logo

CCSK Course

course overview

Click to View dates & book now

Overview

This Cloud Security Bootcamp offers the best two cloud security certifications on the market, within one blended cloud security bootcamp. Accelerate your cloud security skills, with practical hands-on cloud labs with the combined with the CourseMonster Certified Practitioner Certificate in Cloud Security (CourseMonsterPCCS) which is accredited under the NCSC Certified Training scheme and the industry leading cloud certification from the Cloud Security Alliance CCSK.

As organizations migrate to the cloud, they need information security professionals who are cloud savvy. The CCSK certificate is widely recognized as the standard of expertise for cloud security and provides you with the foundations you need to secure data in the cloud. How you choose to build on that knowledge is your choice.

Both online cloud certification exam vouchers are included, taken post course.

Skills Gained

Delegates will learn about the following topics:

  • Cloud Concepts
  • Cloud Computing Fundamentals
  • Virtualisation
  • Cloud Security Frameworks, Principles, Patterns and Certifications
  • AWS Security Technologies
  • Microsoft Azure and Office 365
  • Google Cloud Platform and G Suite
  • Assurance
  • Data Protection and Compliance
  • Data Security for Cloud Computing
  • Infrastructure Security for Cloud Computing
  • Application Security and Identity Management for Cloud Computing
  • Managing Cloud Security and Risk
  • Containers
  • Web Application Security
  • Cloud Identity Services
  • Serverless
  • Cloud Security Operations
  • Cloud Security as a Service
  • Automation
  • Continuous Integration Pipeline
  • DevSecOps

Prerequisites

There are no pre-requisites. However, we recommend that all delegates have an understanding of the general technologies, for example Operating Systems and Networking and Security principles. Experience of using cloud services and security technologies is helpful but not essential.

For those delegates looking for some pre-course general cloud security background, guidance and organisational compliance, the NCSC cloud security collection is probably the single best resource.

CCSK exam prep is also available for free here, https://cloudsecurityalliance.org/education/ccsk/study-guide/

Outline

DAY ONE

Introduction

  • Introductions
  • Objectives of course
  • Agenda

Cloud Concepts

  • CCSK - What is Cloud Computing?
  • CCSK - Why is everyone moving to the Cloud?
  • CCSK - Cloud computing model
  • CCSK - Infrastructure, Platform and Software as a Service
  • CCSK - Boundaries and responsibilities
  • CCSK - Cloud Service Providers – Gartner Magic Quadrant(s)
  • CCSK - Cloud reference architectures

Virtualisation

  • Overview of different virtualisation technologies and types covering storage, networks and systems.

Cloud Security Frameworks, Principles, Patterns and Certifications

  • CCSK - Security Principles
  • CCSK - Cloud Security Alliance (CSA) Cloud Control Matrix
  • GOV.UK Cabinet Office and NCSC Cloud Security Principles
  • CCSK - Security Architecture Frameworks
  • CSSK - Security Architecture Patterns
  • CSSK - Cloud Security Architecture Patterns
  • CSSK - Trusted Cloud Initiative Reference Architecture
  • CSSK - Cloud Security Certifications

AWS Security Technologies

  • EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
  • Availability zones and regions
  • Internet Gateway, Elastic IPs, NAT Gateway, DirectConnect
  • Security Implications of Elastic Load Balancing (ELB) and auto-scaling
  • Security Groups, Flow Logs, S3, ACLs and subnet routing
  • AWS Config, CloudTrail, CloudWatch, Trusted Advisor
  • IPSec VPN options: AWS VPNs, third party solutions
  • AWS CloudFront, Web Application Firewall and Certificate Manager
  • Vulnerability management using AWS Inspector
  • AWS Key Management Service (KMS) and CloudHSM
  • AWS Identity and Access Management (IAM)
  • Labs providing practical experience of implementing and using AWS security technologies

Quiz

  • End of day knowledge check – exam style questions

DAY TWO

Microsoft Azure and Office 365

  • Azure platform security architecture
  • Azure Virtual Networks
  • Azure network security best practices
  • Azure data security and encryption best practices
  • Azure Active Directory
  • Federated identity and Single Sign On
  • Azure Multi-factor authentication
  • Azure Key Vault
  • Azure Virtual Machine encryption
  • Microsoft Antimalware for Azure Cloud Services and Virtual Machines
  • Azure Security Center
  • Office 365 Service Architectures
  • Office 365 security across physical, logical and data layers
  • Office 365 email encryption options
  • Exchange Online Protection
  • GOV.UK Microsoft Office Security Guidance
  • Labs providing practical experience of implementing and using Microsoft Azure security technologies

Google Apps for Work

  • Google Apps for Work applications and architectures
  • Integration with corporate directories
  • Single sign-on to enforce use of corporate devices and threat prevention
  • GOV.UK Google Apps for Work Security Guidance
  • Google Admin Console
  • Google Authenticator
  • Organisational Units
  • Administrative roles
  • Data privacy opt-in

Assurance

  • Centre for Internet Security (CIS) Foundation Benchmarks
  • CCSK - Penetration tests of cloud environments
  • CCSK - External audit and configuration review

Data Protection and Compliance

  • CCSK - Personally Identifiable Information (PII) and Personal Data
  • UK Data Protection Act and Information Commissioner’s Office (ICO)
  • CCSK - European Union (EU) Data Protection Directive
  • CCSK - EU General Data Protection Regulation (GDPR)
  • Cyber Essentials Plus
  • CCSK - Cloud Security Alliance STAR
  • CCSK - PCI DSS
  • CCSK - AICPA SOC3 (formerly SAS70)
  • CCSK - ISO 27001

DAY THREE

Containers

  • Concept of containers
  • Docker
  • Why development teams are moving to containers
  • Security issues of containers
  • Container security good practice
  • CIS Benchmark for Docker and Docker Bench tool
  • Orchestration – Kubernetes
  • Security features of Kubernetes
  • Orchestration – Docker Swarm
  • Cloud Service Provider container platforms (AWS, Azure, Google)
  • Container security solutions (e.g. Twistlock, NeuVector, AquaSecurity)
  • Labs providing hands-on experience of Docker containers and potential security issue

Web Application Security

  • OWASP Top 10
  • Threat Modelling
  • CCSK - Secure Software Development Lifecycle

Cloud Identity Services

  • CCSK - SAML
  • CCSK - oAuth, oAuth 2.0 and OpenID Connect
  • CCSK - Cloud Identity Providers

DAY FOUR

Serverless

  • CCSK - Concept of ‘serverless’
  • CCSK - Pros and Cons
  • AWS Lambda
  • Step functions
  • Dynamo DB
  • SQS, SWS, S3
  • Serverless application architecture
  • Security implications
  • Environment Variable encryption
  • Azure Cloud Functions
  • Google Cloud Functions
  • Labs providing hands-on experience of Serverless architectures

Cloud Security as a Service

  • CCSK - Cloud Security Services
  • CCSK - Cloud analytics, e.g. Splunk Cloud
  • CCSK - Cloud security operations management, e.g. AlertLogic

Cloud Security Workshop

  • Scenario requirement
  • Develop security architecture in groups
  • Present back to wider group, review and discuss

DAY FIVE

Automation

  • Cloud service provider automation tools
  • Terraform by Hashicorp
  • Hardened build images
  • Vault by Hashicorp
  • Patching and update strategies
  • DevSecOps

Continuous Integration Pipeline

  • CCSK - Continuous Integration Pipeline
  • Automated environment testing
  • Jenkins
  • Security issues

DevSecOps Lab

  • Hands-on experience of coding security improvements and automated deployments
  • End of section quiz – exam style questions

Exams taken post course:

CCSK Exam - This is an open-book, online exam, completed in 90 minutes with 60 multiple-choice questions selected randomly from the CCSK question pool. The minimum passing score is 80%.

Practitioner Certificate in Cloud Security Exam – This is a closed book, online exam, completed in 70 minutes with 70 multiple –choice questions, minimum pass mark 50%

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.