Conducting a Cloud Security Assessment
Abstract
Conducting a thorough cloud security assessment is different from traditional enterprise security. With a control plane exposed to the world, developers constantly pushing changes, and the complexities of multiple cloud vendors, the complexity is high. Security tools can provide an exhaustive and exhausting laundry list of findings, but which ones are meaningful? How do you ensure that things aren’t missed and the entire cloud environment is assessed?
In this two-day class, students will learn how to conduct an assessment of a fictional cloud company with a footprint in AWS. We’ll discuss risk, frameworks, and cloud threat models. Students will understand how to prioritize CSPM findings, protect deployment pipelines, and understand how to manage human and system access in the public cloud.
At the end of this class, students will have the knowledge and skills to conduct a cloud security assessment of an organization’s cloud governance and applications deployed into the cloud.
Target Audience & Prerequisites
This class is designed for general security practitioners and auditors. General familiarity with AWS is helpful but not required. This is a hands-on class where students will review a fictional company’s cloud environment and applications. Students must bring a laptop and be prepared to navigate the AWS console and command line.
Schedule
This class is offered on-site in either a full or half-day format.
The full-day format is 7 hours each day (with an hour for lunch), while the half-day format is 4 hours each day. Both formats allow busy students time to deal with daily tasks, so they’re not forced to answer emails or put out fires during class. If you have more than 15 students, or need to provide operational coverage, we can support morning and afternoon cohorts.
Curriculum Outline
Day 1
- Introduction to the Class
- What is the cloud anyway?
- What you need to protect: Cloud/Network/Deployment Plane
- Lab 1 - Welcome to Fooli
- The Cloud Is Dark and Full of Terrors - A Primer on how misconfigurations occur and how attackers leverage them.
- Assessment Methodology
- Benchmarks & Frameworks
- Cloud Threat Models
- Writing your own cloud security standards & baselines
- Cloud Security Tools
- Cloud provider native
- GuardDuty, Macie, IAM Access Analyzer
- CSPM & the Gartner alphabet soup
- Cloud provider native
- Lab 2 - Prowler & SecHub
- Cloud Networking
- VPCs
- Security Groups & native firewalls
- VPC interconnectivity
- Lab 3 - Cloud Network Security Assessment
- Cloud Identity
- IAM Users, Roles, Federation
- My God, It’s Full of Stars - the quest for least privilege
- Lab 4 - Leverage Steampipe for total cloud visibility
- Cloud Ransomware
- How cloud ransomware differs from traditional ransomware
- Ransomware mitigations & recovery
- Lab 5 - AWS Backup
Day 2
- GitHub Security
- Managing Access
- Finding Secrets
- GitHub Actions & other pipelines
- Defending the Supply chain
- Shifting left
- Lab 6 - GitHub & CI/CD
- Incident Response
- Preparation
- Telemetry sources
- Detections
- Lab 7 - Incident Response Readiness Assessment
- Lab 8 - Incident Response Simulation
- Containers & Cloud Native
- Containers Primers
- Orchestration
- Lab 9 - Assessing a cloud-native application
- GuardRails - Advantages & Limitations
- Governance Policies (SCPs, Organization Policies, Blueprints)
- Auto-remediation (provider-native & Cloud Custodian)
- Lab 10 - Implementing GuardRaids at Fooli
- Google Workspace
- Azure AD / Entra ID
- Wrap-up and additional resources
Instructor Bio
Chris Farris is a highly experienced IT professional with a career spanning over 25 years. During this time, he has focused on various areas, including Linux, networking, and security. For the past eight years, he has been deeply involved in public cloud and public cloud security in media and entertainment, leveraging his expertise to build and evolve multiple cloud security programs.
Chris is passionate about enabling the broader security team’s objectives of secure design, incident response, and vulnerability management. He has developed cloud security standards and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he has architected and implemented numerous serverless and traditional cloud applications, focusing on deployment, security, operations, and financial modeling.
He is one of the organizers of the fwd:cloudsec conference and presented at various AWS conferences and BSides events. He was named one of the inaugural AWS Security Heroes. Chris shares his insights on security and technology on social media platforms like Twitter, Mastodon and his website https://www.chrisfarris.com.
Pricing
On-site classes in the US & Canada are billed at a flat rate for up to 15 students. PrimeHarbor will provide each student with their own Fooli target environment. The hosting company only needs to provide a projector, wireless connectivity, and HTTP/HTTPS and SSH access to the internet.