
Introduction to the course the purpose of the course as well as the intended audience
Cloud landscape in 2023 from a high-level the largest players encompass in this space AWS/Azure/Google Cloud.
Roles associated with cloud security defined and expanded on as organizations have different naming conventions on the scope of the role this is meant to populate what roles to look for and further details on roles related to security in the cloud ecosystem.
Choosing a cloud service provider is a crossroads for any organization measuring risk at this stage is pivotal to allow a organization to modernize and adopt. While some organizations measure risk in many measures its important to understand the implications of adoption.
Defining Identity and Access Management is critical to understand the concepts associated with identity objects as this unlocks control to various services in the cloud.
Google cloud compromises of users/service accounts (which give API permissions similar to a service principal auth in Azure) this covers roles that are pre-defined/customized.
Roles in AWS are a little different from Azure however the similarities of the concepts still exist you can access programmatically or by permissions (authn/authz).
Roles in Azure are pre-defined (built-in) or custom depending on what permissions associated with this.
Existing information on identities poses as risk how is this mitigated? We cover the risk involved and how this is addresssed.
Understanding resources in the cloud that encompass identity and using defense-in-depth approach in a cloud environment.
Data lifecycle management refers to the lifecycle of data from creation, share, use, store, archive as covered by CCSP
Students will be introduced to the Cloud Security Alliance and model of Cloud Control Matrix which encompasses many industry wide frameworks and applicability to cloud environments along with implementation guidelines.
Azure Purview works with Microsoft Purview on the Microsoft 365 Data Estate and extends the capabilities to map assets in a governance dashboard with data steward/data expert ownership for organizations to understand sensitive data across cloud environments.
Defender for Cloud is Microsoft Azure (CNAPP) Platform native to the provider that provides visibility across AWS/GCP/Azure resources in one area.
Oracle Cloud Infrastructure is a CSP that provides services in IaaS/PaaS/SaaS models to customers for consumption similar to AWS and Google Cloud and Microsoft Azure (while a small player has gained traction throughout the years for large organizations notably Uber).
Introduction to AWS Security Hub along with AWS Inspector, AWS Macie, AWS Secrets Manager
Understand the concept of containers along with security concepts related to containers.
Understanding how container images can contain vulnerabilities this video illustrates the use of tools such as trivy by Aqua sec to scan container images to be aware prior to use on the container if our underlying image has vulnerabilities
Infrastructure as Code is a back bone to utilizing cloud services at scale with infrastructure now increasing to microservices the popularity of Terraform for being multi-cloud has grown to understand the security implications we start with this Introduction.
Use of SAST by utilizing Trivy for configuration of IaC (Terraform) and using that to harden our configuration prior to deployment demonstrated in console.
Repo to follow along with use case - https://github.com/sn0rlaxlife/aks-chaos-engineer
https://aquasecurity.github.io/trivy/v0.45/
Kubernetes Bill of Materials refers to the software-supply chain that creates a kubernetes cluster think of a bill of materials as a list of components that make up the entire software. This can reveal vulnerabilities that the organization perhaps isn't aware of in the kubernetes cluster. Another layer of a technology still poses a risk and understanding this concept in practice is vital to extend cluster security.
Google Cloud offers the Security Command Center for a centralized view of security operations this video shows the platform along with how to find various risks, exposure and how the offerings differ from Standard to Premium.
Kubescape is a OSS project by the Organization ARMO and this shows the capability of the SaaS offering along with the onboarding of this in a actual cluster to demonstrate how onboarding a cluster along with finding actionable insights to navigate risk in the public cloud.
Azure AI Studio is a development hub to host and create AI models that can use various large language models to include Meta, Nvidia, Hugging Face, GPT-4 and more. This platform allows the use of tools to test, fine-tune and essentially create your own copilot.
Azure AI Studio allows the deployment models to be used for your own copilot or AI bot. This demonstration goes through the Web Classification usage with LLM prompts along with illustrating the prompt flow use on a runtime deployed.
Cloud Native Security Advisor is a LLM model crafted on GPT-4 by myself to ensure secure coding practices in IaC and Kubernetes Security are following best practices you simply ask the advisor for assistance in your configuration give it context and it provides best practices on making risk-based decisions.
Google Cloud Platform houses the Vertex AI Studio similar to Azure AI Studio this is a platform that accelerates development of using Large Language Model API's for various use cases, currently Google Gemini 1.5 and experimental are available to use with a 1,000,000 token limit (Gemini 1.5)
Use of Vertex AI Studio hands-on includes the overview of resources by leveraging data and querying various API's to demonstrate the use of the tools in building on Google Cloud Platform.
Overview of Agents: In the realm of Vertex AI and Dialogflow, an "agent" represents a core component designed to handle interactions within a conversational AI application. Each agent is tasked with managing specific types of conversations or actions based on predefined goals and instructions. This architecture allows for modular, scalable design within complex applications, where different agents can be specialized for handling different parts of a conversation or different types of tasks. These can be highly customized based on the end goal of what you are designing for a specific experience I demonstrate in this video a simple example.
This course is designed to provide students with an understanding of cloud security and the skills necessary to protect cloud-based applications and infrastructure. The course covers the fundamental concepts of cloud computing, including service models, deployment models, and the shared responsibility model. Students will learn about the top cloud service providers and their features, as well as the risks and benefits of cloud computing. The course will then delve into the key principles of cloud security, including data protection, access control, network security, and compliance. Cloud security while at first might seem ambiguous this course is provided with the fundamentals to ensure you're able to make key decisions in design, selection, and securing cloud infrastructure. Students from all backgrounds are welcome to take this course as this is provided with the beginner in mind. Many organizations are utilizing cloud infrastructure in some shape or form to perform day-to-day activities. While the usage of Infrastructure as a service might seem nuanced you've likely interfaced with some sort of software-as-a-service offering at some point in your organization. This course is meant to build on your existing knowledge and background and lay the fundamentals of security and how it is implemented in cloud infrastructure.