SEC557: Cloud Security Continuous Compliance

  • In Person (5 days)
  • Online
30 CPEs

Cloud technologies, DevOps, agile development, and virtualization have enabled organizations to build and deploy systems at a terrifyingly fast rate. Old-school manual testing may miss entire generations of systems and yield results that are obsolete when the report is written. SEC557 teaches you how to use the same cloud-native and third-party tools that your engineers are using, so you can match the speed of the enterprise.

What You Will Learn

Measure what matters, not what's easy.

Students learn to measure compliance by working with, not against, the technologies used in the modern enterprise. Working with the Cloud Compliance Roadmap, students will discover the important compliance issues which their enterprise will face. Using the command-line and web-console-based tools, students will learn to gather, analyze and visualize metrics for use by all parts of the organization: short-term tactical data for operations and strategic data for management of all levels.

SEC557 focuses on what's most important during all phases of your cloud compliance journey, utilizing a thoughtful plan for gathering the most important metrics and building compliance maturity as the organization is ready. The roadmap covers identity and access management, storage, compute, networking, infrastructure and other important compliance areas, and the course teaches students how to develop and present useful information in each of these areas.


  • Ensure compliant operations no matter where you are in your cloud journey
  • Reduce cost of compliance by leveraging the tools you already pay for
  • Receive comprehensive compliance coverage with fewer gaps than manual testing
  • Achieve high value by prioritizing measurement efforts


  • Follow a comprehensive roadmap for measuring compliance
  • Understand the important settings and metrics for AWS, Azure and Google Cloud
  • Use tools native to the major cloud providers to ensure compliant operations
  • "Live off the land" by leveraging the tools and techniques already in use in the organization
  • Measure security and compliance in cloud services and infrastructure
  • Obtain compliance data quickly using cloud provider web consoles and command-line tools
  • Gather information from web APIs and security tools
  • Build a toolkit of multi-cloud compliance tools
  • Visualize data for rapid consumption
  • Prioritize compliance efforts to deliver the most value
  • Perform compliance measurements against AWS, Azure and Google Cloud
  • Reduce the time and effort required to gather and report on security and compliance data
  • Slice and dice structured data like JSON to extract relevant data
  • Visualize data for tactical operations and strategic management consumption
  • Automate compliance data gathering
  • Know when to automate and when to perform manual analysis


SEC557 is a lab-intensive class, with a goal of having students spend 40% or more of their time at the keyboard. Using target ranges in AWS and Azure, students learn to use the cloud providers' command-line interfaces, web consoles, and APIs to gather, process and visualize important compliance data. Students will use multi-cloud-capable third party tools and cloud-native tools to perform complete assessments of the target environments and leave the class with the skills needed to assess their organizations as soon as they are back at work.


Syllabus (30 CPEs)

  • Overview

    Section 1 sets the stage for the course. We discuss how compliance applies to the cloud and enterprise, what compliance standards are available, and the tools and techniques which will be used during the course. Students are given a comprehensive roadmap to measuring compliance at all maturity levels.

  • Overview

    This section begins the implementation of the compliance roadmap. Students learn how to gather inventory information, measure tagging compliance, and check fundamental identity and access management settings. Then we move into the Foundational phase of the roadmap, measuring storage compliance.

  • Overview

    In Section 3, we complete the Foundational portion of the roadmap with the important concepts and metrics for compute, network and infrastructure resources.

  • Overview

    Section 4 introduces the third phase of the roadmap which involves automation and business integration of compliance activities. Topics include infrastructure-as-code, static code analysis, configuration and vulnerability monitoring, automated remediation and full compliance framework testing.

  • Overview

    In Section 5, we introduce tools and strategies which are effective in multi-cloud and on-premise environments.


No other courses are required prior to taking SEC557, but experience with development, operations, security, audit, InfoSec, or IT management will be helpful.

The course makes heavy use of PowerShell, structured data (like JSON) and cloud provider command-line interfaces (CLI). Anything you can do to familiarize yourself with these technologies ahead of starting the course will put you at an advantage. Clay has a 3-part webcast and blog series using PowerShell mentioned in the Course Overview above under ADDITIONAL RESOURCES, which is highly recommended to review before the course starts, particularly for those less familiar with PowerShell. Many of the foundational techniques used in class are covered in the Quick Wins in Cloud Compliance livestream series, also linked above.

Laptop Requirements

Coming Soon

Register for SEC557