Conducting a Cloud Security Threat Model & Assessment

Abstract

Conducting a thorough cloud security assessment is different from traditional enterprise security. With a control plane exposed to the world, developers constantly pushing changes, and the complexities of multiple cloud vendors, the complexity is high. Security tools can provide an exhaustive and exhausting laundry list of findings, but which ones are meaningful? How do you ensure that things aren’t missed and the entire cloud environment is assessed?

Join our immersive two-day course to master cloud security assessments in AWS, GCP, and Azure. You’ll dive into risk analysis, industry frameworks, and modern cloud threat models. Learn how to prioritize Cloud Security Posture Management (CSPM) findings, secure your deployment pipelines, and manage both human and system access effectively in a public cloud environment.

At the end of this class, students will have the knowledge and skills to conduct a cloud security assessment of an organization’s cloud governance and applications deployed into the cloud.

Target Audience & Prerequisites

This class is designed for general security practitioners and auditors. General familiarity with AWS is helpful but not required. While many of the examples will be in AWS, we will cover the key things to identify in Azure and Google environments too. This is a hands-on class where students will review a fictional company’s cloud environment and applications. Students must bring a laptop and be prepared to navigate the AWS console and command line.

Schedule

This class is offered on-site in either a full or half-day format.

The full-day format is 7 hours each day (with an hour for lunch), while the half-day format is 4 hours each day. Both formats allow busy students time to deal with daily tasks, so they’re not forced to answer emails or put out fires during class. If you have more than 15 students, or need to provide operational coverage, we can support morning and afternoon cohorts.

Curriculum Outline

Day 1

  1. Introduction to the Class
    1. What is the cloud anyway?
    2. What you need to protect: Cloud/Network/Deployment Plane
  2. The Cloud Is Dark and Full of Terrors - A Primer on how misconfigurations occur and how attackers leverage them.
  3. Lab 1 - A Tale of Two Fooli
  4. Assessment Methodology
    1. Benchmarks & Frameworks
    2. Cloud Threat Models
    3. Writing your own cloud security standards & baselines
  5. Cloud Hierarchy
    1. AWS Orgs
    2. Google Workspace
    3. Azure
  6. Cloud Security Tools
    1. Cloud provider native
      1. GuardDuty, Macie, IAM Access Analyzer
      2. Defender & Friends
      3. Google Cloud Command Center
    2. CSPM & the Gartner alphabet soup
  7. Lab 2 - CSPM & Prowler
  8. Cloud Networking
    1. VPCs & VNETs
    2. Security Groups & native firewalls
    3. VPC interconnectivity
  9. Lab 3 - Cloud Network Security Assessment
  10. Cloud Identity
    1. IAM Users, Roles, Federation
    2. My God, It’s Full of Stars - the quest for least privilege
  11. Assessing Azure AD EntraID
  12. Lab 4 - Leverage Steampipe for total cloud visibility

Day 2

  1. Cloud Ransomware
    1. How cloud ransomware differs from traditional ransomware
    2. Ransomware mitigations & recovery
  2. Lab 5 - AWS Backup
  3. GitHub Security
    1. Managing Access
    2. Finding Secrets
    3. GitHub Actions & other pipelines
    4. Defending the Supply chain
    5. Shifting left
  4. Lab 6 - GitHub & CI/CD
  5. GuardRails - Advantages & Limitations
    1. Governance Policies (SCPs, Organization Policies, Blueprints)
    2. Auto-remediation (provider-native & Cloud Custodian)
  6. Lab 7 - Implementing GuardRaids at Fooli
  7. Containers & Cloud Native
    1. Containers Primers
    2. Orchestration
  8. Lab 8 - Assessing a cloud-native application
  9. Incident Response
    1. Preparation
    2. Telemetry sources
    3. Detections
  10. Lab 9 - Incident Response Readiness Assessment
  11. Lab 10 - Incident Response Simulation
  12. Wrap-up and additional resources

Instructor Bio

Chris Farris is a highly experienced IT professional with a career spanning over 25 years. During this time, he has focused on various areas, including Linux, networking, and security. For the past eight years, he has been deeply involved in public cloud and public cloud security in media and entertainment, leveraging his expertise to build and evolve multiple cloud security programs.

Chris is passionate about enabling the broader security team’s objectives of secure design, incident response, and vulnerability management. He has developed cloud security standards and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he has architected and implemented numerous serverless and traditional cloud applications, focusing on deployment, security, operations, and financial modeling.

He is one of the organizers of the fwd:cloudsec conference and presented at various AWS conferences and BSides events. He was named one of the inaugural AWS Security Heroes. Chris shares his insights on security and technology on social media platforms like Twitter, Mastodon and his website https://www.chrisfarris.com.

Pricing

On-site classes in the US & Canada are billed at a flat rate for up to 15 students. PrimeHarbor will provide each student with their own Fooli target environment. The hosting company only needs to provide a projector, wireless connectivity, and HTTP/HTTPS and SSH access to the internet.