Cloud security is important, because in cloud computing we need to make sure that everybody in the cloud IT supply chain is doing their jobs right. Cloud is scary, because we have to give up some control to be able to control more information technology, paradoxically. But control is like brakes on a car, and the better our brakes, the faster we can drive.
Let’s start by asking what the objective of cloud security training is.
The objectives of cloud security training
The two main objectives I see are to get an individual certification of competence, and to help you and your team deliver better work. Better work could mean: safer cloud usage or speeding up cloud adoption projects.
Now let’s focus on the skills first, and then on the training that leads to those skills. The certification is nothing more than independent proof of mastery of certain skills.
What is the job you are trying to do? My learners tend to fall in three categories, according to their roles.
- Design and develop cloud solutions
- Assess risk and compliance of cloud solutions and providers
- Ongoing monitoring of cloud solutions and providers
If you or your team are focused on creating solutions, you should probably look at cloud provider specific training and certification. Most providers have some free entry level training, as well as more advanced training paths. You will typically be able to earn certifications and badges. Examples include:
- AWS Security Fundamentals
- Azure security courses from Microsoft Virtual Academy
- Salesforce has a range of easy to advanced training modules.
If you are assessing risk and compliance, you have a much different angle. For that you need a more comprehensive perspective that is vendor neutral in the core, but also allows you to understand specific technologies.
CCSK Body of Knowledge
The ‘mother’ of all cloud security knowledge is the Cloud Security Alliance’s (CSA) CCSK body of knowledge. CCSK stands for Certificate of Cloud Security Knowledge. Based on that, (ISC)2 in collaboration with CSA developed the Certified Cloud Security Professional certification. CCSP is a bit more comprehensive than CCSK, and also a tougher exam, and potentially better recognized as an individual certification depending on your geography and industry.
However, CCSK has been upgraded to version 4 at the end of 2017, and now includes modern topics such as DevOps and Security Automation.
CCSK is the number one training I do. What I like about it is that is vendor neutral, up to date, and the Plus version of the training actually has a basic AWS security lab inside. And my learners seem to like it too :-).
The third job role I see is ongoing security monitoring. There is a whole lot to say about that, and it is a wide topic. Nevertheless, most of the cloud security specific skills for that, as well as all the process that has to be in place, is derived from what external providers can offer and what the internal teams are designing. Because of that, most of cloud security monitoring cloud is covered by the two skill sets that I mentioned earlier, and therefore typically requires both vendor neutral as well as vendor specific skills.
Finally, once you have figured out the required knowledge and skills and the objective that you have, you can figure out which training path will help you best. Are you going for certification or for better (team) performance? There is overlap, but the focus differs.
You need to shop
If you wish to cram for a certification, go find a training program and a trainer compatible with your learning style. For example, how much discipline do you have for self-study?
If your objective is better team performance, you can start by having the team members go through some common core training as that will bring them on the same page, which tremendously speeds up any discussion. Even better can be to organize an in-company class. That will allow your team to apply the knowledge during the training and immediately adapt your way of working.
Beyond that, you should be looking at a more comprehensive training and coaching program. Cloud is the third or fourth large disruptive transformation in my 40+ year IT career. A single cloud course only scratches the surface of what needs to change.
So, what is the training or training program you are looking for?
CCSK online training
I deliver the CCSK online training in three different packages. Find the one that best matches your learning objectives and background. Not ready for the full training yet? Go to the bottom of this page (link) to get some free resources.
Very grateful. Thank you!
I have appreciated very well most topics and particulary the Security Risk & compliance topics. Comparison on IT process on premise with those in the Cloud is quite good. But, it could be done deeper.
This class is great. Good balance between you talking, and us chatting. You keep control of the syllabus and the schedule, and we provide some information on what the facts mean to us and how we understand them in our context. Brilliant stuff.
Very professional domain, but very clear explained! Thanks
Most useful: Technical context, risk knowledge and exam approach
Experienced trainer. Reflects his experience well within the context
Peter is incredibly knowledgeable and takes the time to answer questions and actually work with his students. The course is also an amazing way to learn how AWS actually works and, by the end of the labs, you feel ready to manage your own cloud! The materials are easy to understand and yet technical enough to get real-life security implemented. This was a great course and far beyond most of the accreditation courses I have completed.
I attended Peter's CCSK-training and found it very useful, because 1) the sessions gave me more insight on several other aspects of cloud computing than only security, 2) it "inspired" (/forced) me to study the CSA guide/ENISA more thorughly and not least 3) I manage to pass the exam 🙂
I had very little to no experience wit the CLOUD, so this training was incredibly valuable to me. My new professional responsibilities are becoming more and more cloud centric. I have a greatly improved level of confidence because I know I have a solid educational foundation that the training and exam preparation has provided for me. I cannot recommend it highly enough!