Access Management (IAM) in the Cloud

This module will focus on the protection of identity and access management. This will include how to protect users and assign proper permissions.

Labs: Assign roles and enforce MFA in AWS, and implement roles and enforce MFA with conditional access policies in Azure.

Module Objectives:

Students will learn identity and access principles and concepts to protect the perimeter of the cloud.

Students will understand the key concepts for protecting identity and access.

After completing this module, students will be able to comprehend the importance of identity and access management, as well as the concepts for monitoring and managing users and identities.

Topics Covered:

IAM Fundamentals

Principal and Roles of IAM in the Cloud

Role-based Access Control (RBAC)

Identity Federation

Single Sign-on (SSO) and Self-Service Password Reset (SSPR)

Multifactor Authentication (MFA)

Principle of Least Privilege

IAM Auditing and Monitoring

Module 3: Data Protection and Encryption in the Cloud

This module will provide information on how to protect data from loss and unauthorized access.

Labs: Set up KMS in AWS, set up Key Vault in Azure, and create DLP policies in M365

Module Objectives:

Students will learn the key concepts for protecting data in the cloud.

Students will grasp the importance of understanding the data the company stores and avoiding exposure to sensitive data.

After completing this module, students will be able to explore the concepts and techniques for encrypting and protecting data within a cloud environment.

Topics Covered:

Data Classification and Lifecycle

Encryption Techniques (at Rest, in Transit)

Customer vs. Cloud Provider Managed Keys

Data Loss Prevention (DLP)

Backup and Disaster Recovery Strategies

Module 4: Network Security in Cloud

This module will teach you how to securely architect your network to protect against unauthorized access and detect potential network attacks.

Labs: Create a VPC and configure NACL and NSG in AWS, as well as create a VNET and configure an NSG in Azure.

Module Objectives:

Students will learn the concepts of networking in the cloud and how to architect public and private network communication.

Students will be introduced to cloud connections within cloud, hybrid, and multi-cloud networks.

After completing this module, students will have a foundational understanding of network connectivity and communications within a cloud and hybrid architecture and how to secure these connections.

Topics Covered:

Cloud Network Fundamentals

Virtual Private Clouds (VPC)

Network Isolation and Segmentation

Network Access Control Lists (NACLs) and Network Security Groups (NSG)

Remote Access and Connections

Firewalls and Intrusion Detection

Module 5: Application Security in Cloud

This module will show you how to secure applications, web access, and databases in cloud environments.

Labs: Create an application gateway with WAF and create a WAF in AWS.

Student Objectives:

Students will learn the fundamental security concepts for protecting applications within the cloud.

Students will be introduced to application threats and vulnerabilities and how to architect the protection of these applications within development and the network.

After completing this module, students will understand fundamental application development concepts and how to provide security within the development process. They will also understand the network and code security techniques that will secure applications.

Topics Covered:

Secure Software Development Lifecycle (SDLC) in the Cloud

Web Application Firewall (WAF) in Cloud Environments

Web Application Security and OWASP Top Ten

Security by Design Principles for Cloud Applications

Secure Coding Practices

API Security and Integration Best Practices

Serverless Security Considerations

Container Security (Docker, Kubernetes)

Module 6: Cloud Security Monitoring and Incident Response

This module will introduce you to the foundations of security operations, including logging activity and events, identifying threats and intrusions, and responding to incidents.

Labs: Configure Azure Sentinel, configure workload protection for Microsoft Defender for the Cloud, configure Guard Duty on AWS, and configure Security Hub on AWS.

Module Objectives:

Students will learn the importance of logging and monitoring activity within the cloud environment as a proactive security strategy.

Students will be introduced to logging and monitoring solutions and how automation can be used to identify and respond to threats.

After completing this module, students will understand the foundational concepts and techniques for security operations.

Topics Covered:

Cloud Logging

Cloud Security Monitoring

SIEM and SOAR

Cloud-native Monitoring Solutions

Continuous Security Monitoring Strategies

Cloud Security Monitoring Best Practices

Incident Response in Cloud

Module 7: Cloud Security Risk Assessment and Management

This module will discuss the process of risk analysis, assessment, and management.

Module Objectives:

Students will learn about risk management frameworks and strategies for risk assessments.

Students will be introduced to how to assess risk and techniques for risk analysis.

After completing this module, students will understand the importance of a risk management framework and determining a company’s risk and risk tolerance through risk analysis techniques.

Topics Covered:

Identifying Cloud Security Risks

Risk Assessment Frameworks for Cloud Environments

Cloud Security Controls and Countermeasures

Threat Modeling and Vulnerability Assessment in Cloud Environments

Quantitative vs. Qualitative Risk Assessment Approaches

Cloud Risk Treatment, Response, and Mitigation

Module 8: Cloud Compliance and Governance

This module will discuss the various regulatory and legal standards that you may need to adhere to within your company jurisdiction and how to maintain compliance within the cloud infrastructure.

Labs: Configure regulatory compliance in Azure and configure AWS Config for CIS standards.

Module Objectives:

Students will learn about the primary industry, regulatory, and national standards that govern compliance for companies.

Students will be introduced to cloud capabilities and solutions for monitoring and managing compliance within cloud and hybrid environments.

After completing this module, students will understand the role of regulations and standards on compliance within cloud and hybrid architectures.

Topics Covered:

Regulatory and Industry Compliance

Cloud Security Standards

Cloud Security Governance and Risk Management

Auditing and Monitoring Cloud Resources

Cloud Security Assessment and Penetration Testing