New

SEC388: Introduction to Cloud Computing and Security

  • In Person (3 days)
  • Online
18 CPEs

Today's world of cyber security moves quickly. Cloud security moves even faster, so getting started or moving into a career in this field can be intimidating if you do not have the foundation to be successful. SANS SEC388 solves this problem by helping you to learn the foundational elements of modern cloud computing and security. This course kicks off your journey to becoming a SANS Cloud Ace by taking an introductory yet critical look at cloud security. This course focuses on Azure and AWS, and shows you how to interact with each cloud provider by familiarizing you with common terminology, cloud services, security concerns, and solutions to cloud-based security shortcomings. Through hands-on labs, SEC388 puts you in real-world scenarios that challenge you to learn more about AWS, Azure, and relevant cloud computing and security concepts. 12 Labs

What You Will Learn

Ground School for Cloud Security

The purpose of SEC388 is to learn the fundamentals of cloud computing and security. We do this by introducing, and eventually immersing, you in both AWS and Azure; by doing so, we are able to expose you to important concepts, services, and the intricacies of each vendor's platform. This course provides you with the knowledge you need to confidently speak to modern cybersecurity security issues brought on by the cloud, and become well versed with applicable terminology. You won't just learn about cloud security, you will learn the "how" and the "what" behind the critical cloud security topics impacting businesses today.

"The mixture of introductory concepts and security-specific concerns was just right. I walked away from the course with a better understanding of public cloud environments and how they can be leveraged to meet business goals, and valuable hands-on experience working within the cloud provider's tools to deploy example servers and applications with an eye toward doing it all securely." - Flint Gatrell

BUSINESS TAKE-AWAYS:

This course will help your organization:

  • Develop professionals - technical or managerial - that know how to use AWS and Azure services
  • Anticipate what cloud security threats are applicable to your business
  • Learn how to mitigate threats
  • Create a culture where security empowers the business to succeed

SKILLS LEARNED:

  • Make sense of different cloud-based services
  • Understand and analyze risk in the cloud
  • Interact with Azure and AWS environments using a browser and command line tools
  • Change behavior and build a security-aware culture
  • Deploy and integrate cloud services in AWS and Azure
  • Get up to speed quickly on cloud security issues and terminology
  • Detect and effectively respond to a simulated cloud breach
  • Speak the same language as technical security professionals
  • Learn how to automate common tasks using cloud shells
  • Defend cloud services from attacks
  • Track, audit and manage budgeting in your cloud environments

HANDS-ON TRAINING:

All labs in SEC388 are focused on Azure and AWS and involve directly interacting with each cloud service provider. Students will use a browser to access each cloud environment to gain familiarity with cloud computing concepts. During labs, students will implement cloud services, deploy a cloud-based website, and perform essential security tasks in order to become accustomed to cloud computing and cloud security. The total time committed to labs is about 37% of the course.

Section 1: Cloud Account Creation/Finalization, Cloud Interfaces, Introduction to the Command Line, Billing and Cost Calculation

Section 2: VM Deployment, Secure Storage Implementation, Website Integration, Alert Generation

Section 3: Cloud Incident Response, Vulnerability Identification & Remediation, Cloud Security Tools, Attacking the Cloud

"The labs overall are great, they tie directly to the module content and build on the previous modules/labs." - Mike Larson, eFirstBank

"Serge makes the journey easier with his explanations after the labs. This is very crucial for me as a career changer with limited IT background. Kudos!" - Kayode Olabisi

SYLLABUS SUMMARY:

Section 1: Introducing cloud terminology, computing and security topics

Section 2: Deploying and implementing common cloud services

Section 3: Identifying cloud threats and implementing applicable solutions

ADDITIONAL FREE RESOURCES:

WHAT YOU WILL RECEIVE:

  • Electronic courseware containing the entire course content
  • Printed course books
  • Access to repeatable interactive hands-on labs
  • MP3 audio files of the complete course lecture
  • Access to Slack Cloud Security Alumni channel

WHAT COMES NEXT:

Technical Cloud Practitioners:

Cloud Security Managers and Leaders:

Syllabus (18 CPEs)

Download PDF
  • Overview

    The course starts with an introduction to both AWS and Azure by answering fundamental questions about the cloud: what it is, how it works, why its relevant, all while explaining pertinent vocabulary. The course continues by introducing common cloud services and highlighting how to interact with our cloud environments using both a web browser and the command line. With this foundation, the focus shifts to security concerns and detailing common mistakes which can lead to a breach. The section ends on the topic of budgeting and understanding how costs are calculated in a cloud computing environment.

    Exercises
    • Cloud Account Creation / Finalization
    • Cloud Interfaces
    • Introduction to the Command Line
    • Billing and Cost Calculation
    Topics

    Introduction to Cloud Computing

    • AWS and Azure account setup

    Cloud Service Providers

    • Terminology and vocabulary
    • Common cloud services
    • Cloud security case study

    Cloud Interfaces

    • GUI / Web Interface
    • API Access
    • CLI and Automation

    Cost Calculation

    • Understanding costs
    • Controlling costs
    • Budgeting and alerting
  • Overview

    Section two delves into service integration and deployment. We start they day by understanding common cloud-based services and the role they play in supporting the business. We then begin deploying services to both AWS and Azure, as well as configuring security controls to allow and restrict access into our environment. The exposure to new services continues with the implementation of cloud storage, in conjunction with cloud computing. Within the context of enabling common business functions, we integrate a functional website in each cloud service providers environment. Finally, within these newly deployed services, we work to understand the risk these actions inherently introduce, and work to limit that risk by implementing security monitoring and alerting controls.

    Exercises
    • VM Deployment
    • Secure Storage Implementation
    • Website Integration
    • Alert Generation
    Topics

    Compute Services

    • Virtualization and Autoscaling
    • Image Selection
    • Identity and Authentication
    • Instance Deployment

    Cloud Storage

    • Availability
    • Accessing Storage
    • Storage Costs
    • Storage integration

    Business Needs

    • Uptime
    • Remote Access
    • Security Controls
    • Threat and Vulnerability Programs

    Logging & Monitoring

    • Log Sources
    • Console Logging
    • Portal Logging
    • Monitoring and Alerting
  • Overview

    Section Three focuses on identifying threats facing cloud environments, and understanding solutions to deal with those threats. After suffering a simulated breach of our cloud environment, we learn hands-on exactly how to respond to the situation and research the root cause. With first-hand experience dealing with cloud service deployment, and the inherent risks of exposing our infrastructure, we work to understand how to harden our environment against attacks. Finally, we look at automated, cloud-native security solutions, and discuss common attacks and defenses we can then speak to with a close look at best practices.

    Exercises
    • Cloud IR
    • Vulnerability Identification & Remediation
    • Cloud Security Tools
    • Attacking the Cloud
    Topics

    Incident Response

    • Declaring an Incident
    • Incident Impact
    • Operational Security
    • Administrative Controls

    Hardening

    • System Hardening
    • Patching
    • Risk Ranking
    • Vulnerability Remediation

    Cloud Native Security Solutions

    • AWS Security Hub
    • Microsoft Defender for Cloud
    • Cloud Security Tools

    Cloud Attacks and Defenses

    • Common Attack Categories
    • Defense Strategies
    • Layered Security
    • Cloud Security Best Practices

Prerequisites

While SEC388 does not have prerequisites, to get the most out of the course students should have a basic understanding of computers.

Laptop Requirements

Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

Students Need to Have:

  • A laptop with the Google Chrome web browser. The laptop should have unrestricted access to the Internet and full administrative access.
  • An OpenSSH client installed on their laptop
  • Adobe Acrobat Reader or other PDF reader application
  • A brand new free tier Amazon Web Services (AWS) account or an existing AWS account with root access and no restrictions (estimated cost is $5)
  • A brand new free trial Azure account or an existing Azure account with owner access and no restrictions
  • The Secure Shell App installed Chrome
  • NOTE: Consider purchasing a mouse, if you do not already have one.

It is critical that you back-up your system before class. It is also strongly advised that you do not bring a system storing any sensitive data.

System Hardware Requirements

  1. Hard Drive Free Space: No course VM is used in this course: Labs are performed the web browser and a locally-installed OpenSSH client.
  2. Operating System: Windows or macOS operating systems are supported.

Additional Hardware Requirements

The requirements below are in addition to the baseline requirements provided above.

Laptop Requirements for SEC388: Network, Wireless Connection: A wireless 802.11 network adapter is required. This can be the internal wireless adapter in your system or and external USB wireless adapter.

SANS has begun providing printed materials in PDF form. Additionally, certain classes are using an electronic workbook in addition to the PDFs. The number of classes using eWorkbooks will increase quickly. In this new environment, we have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Author Statement

"Cloud computing is not new and the adoption of the cloud by organizations continues to grow at an astounding rate. Due to this, many people are finding themselves in the position where it clearly makes sense to learn more about cloud computing. Interestingly, this rise in cloud computing has brought forth a rise in cloud-related breaches - and it makes perfect sense why. As we see with any new frontier in computer science, what's old is new again, and many of the mistakes of the past, are being revived in today's modern world of cloud computing. It is critically important to develop the skills and knowledge needed to positively influence cloud security in every capacity we can influence. Regardless of your background, SEC388's entry-level approach and focus on cloud computing and security will help you prepare for a rewarding career, just as it will help level-up your skills as an accomplished professional, ultimately preparing you for success in a world of cloud computing."

- Serge Borso

"Serge is the best instructor I've ever had! He's so knowledgeable and has a great teaching style. Very relatable and helps when people have questions." - Seth J., SEC542 student

Reviews

The explanation of AWS & Azure, and the supporting slides were very clear and gave a good introduction to both companies. I think they were the right level for someone without any sort of cloud backgrou
Shannon Brunston
This is a great course for system administrators and security practitioners who are transitioning, or thinking about transitioning, from a primarily on-premises workload to a public cloud workload.
Flint Gatrell
Serge makes the journey easier with his explanations after the labs. This is very crucial for me as a career changer with limited IT background. Kudos!
Kayode Olabisi
I'm taking this course as part of the journey to switching my career from Finance to IT.
Senalda Rodrigues

    Register for SEC388

    Loading...