How to jump-start your cloud security journey?

Thank you for your interest and response to my newsletter. It's my hope that the information I share is valuable to you and helps you to stay informed on cloud security topics. In the last one, we discussed why you should consider making a career in cloud security and we also touched upon some myths/misconceptions about the cloud security domain. This letter is an extension of the previous one, where we are going to discuss the approach, strategies, what, where, and how to start up-skilling on cloud security topics. Let's get started.

Cloud security is a critical aspect of cloud computing, and it requires specialized skills and knowledge to ensure the security and protection of cloud-based infrastructure and applications. In this newsletter, we are going to discuss below mentioned topics -

• What are essential/most demanding cloud security skills?
• How to start my cloud Security up-skilling journey?
• How to get cloud certification? Do certifications help? Is it even necessary?
• How to prepare for the certifications?
• List of Free/Paid resources

What are essential/most demanding cloud security skills?

Cloud is a buzzword for quite a while and if you are a fresher or an IT professional with no prior experience in the cloud, you must be wondering – how to get into a cloud career. Or what skill do I need to have for cloud security skills? Below are some essential cloud security skills that are in high demand.

• Knowledge of cloud platforms: Cloud security professionals must have a strong understanding of cloud platforms such as Amazon Web Services (AWS) , Microsoft Azure , and Google Cloud . They need to know how to secure and manage these platforms effectively.
• Familiarity with security best practices: Cloud security professionals must be familiar with the latest security best practices, such as data encryption, identity and access management (IAM), and security automation. They must also be able to assess and identify security risks and implement security controls to mitigate them.
• Network security: Cloud security professionals should have a solid understanding of network security concepts such as firewalls, intrusion detection and prevention systems (IDPS), virtual private networks (VPNs), security information and event management (SIEM) systems.
• Compliance and regulatory knowledge: Cloud security professionals should be familiar with various compliance frameworks such as GDPR, HIPAA, and PCI DSS. They must be able to ensure that the cloud infrastructure and applications they manage are compliant with relevant regulations. It is important for them to understand how CSPM (Cloud Security Posture Management), CWPP(Cloud Workload Protection Platform), CNAPP(Cloud Native Application Protection), and CASB (Cloud Access Security Broker) system works and how and where to utilize these technologies to have a robust cloud security infrastructure.
• Incident response: In the event of a security breach, cloud security professionals must be able to respond quickly and efficiently. They should have knowledge of incident response procedures, including how to detect, contain, and remediate security incidents.
• Communication skills: Effective communication skills are essential for cloud security professionals to convey complex technical information to stakeholders. They should be able to explain technical concepts to non-technical personnel in a clear and concise manner.

Is it important to have all the skills to land a job?

It is not always necessary to have all the skills to land a job in cloud security. However, having a combination of the required skills and a willingness to learn and improve can increase your chances of being hired.

When employers are looking for candidates for cloud security roles, they often prioritize skills such as familiarity with cloud platforms, security best practices, compliance and regulatory knowledge, and incident response. However, having experience with a specific cloud platform or a particular security technology is not always required. Employers often prioritize candidates who can demonstrate a willingness to learn and adapt to new technologies and concepts.

How to start my cloud Security up-skilling journey?

To up-skill on cloud security topics, there are several approaches and strategies that can be employed. Below are some steps you can take to start your cloud security up-skilling journey:

Identify your goals and objectives

Before you begin up-skilling, it's essential to determine what you want to achieve. This will help you to focus your efforts and ensure that you are learning the right skills. For example, you may want to become a cloud security engineer or architect because you are already working in IT/cyber security or you are a student and you have no idea where to start from. Goals and objectives would be completely different for different people having different aspirations. Or maybe you are looking for internal movement through IJP (Internal Job Posting) within your organization.

Determine the cloud platforms you want to specialize in

There are different cloud platforms available, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), etc. You should decide which platform(s) you want to specialize in and focus your efforts on mastering their security features and best practices. Let me help you out with some data and facts about these three leaders in the cloud computing space:

• Amazon Web Services (AWS) - was introduced to the world in 2006 and it is so much bigger than its competitors. AWS has around 33% cloud infrastructure market share followed by its nearest competitor Microsoft Azure around 19%. Not only did Amazon offer one of the first major cloud computing platforms widely available, but it also means that AWS has had a decade to refine and perfect its product as well as build a solid customer base. What do these facts mean to you? This means, the bigger the share, the greater the number of employable opportunities and hence good for those getting into entry-level cloud computing jobs. AWS offers 4-level?certifications, starting from foundational,?Associate, professional, and Specialty, all with different scopes and prerequisites. If you choose AWS to start with, then I would suggest starting with the AWS Cloud Practitioner exam. AWS learning resources are an awesome and great place to start learning for free.
• Microsoft Azure - The gap between AWS and Microsoft Azure is closing every year. Azure business value has increased like never before in the last year. Though Azure started publicly in 2010 later than AWS, it has been historically the preferred choice for business because of so many obvious reasons. Since most enterprises already have some kind of service /agreement with Microsoft, they get easy adoption and discounts when they choose Azure as a provider to adopt the cloud. Microsoft has been extensively working on its certification patterns and it has come with some of the greatest role-based certifications including great free learning resources at Microsoft Learn
• Google Cloud : Starting to learn with AWS and Azure is tempting, however, this also means that this is tempting for everyone and hence there are plenty of applicants for each requirement. However, if you go with GCP, you are one of the relatively few candidates to specialize in the field. Check here the details of their certification.

Choose your learning resources

There are several online resources available to learn cloud security. These include online courses, webinars, workshops, and blogs. Some of the popular platforms where you can find courses on cloud security include Coursera , EdX , Udemy , Pluralsight , and A Cloud Guru | A Pluralsight Company But before all of these resources, I highly recommend you create your profile at Microsoft Learn or Amazon Web Services (AWS) learning portal call AWS Skill builder. Here are some of the learning paths I will recommend to start with.

If you are completely new to the cloud, start from here:

• AZ 900 - Microsoft Azure Fundamental: AZ-900: Microsoft Azure Fundamentals is an entry-level certification exam offered by Microsoft. This certification exam is designed for individuals who want to demonstrate foundational knowledge of cloud computing and how Microsoft Azure services work. You can start learning now for absolutely free using Microsoft Learn . (Also Stay tuned by subscribing to the newsletter for upcoming study guide for AZ 900) OR
• AWS Cloud Practitioner Fundamentals: This course is for individuals who seek an overall understanding of the Amazon Web Services (AWS) Cloud, independent of specific technical roles. You will learn about AWS Cloud concepts, AWS services, security, architecture, pricing, and support to build your AWS Cloud knowledge. This course also helps you prepare for the AWS Certified Cloud Practitioner exam.?

If you already have the fundamental knowledge of cloud computing services and you are looking for a cloud security-specific learning path, you should choose with below paths-

• SC-900: Microsoft Security, Compliance, and Identity Fundamentals: SC-900 is a fundamental-level certification exam offered by Microsoft, which focuses on the foundational knowledge of cloud concepts and services. The exam is designed for individuals who want to validate their understanding of cloud computing and its various deployment models and service offerings. (Also Stay tuned by subscribing to the newsletter for the upcoming study guide for SC 900)
• AWS Security Essentials: covers fundamental AWS Cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured. Based on the AWS Shared Security Model, this course teaches where in the AWS Cloud you are responsible for implementing security. You’ll also learn what security-oriented services are available to you, as well as why and how the security services can help meet the security needs of your organization. This course enables you to dive deep, ask questions, work through solutions, and get feedback from AWS-accredited instructors with deep technical knowledge. This fundamental-level course is part of the AWS Training and Certification Security learning path.
• Certification Paths: Below is the list of certification page links of various providers, you can get more details about the certifications (exam cost, course outline, etc.)
• Amazon Web Services
• Microsoft Azure
• Google Cloud Platform

Build a lab environment

To get hands-on experience with cloud security, it's essential to build a lab environment. You can set up a cloud-based virtual lab or use a local setup to practice your skills. This will help you gain practical experience and apply the theoretical knowledge you have gained from your learning resources. You can build a free account at Microsoft Azure or Amazon Web Services (AWS) .

Let me brief you about lab facilities provided by the top 3 cloud providers:

• Microsoft Azure: Azure free lab credit is a benefit offered by Microsoft to enable users to learn and experiment with Azure services without incurring costs. With this benefit, users receive a certain amount of free credit that they can use to create and experiment with virtual machines, cloud services, and other Azure resources. Users can use the free lab credit of $200 to experiment with various Azure services, including virtual machines, storage, databases, and AI services. They can also use it to learn about different Azure features, build proof-of-concept solutions, and test their applications in a cloud environment.
• AWS (Amazon Web Services): AWS offers a free tier that provides users with access to a range of AWS services at no cost. This includes 12 months of free access to compute, storage, and database services, as well as other services such as machine learning and messaging. Additionally, AWS provides $100 in free credit for users to experiment with additional services that are not included in the free tier. The free credit is valid for 30 days and can be used to explore AWS services, build applications, and test different configurations.
• Similarly, Google Cloud offers a free tier that provides users with free access to a range of GCP services. This includes 12 months of free access to compute, storage, and networking services, as well as other services such as databases, machine learning, and developer tools. GCP also offers free credits to users who sign up for the Google Cloud Free Program, which provides $300 in credit for new users to experiment with any GCP service over a period of 12 months.

It's important to note that the free lab credit benefit is available only for a limited time and is subject to certain usage limits. Users should be mindful of these limits and use the credit wisely to avoid incurring additional charges.

Participate in community forums

Engaging with cloud security communities can help you learn from experienced professionals and stay updated on the latest trends and developments in the field. You can join online forums like Reddit, Inc. , LinkedIn , and Slack groups to participate in discussions, ask questions, and share your knowledge.

Get Certified: Where to Start from?

Obtaining cloud security certifications can demonstrate your proficiency in the field and enhance your career opportunities. There are several certifications available, most of them are provided by cloud providers and some of them are vendor agnostic. Let us try to understand-

Vendor-agnostic certifications are those that are not specific to any particular cloud provider, but instead cover broader cloud security concepts and principles. Here are some of the top vendor-agnostic certifications for cloud security:

• Certified Cloud Security Professional (CCSP): This certification is offered by the International Information System Security Certification Consortium (ISC)2 and covers various topics related to cloud security, including cloud architecture and design, data security, identity and access management, and compliance.
• Certified Cloud Security Specialist (CCSS): This certification is offered by the Cloud Credential Council and covers cloud security concepts, cloud risk management, and governance frameworks.
• Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK): This certification is offered by the Cloud Security Alliance and covers cloud security concepts, architecture, governance, and compliance.
• CompTIA Cloud+: This certification covers various cloud computing concepts, including security, virtualization, and infrastructure, as well as cloud deployment and maintenance.

Some of the most popular security certifications by cloud providers are -

AWS Certified Security - Specialty, AZ-500: Microsoft Azure Security Technologies, Google Cloud Certified - Professional Cloud Security Engineer, SC-200: Microsoft Security Operations Analyst, SC-300: Microsoft Identity and Access Administrator, and SC-400: Microsoft Information Protection Administrator. I will talk about these certifications and their passing strategies, labs, etc., in a separate series of articles otherwise this newsletter will become too long.

How to pass cloud certification?

Remember! Skills need hands-on practice to master and cloud is nothing but a hardcore skill.

Passing a cloud certification exam requires preparation and dedication. Here are some steps that can help you prepare for a cloud certification exam:

• Identify the certification exam: Choose the certification exam that is relevant to your career goals and interests. For Example : SC 900
• Study the exam objectives: Review the exam objectives and ensure that you understand the topics covered in the exam.
• Study materials: Use study materials such as books, online courses, practice tests, and hands-on experience with the cloud technology being tested to prepare for the exam.
• Practice exams: Take practice exams to assess your knowledge and identify areas that require further study.
• Schedule the exam: Once you feel confident in your preparation, schedule the exam and ensure that you are familiar with the exam format and rules.
• Review before the exam: Review key concepts and topics before the exam to ensure that you are fully prepared.

Does certification help? Is it even necessary?

Certifications can be valuable in the cloud security industry, as they demonstrate your knowledge and expertise in a particular technology or service. They can also help differentiate you from other candidates and potentially lead to better job opportunities and higher salaries. However, certifications are not necessary for everyone and should be considered in the context of your career goals and aspirations. They can be useful tools for career advancement, but they should be complemented by practical experience and other skills such as communication, teamwork, and problem-solving.

Learn from Free resources, courses, and free-tier Lab

Is it possible? Yes, quite possible. It will require a lot of reading, learning, practice, consistency, and perseverance. Here are some of the greatest free resources that you can start learning-

• Microsoft Azure –?Microsoft Learn
• Microsoft Azure Youtube Channel?– For all the latest things in azure
• Qwiklabs?
• Knowledge India Youtube Channel
• Intellipat Youtube channel
• Edureka Youtube Channel
• AWS Training
• AWS Youtube Channel
• Free Codecamp course Youtube channel?–?This channel has other courses too; you can look for cloud courses.
• GCP Youtube Channel
• Cybrary?– Some courses at cybrary are free

Learn from Paid Resources/Online Courses/instructor-led

• Udemy?–?Udemy has thousands of courses at affordable prices. You may choose the course having the highest number of enrolments/ highest ratings. Here are some of my personal favorite trainers –Ryan Krooneberg, Stephen Marek, and Zeal Vora.
• Pluralsight?– Pluralsight has really good courses, it’s a subscription-based platform. You can start with a free trial.
• LinkedIn Learning?– You can find some really nice courses.
• AcloudGuru?– If I can refer you to one platform out of all the above, It will be?ACloudGuru, only if you can afford it. You may choose if you are a working professional your organization may sponsor.?As a student, you may check for some free courses available.

Instructor-led Classes: You can also get trained live/virtual by highly qualified trainers/ Microsoft Certified Trainers (Paid). You can get trained with exactly what you need to land a job in the cloud domain. Professionals/MCTs (Microsoft Certified Trainers) with their several years of training and industry experience, help you achieve what you need in a timely manner.

Certifications can be valuable in the cloud computing industry, but they should be considered in the context of your career goals and aspirations and should be complemented by practical experience and other skills.

This concludes this newsletter. In the next one, I am going to walk you through the Microsoft Security certifications path along with a few important details and then followed by a series of articles on tips, tricks, and study guide to prepare for each of these security exams.

I hope you enjoyed reading it as much as I enjoyed writing this newsletter. If you liked it, feel free to share this on your timeline along with your thoughts and also?subscribe?to this newsletter. In case you still need help, you can also?book 1:1 with me?if you are looking for specific help in cloud security.

Until the next one, learn more with less, grow more with less & protect more with less. In short, DO MORE WITH LESS. Chaos :)

- Qamar Nomani, CEH, MCT