Presented By: Paul Schwarzenberger
Public cloud services are now mainstream, and growing at a massive rate, as organisations launch new applications in the cloud and migrate existing systems. Along with the rapid move to the cloud, there is an equally revolutionary shift to DevOps, infrastructure as code, and adoption of agile software development approaches.
Taken together, broad access to public cloud services, combined with the dynamic nature of DevOps, introduces a multitude of new risks, methods of attack and potential security issues.
This course provides a hands-on introduction to cloud security and DevSecOps, covering new attack vectors and risks, common mistakes and misconfigurations. Methods of protecting applications and data in the cloud are explored, ranging from secure cloud architectures, to security tests integrated to continuous integration pipelines, cloud security services, continuous cloud compliance, and automated cloud security operations.
The 2 day course will take place on the 6th & 7th June 2019 in London.
The price is £1,300 (inc VAT). Book your place in our shop now.
Learning Objectives
- Knowledge of AWS and Azure services, secure architectures and best practice
- Hands-on experience of AWS and Azure security features and services
- Understanding DevSecOps approaches, technologies and tools
- Practical use of CI/CD pipelines incorporating security testing
- Container and serverless architectures, security issues and controls
Course Outline
Day 1:
- Introduction and cloud concepts
- AWS core services
- AWS lab – build serverless web site using CloudFormation template
- AWS security services
- Azure core services
- Azure lab – deploy infrastructure and implement security improvements
Day 2:
- Azure security services
- Continuous compliance and automated assessment tools
- Continuous compliance lab – assess security of an AWS account
- Container concepts, architectures and container security
- Serverless architectures, serverless functions, security risks and best practice
- DevOps and DevSecOps
- DevSecOps lab – CI/CD pipeline for serverless application with integrated tests
Target Audience
Security engineers, security architects, security operations and DevOps looking to develop their understanding of cloud security and DevSecOps with a view to designing secure systems, preventing attacks, detecting security issues and establishing automated remediation.
Penetration testers, ethical hackers and red team personnel interested in extending their knowledge of cloud security risks and issues, common misconfigurations which can be exploited, and the use of automated tools to assess security of cloud infrastructure and applications.
Student Requirements
No particular experience required, however any knowledge of cloud will be beneficial.
What to Bring
- Laptop with Amazon Workspaces client installed (see below)
- Mobile phone (for authenticator app)
Software Requirements
Before coming on the course, download and install the Amazon Workspaces client on your laptop from https://clients.amazonworkspaces.com/.
After installing, open the application while connected to home WiFi or a mobile network. Press the Network status symbol at the bottom right hand corner to view detailed status. Ensure that all items have a green tick as shown in the screenshots below.
Also please install the Google Authenticator app on your smartphone.
Students will be provided with
Amazon Workspaces virtual desktops for the labs, with all necessary software and tools preinstalled
AWS, Azure and GitHub credentials to be used responsibly during the course
Electronic copies of the course presentations, electronic and paper copies of lab guides
About the Trainer
Instructor – Paul Schwarzenberger @paulschwarzen
Paul is a cloud security architect and DevSecOps specialist with over 15 years experience leading a wide range of security related engagements for customers across sectors including financial services, pharmaceutical, retail, education and media, logistics, UK Government and Police. Paul uses an agile DevSecOps approach to lead the implementation and migration of critical systems to public cloud, with demanding security and compliance requirements for protection of personal data, detection and prevention of cyber-attacks and financial fraud.
Recent conference presentations include:
• Security BSides London 2018 – How to take over a production system in the cloud
• DevSecCon London 2018 – A journey to continuous cloud compliance
• IISP CrestCON 2018 – Why cloud security is different
Paul has numerous security qualifications, certifications and memberships including MSc Information Security Royal Holloway, M.Inst.ISP, CCSP, CISSP and AWS Certified Security Specialty.