Hands-on AWS Security
Published by O'Reilly Media, Inc.
Cloud security fundamentals in 7 projects
Course outcomes
- Learn practical techniques for handling some of the most common threats to your cloud implementation
- Review the Cloud Security Alliance’s Egregious 11 top threats and discuss examples from the latest headlines
- Use your non-production AWS account for hands-on practice with the techniques you’ve learned
Course description
Join expert Dean Bushmiller to learn how “the best offense is a good defense” applies to securing your cloud implementation and what you need to know to make yourself a less attractive target. You’ll look at threats drawn from the Cloud Security Alliance’s Egregious 11 and explore mistakes in authentication, access management, DNS resolution, monitoring, encryption, detection and inspection, and configuration, explore what went wrong, and learn how to minimize the danger personally or in the enterprise. After demonstrations for deploying each solution using AWS, you’ll get to practice on your own.
What you’ll learn and how you can apply it
- Deploy authentication soft tokens and FIDO to thwart password guessing
- Configure a bastion host for authorization to cloud resources to create a chokepoint
- Combine DNS and firewall rules to limit egress traffic from your cloud hosts
- Use monitoring from the cloud provider to detect unacceptable behavior
- Protect encryption keys across all devices
- Detect and identify violations in order to take action
- Inspect audit trail data automatically to determine true attacks
- Configure vulnerability management services to protect cloud hosts
This live event is for you because...
- You’re a cybersecurity professional who’s curious about cloud threats and security.
- You’re interested in increasing your proficiency in implementing cloud controls.
- You’re interested in becoming a cloud solutions, enterprise security, infrastructure, solutions, or systems architect.
Prerequisites
- Solid knowledge of information systems and networking
- Intermediate knowledge of cloud computing
Recommended preparation:
- Read the instructor’s GitHub page and download the resources (link to come)
- Build your lab in AWS (20–30 minutes)
- Review CompTIA Security+ (expert playlist)
- Explore Cybersecurity Threats and Vulnerabilities (on-demand course)
- Watch Core Cloud Concepts (video)
Recommended follow-up:
- Take CCSP Certified Cloud Security Professional Preparation (on-demand course)
- Take CISSP 8 Domains (on-demand course)
- Take Certified Ethical Hacker v11 Video Series with Lab Recordings (on demand course)
- Take CASP – Preparing for Security Operations Domain (on demand course)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Authentication mistakes (60 minutes)
- Presentation: It’s always Q&A time (private or public); building lab setup via CloudFormation; getting the most from class = Mentimeter; GitHub, labs, and readings; authentication mistakes
- Demos and hands-on exercises: Access resources; deploy authentication soft tokens and FIDO
- Group discussion: How do you authenticate?
- Q&A
- Break
Access control and resolution mistakes (60 minutes)
- Presentation: Access control mistakes; resolution mistakes
- Group discussion: How do you connect to cloud hosts?; How do you perform DNS resolution?
- Demos and hands-on exercises: Configure a bastion host for authorization; combine DNS and firewall rules to limit egress traffic
- Q&A
- Break
Monitoring and encryption mistakes (60 minutes)
- Presentation: Monitoring and encryption mistakes
- Group discussion: How do you monitor the cloud?; How do you protect secrets?
- Demos and hands-on exercises: Explore monitoring from the cloud provider and protecting encryption keys across all devices
- Q&A
- Break
Detection, inspection, and configuration mistakes (60 minutes)
- Presentation: Detection and inspection mistakes; configuration mistakes
- Group discussion: How do you respond to incidents?; How do you perform configuration management?
- Demos and hands-on exercises: Detect and identify violations; inspect audit trail data automatically; configure vulnerability management services
- Q&A
Your Instructor
Dean Bushmiller
Dean Bushmiller is a virtual CISO, a penetration tester, and a global incident responder. His work with the Z9M9Z think tank impacts many Fortune 500 companies. As an instructor, he won O’Reilly’s Engager Award for 2023, so be ready to learn and have fun. He’s been teaching cybersecurity since 1999 and has achieved more than 34 major cybersecurity certifications and passed over 100 certification exams. Though Dean is nonmilitary, he has had the honor to train the US military since 1999. In recognition of his outstanding service in the Information Assurance field, he has received eight mission coins.