Cloud security is important, because in cloud computing we need to make sure that everybody in the cloud IT supply chain is doing their jobs right. Cloud is scary, because we have to give up some control to be able to control more information technology, paradoxically. But control is like brakes on a car, and the better our brakes, the faster we can drive.
Let’s start by asking what the objective of cloud security training is.
The objectives of cloud security training
The two main objectives I see are to get an individual certification of competence, and to help you and your team deliver better work. Better work could mean: safer cloud usage or speeding up cloud adoption projects.
Now let’s focus on the skills first, and then on the training that leads to those skills. The certification is nothing more than independent proof of mastery of certain skills.
Three Categories
What is the job you are trying to do? My learners tend to fall in three categories, according to their roles.
- Design and develop cloud solutions
- Assess risk and compliance of cloud solutions and providers
- Ongoing monitoring of cloud solutions and providers
If you or your team are focused on creating solutions, you should probably look at cloud provider specific training and certification. Most providers have some free entry level training, as well as more advanced training paths. You will typically be able to earn certifications and badges. Examples include:
- AWS Security Fundamentals
- Azure security courses from Microsoft Virtual Academy
- Salesforce has a range of easy to advanced training modules.
If you are assessing risk and compliance, you have a much different angle. For that you need a more comprehensive perspective that is vendor neutral in the core, but also allows you to understand specific technologies.
CCSK Body of Knowledge
The ‘mother’ of all cloud security knowledge is the Cloud Security Alliance’s (CSA) CCSK body of knowledge. CCSK stands for Certificate of Cloud Security Knowledge. Based on that, (ISC)2 in collaboration with CSA developed the Certified Cloud Security Professional certification. CCSP is a bit more comprehensive than CCSK, and also a tougher exam, and potentially better recognized as an individual certification depending on your geography and industry.
However, CCSK has been upgraded to version 4 at the end of 2017, and now includes modern topics such as DevOps and Security Automation.
CCSK is the number one training I do. What I like about it is that is vendor neutral, up to date, and the Plus version of the training actually has a basic AWS security lab inside. And my learners seem to like it too :-).
Security Monitoring
The third job role I see is ongoing security monitoring. There is a whole lot to say about that, and it is a wide topic. Nevertheless, most of the cloud security specific skills for that, as well as all the process that has to be in place, is derived from what external providers can offer and what the internal teams are designing. Because of that, most of cloud security monitoring cloud is covered by the two skill sets that I mentioned earlier, and therefore typically requires both vendor neutral as well as vendor specific skills.
Finally, once you have figured out the required knowledge and skills and the objective that you have, you can figure out which training path will help you best. Are you going for certification or for better (team) performance? There is overlap, but the focus differs.
You need to shop
If you wish to cram for a certification, go find a training program and a trainer compatible with your learning style. For example, how much discipline do you have for self-study?
If your objective is better team performance, you can start by having the team members go through some common core training as that will bring them on the same page, which tremendously speeds up any discussion. Even better can be to organize an in-company class. That will allow your team to apply the knowledge during the training and immediately adapt your way of working.
Beyond that, you should be looking at a more comprehensive training and coaching program. Cloud is the third or fourth large disruptive transformation in my 40+ year IT career. A single cloud course only scratches the surface of what needs to change.
So, what is the training or training program you are looking for?
Do a FREE course
Are you not sure if you are ready to start a full CCSK training yet? Then this course is perfect for you. It will give you a good idea of how worthwhile it is to go for the CCSK certification. You will also cover some of the basics that are required for the full course.
And the best thing? It’s for free! Click on the button below and start learning about CCSK v4.