Cloud Security is one of the most in-demand cyber skills for 2021 and beyond. To understand cloud security, it’s handy to hold an understanding of the cloud in general so you know what you’re trying to secure. Fortunately, there’s an abundance of learning material freely available for you to get started. Unfortunately, it’s unorganised and often learners struggle to identify where best to spend their precious study time. This article gives you an overview of where to get started, the pathways available, and where to find the best free cloud security learning courses and resources.
Introduction to ‘The Cloud’
The cloud provides a user with computing power, database storage, content delivery and other functionality without the need to have their own on-site equipment. It’s predominantly used to help businesses scale and grow.
For example, you can use the cloud to host and run cyber security labs (like Immersive Labs) or to run web and application servers to host dynamic websites. Over 90% of businesses use the cloud, or cloud-hosted services, for various aspects of their day-to-day running. Applications such as Office 365, OneDrive, Gmail, Mailchimp, WhatsApp, YouTube, are all examples of cloud-based entities.
Due to the growing prevalence of cloud-based assets, understanding cloud security is vitally important for cyber practitioners, and it can give your CV a real edge, as it’s still a relatively new marketspace.
Certifications and learning pathways
The cloud marketspace is dominated by Amazon, Microsoft, and Google, and most businesses use one of these vendors for their cloud service needs. You can obtain vendor-neutral certifications which evidence your underlying knowledge of cloud security principles. This is handy as you won’t always know which cloud provider your next employer will use.
You can also obtain vendor-specific certifications which can be just as valuable. After all, if you’re implementing cloud security solutions, you will need to know the intricacies of each vendor’s cloud services platform. We’re going to look at the three vendors first, as much of their training is free and suitable for beginners.
Amazon: Amazon Web Services (AWS)
Amazon is the cloud market leader and have a market share of around 50% outside of Asia. If you’re looking towards vendor-specific certifications or training, we’d recommend starting here. In fact, you should probably start here regardless, as the free training is ok. And if you want to become certified, the exam vouchers are relatively affordable too.
Step 1: ‘AWS Cloud Practitioner Essentials’
This is AWS’s introductory certification and it comes alongside a free e-learning course. The free course will take around 6 hours to complete and is a mixture of video instruction and written material. The exam voucher is $100 and you’ll get the AWS Cloud Practitioner certification. This track helps with business understanding. The why, when, and how of cloud computing is included, but importantly, it also includes an introduction to AWS cloud security.
Amazon also offer the ‘AWS Certified Security – Specialty’ certification and the exam costs $300. This isn’t as beginner friendly and normally comes after a year or so experience working with AWS. That said, you can definitely get started and learn the basics of AWS security as a newcomer.
Step 2: Getting Started with AWS Security, Identity, and Compliance
A 3-hour e-learning course which introduces various services in the AWS Security, Identity, and Compliance category. Beginner friendly.
Step 3: AWS Security Fundamentals (Second Edition)
This is a two hour e-learning course which further expands on AWS cloud security principles and includes access control, data encryption methods, and how network access to your AWS infrastructure can be secured. Beginner friendly.
Microsoft’s cloud services are called Microsoft Azure. They’re the second largest provider with around 15-20% market share and also offer free online training.
Microsoft Azure Fundamentals (AZ-900) is the natural starting point and they have a free e-learning course for this. The course covers cloud concepts, Azure services, Azure workloads, security and privacy in Azure, as well as Azure pricing and support. The exam voucher is £69.
The next logical step is ‘Azure Security Engineer Associate (AZ-500)‘. Again, a free e-learning course is available with the exam voucher being £113, but like the AWS Certified Security certification, this would normally come once you’ve had a year working with Azure. No harm in taking the free online course, though!
‘Google Cloud Platform’ is Google’s cloud service. They’re currently the third largest provider with around 10% UK market share but this is set to increase over the coming years. They don’t really have much of a certification pathway and you have to dig around to find Google’s Cloud training resources. But Google do one thing very well, and that’s guided hands-on training.
By far the best place to start is with their ‘Google Cloud Computing Foundations’ programme on QwikLabs. It’s a 4-part course consisting of lessons and hands-on labs;
- Cloud Computing Fundamentals
- Infrastructure in Google Cloud
- Networking and Security in Google Cloud
- Data, ML, and AI in Google Cloud
You get a certain amount of free credits, and the course is a mixture of videos, hands-on labs, and text.
There are also 3 unlisted YouTube videos which are part of the ‘Google Cloud Onboard’ programme. You normally have to sign up to get access, but we’ve shared them with you here;
- Into to Google Cloud: https://youtu.be/ztB_VPOimdg
- Core Infrastructure: Virtual Machines & Storage: https://youtu.be/w210Be7UrsY
- Core Infrastructure: Containers & Application Development, Deployment, and Monitoring: https://youtu.be/oCdLJW_1V4w
The first certification you would look towards with Google is the ‘Google Cloud Certified Cloud Engineer’. Again, this would come a bit later in someone’s personal development pathway.
Vendor-neutral Cloud Security Certifications: Beginner to Advanced
Cloud Essentials+ by CompTIA
If you want to get started with cloud concepts and cloud security, then CompTIA’s ‘Cloud Essentials+’ certification is by far the best place to start. It’s new-comer friendly and includes general cloud concepts, business understanding, alongside cloud security concepts and governance, risk, compliance (GRC).
Certificate of Cloud Security Knowledge by Cloud Security Alliance (CCSK)
CCSK gives you a cohesive and vendor-neutral understanding of how to secure data in the cloud, which will prepare you to earn cloud credentials specific to certain vendors or job functions. It’s an open-book exam, meaning it’s an achievable certification for those new to Cloud Security, but it is quite broad and dedicated study time is needed. This certification is well-recognised by employers around the world.
Certified Cloud Security Professional by ISC2 (CCSP)
The CCSP certification is the most widely recognised cloud security certification. It shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures. It’s the go-to certification for those who want to specialise in cloud security.
There are a number of resources available to study for the above certifications, but the best material isn’t free. There are a number of courses available on Coursera and Udemy which cover these cloud security certifications, and they’re often only £10-£20.
Hungry for more Cloud Security knowledge?
If you want to learn cloud security, and are considering a career switch to cyber, you might want to think about joining one of our re-training courses at CAPSLOCK.
We re-skill adults into cyber professionals in as little as four months. There are no up-front costs involved, and you don’t need existing cyber knowledge to apply. This makes our courses ideal for cyber and cloud security beginners.
Our course focuses on re-training people via a revolutionary curriculum designed by former cyber security lecturers. It features over 400 hours of live tuition in an online classroom, over a period of either 16 weeks (full-time) or 26 weeks (part-time).
Learners will graduate with vital cyber skills such as ethical hacking, defensive operations, and cloud security. They also have the option to gain industry recognised cyber qualifications to further boost their employability. These certifications include CompTIA Security+, ISO27001, and CISMP.
Rather than charging learners an upfront tuition fee, we use the Income Share Agreement model. Learners simply pay back a percentage of their income after completing the course, but only if they land a high-paying job. This means there are no up-front costs to do our course, making it an ideal way to get your cyber career off the ground.
Applications are open at enrol.capslock.ac and the first courses start in February 2021. Applications for the February courses close on the 31st Jan 2021, but you can still apply for future courses.