Presented By: Paul Schwarzenberger
Gain hands-on cloud security and DevSecOps experience with leading cloud service providers, containers, serverless, application security testing and CI / CD pipelines.
Paul’s popular Cloud Security and DevSecOps course has been extended to 3 days – now including Google Cloud Platform as well as AWS and Azure, and extra labs on container security, keys and secrets, application security testing and infrastructure as code.
You’ll access a unique cloud security training environment – described in the five part 44CON blog post series – with all needed software pre-installed, and cloud service accounts set up and ready to use.
This 3 day course will take place on the 9th, 10th and 11th of September 2019 in London, UK. The price is £1,950.00 inc. VAT.
Learning objectives
- Knowledge of AWS, Azure and GCP services, secure architectures and best practice
- Hands-on experience of AWS and Azure security features and services
- Familiarity with new attack vectors, common mistakes and misconfigurations
- Understanding DevSecOps approaches, technologies and tools
- Practical use of CI/CD pipelines incorporating application security testing
- Container and serverless architectures, security issues and controls
- Continuous cloud compliance and automated cloud security operations
Course Outline
Day One
- Introduction and cloud concepts
- AWS core services
- AWS lab – build serverless web site using CloudFormation template
- AWS security services
- Azure core services
- Azure lab – deploy infrastructure and implement security improvements
Day Two
- Azure security services
- Container concepts, architectures and container security
- Container security lab – assess container security using automated tool
- Serverless architectures, serverless functions
- Serverless security risks, controls and best practice
- Continuous compliance and automated assessment tools
- Continuous compliance lab – assess security of an AWS account
- Keys and secrets lab – scan GitHub repositories
- Continuous compliance demo – automated warnings and remediation
- Infrastructure as code
Day Three
- Google Cloud Platform
- Infrastructure as code lab – deploy using Terraform and improve security
- DevOps and DevSecOps approaches and toolkit
- Application Security
- Application Security lab – incorporate application security test to pipeline
- CI/CD pipeline lab – serverless application in AWS with integrated tests
- Security operations and DevSecOps
- People aspects of DevSecOps
Target Audience
Security engineers, security architects, security operations and DevOps looking to develop their understanding of cloud security and DevSecOps with a view to designing secure systems, preventing attacks, detecting security issues and establishing automated remediation.
Penetration testers, ethical hackers and red team personnel interested in extending their knowledge of cloud security risks and issues, common misconfigurations which can be exploited, and the use of automated tools to assess security of cloud infrastructure and applications.
Student Requirements
No particular experience required, however any knowledge of cloud will be beneficial.
What to bring
Laptop with Amazon Workspaces client installed (see below)
Mobile phone (for authenticator app)
Software
Before coming on the course, download and install the Amazon workspaces client on your laptop from https://clients.amazonworkspaces.com/
After installing, open the application while connected to home WiFi or a mobile network. Press the Network status symbol at the bottom right hand corner to view detailed status. Ensure that all items have a green tick as shown in the screenshots below.
Amazon WorkSpaces also supports tablets such as the iPad, however there can be usability issues. Students are welcome to test the use of Amazon WorkSpaces from a tablet, however labs should be completed using a laptop.
Also install the Google Authenticator app on your smartphone.
Students will be provided with
Amazon Workspaces virtual desktops for the labs, with all necessary software and tools pre-installed
AWS, Azure, and GitHub credentials to be used responsibly during the course
Electronic copies of the course presentations, electronic and paper copies of lab guides
About the Trainer
Paul is a cloud security architect and DevSecOps specialist with over 15 years experience leading security engagements and cloud migration projects for customers across sectors including financial services and UK Government.
Paul uses an agile DevSecOps approach to lead the implementation and migration of critical systems to public cloud, with demanding security and compliance requirements for protection of personal data, detection and prevention of cyber-attacks and financial fraud.
Recent conference presentations include:
- Security BSides London 2018 – How to take over a production system in the cloud
- DevSecCon London 2018 – A journey to continuous cloud compliance
- IISP CrestCON 2018 – Why cloud security is different
Paul has numerous security and cloud qualifications and certifications including MSc Information Security Royal Holloway, CCSP, CISSP, AWS Certified Solutions Architect Professional, AWS Certified Security Specialty and Microsoft Certified Azure Solutions Architect Expert.