Certified Cloud Security Professional Training Course

Cloud Computing Security Knowledge (CCSK) Preparation Course

The CCSK course is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. As cloud computing is becoming the dominant IT system, CCSK is applicable to a wide variety of IT and information security jobs in virtually every organization. The CCSK is strongly recommended for IT auditors, system administrators, security professionals with at least 5 years of experience

After completing this course, the student will be able to:

• Validate their competence gained through experience in cloud security
• Prepare for the CCSK exam.
• Demonstrate their technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards
• Differentiate themselves from other candidates for desirable employment in the fast-growing cloud security market
• Gain access to valuable career resources, such as tools, networking and ideas exchange with peers
• Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure cloud business environmen

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Description:

This 2-day CCSK Plus course includes all content from the CCSK Foundation course, and expands on it with extensive hands-on labs in a second day of training. Students will learn to apply their knowledge by performing a series of exercises involving a scenario that brings a fictional organization securely into the cloud. After completing this training, students will be well prepared for the CCSK certification exam, sponsored by Cloud Security Alliance. This second day of training includes additional lecture, although students will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.

Objectives:

This is a two day class that begins with the CCSK- Basic training, followed by a second day of additional content and hands-on activities

Target Audience:

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security.

The CCSK Plus builds on the foundation class with expanded material and offers extensive hands-on activities that reinforce classroom instruction. Students engage in a scenario of bringing a fictional organization securely into the cloud, which gives them the opportunity to apply their knowledge by performing a series of activities that would be required in a real-world environment.

The CCSK Plus Course includes all the modules in the CCSK Foundation course with additional material.

This is a Cloud Security Alliance (CSA) authorized course and NobleProg is an official CSA Training Partner.

This course is delivered by CSA Authorized CCSK Instructors. 

All attendees receive:

• official CSA CCSK Plus course certificates
• official CCSK Foundation Student Handbooks
• 1 CCSK exam voucher and 1 re-attempt exam voucher

This course covers the most current version of the CCSK exam - currently version 4.1.

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.

Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.

The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.

The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand major threats and risks in the cloud domain
• Learn about elementary cloud security solutions
• Get information about the trust and the governance regarding the cloud
• Have a practical understanding of cryptography
• Get extensive knowledge in application security in the cloud
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Understand the challenges of auditing and evaluating cloud systems for security
• Learn how to secure the cloud environment and infrastructure
• Get sources and further readings on secure coding practices

Audience

Developers, Managers, Professionals

This course will equip you to implement appropriate security controls in the cloud, often using automation to "inspect what you expect." We will begin by diving headfirst into one of the most crucial aspects of cloud - Identity and Access Management (IAM). From there, we'll move on to securing the cloud through discussion and practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models of: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS).

The course is providing practical knowledge on OpenStack and private cloud security. It starts from the introduction to the system, then the participants are getting practical knowledge on security in private clouds and securing OpenStack installation. During the course, each of the core OpenStack modules is presented, participants are building up virtual identity, image, network, compute and storage resources while discussing relevant security topics. Each participant is getting their own training environment with a complete OpenStack installation based on selected cloud architecture (eg. storage, networking). The training could be highly customized based on the needs of the client.

Customization options
The training can be contracted to 2 days, focusing on core aspects relevant for the customer. The training can be also extended regarding administrative, design, networking and/or troubleshooting topics concerning OpenStack deployments