Cloud Security Engineer

abnmiabnmi Member Posts: 66 ■■■□□□□□□□
What courses/certs do you think would help in becoming a Cloud Security Engineer.

Comments

  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    Cissp, aws, azure,  networking knowledge and domain knowledge from 10 different other areas.
  • abnmiabnmi Member Posts: 66 ■■■□□□□□□□
    what what domains if I can ask. 
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,885 Mod
  • powerfoolpowerfool Senior Member Member Posts: 1,647 ■■■■■■■■□□
    Understand the technologies that you're looking to secure.
    AZ-203 [ ] AZ-400 [ ]
    2020 Goals: Azure Developer, Azure DevOps Expert
  • jayc71jayc71 Member Member Posts: 107 ■■■■□□□□□□
    I work as a Cloud Security Architect, I currently just maintain several AWS certs and a CISSP.  Will get around to taking the CCSP eventually.  A lot of the job is based on past experience as an engineer, knowing networking, storage, OS's and security tools, plus how to build things in the cloud (granted I focus on AWS, but the high-level concepts are similar with Azure, GCP, etc).  Having a background of working in highly secure environments helps, it makes security issues in less secure (ie private sector) environments really jump out at you.  Understanding the policy side is key as well, it teaches you how to play the game with the security people you run into who do not have a technical background.  
    CISSP, CCSK, Sec+, AWS CSA/Developer/Sysops Admin Associate, AWS CSA Pro, AWS Security - Specialty, ITILv3, Scrummaster, MS, BS, AS, 2nd place in the 6th grade spelling bee, All-District offensive line one year in HS, pretty handsome according to my mom.
  • chrisonechrisone Senior Member Member Posts: 2,045 ■■■■■■■■■□
    edited May 8
    Question, from what you have described it seems most of your infrastructure is in AWS? Is your domain infrastructure (DCs, AD, etc) still on-prem or Azure or AWS? If your domain infrastructure is AWS why not Azure? Sorry for all the questions, but I really wanted to pick a cloud security architects brain.

    Thanks
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: PTXv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500, eLearnSecurity: eWPT (in-progress), eLearnSecurity: eCIR (complete), eLearnSecurity: eCPTXv2
  • jayc71jayc71 Member Member Posts: 107 ■■■■□□□□□□
    chrisone said:
    Question, from what you have described it seems most of your infrastructure is in AWS? Is your domain infrastructure (DCs, AD, etc) still on-prem or Azure or AWS? If your domain infrastructure is AWS why not Azure? Sorry for all the questions, but I really wanted to pick a cloud security architects brain.

    Thanks
    It's a mix.  I work with a couple different clients, both still have on-prem infrastructure.   One has extended their internal AD/DNS infrastructure into AWS by running DC's on EC2 and another still maintains all of that on-prem with Direct Connects back to the datacenter.  We federate access to allow AD users/groups to login and manage cloud resources, it works very well.  AWS instead of Azure has mostly been a matter of choice by the clients and their internal IT teams.  It can definitely be done on either platform. 

    For my own consulting company, we run everything out of Office365 with no real infrastructure (granted we are small), and we federate AWS access via Jumpcloud for our internal AWS labs and systems. 
    CISSP, CCSK, Sec+, AWS CSA/Developer/Sysops Admin Associate, AWS CSA Pro, AWS Security - Specialty, ITILv3, Scrummaster, MS, BS, AS, 2nd place in the 6th grade spelling bee, All-District offensive line one year in HS, pretty handsome according to my mom.
  • chrisonechrisone Senior Member Member Posts: 2,045 ■■■■■■■■■□
    Very cool! Thanks for the reply.

    I guess I am still trying to wrap my mind around building Microsoft infrastructure in AWS over Azure. There is just more integration a company can take advantage of with their Microsoft domain and all the Azure and O365 features.

    I get it that AWS is great at many things, and I write this prematurely and with little aws experience, but it seems they are great at storage, web, IaaS, PaaS, but do they compete with Microsoft O365 in SaaS?

    just wondering what your thoughts are.

    thanks!
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: PTXv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500, eLearnSecurity: eWPT (in-progress), eLearnSecurity: eCIR (complete), eLearnSecurity: eCPTXv2
  • scascscasc Member Posts: 285 ■■■■□□□□□□
    Pretty much the best way to authenticate via federated access over SAML. I’ve been working in both environments and they both are pretty good with a rich range of options to use to protect each layer of the stack. Traditionally AWS was built to shift your workloads as an IaaS and now they like MS are also pushing out server less automation via PaaS - rapid development and action based on rule sets.
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
  • jayc71jayc71 Member Member Posts: 107 ■■■■□□□□□□
    chrisone said:
    Very cool! Thanks for the reply.

    I guess I am still trying to wrap my mind around building Microsoft infrastructure in AWS over Azure. There is just more integration a company can take advantage of with their Microsoft domain and all the Azure and O365 features.

    I get it that AWS is great at many things, and I write this prematurely and with little aws experience, but it seems they are great at storage, web, IaaS, PaaS, but do they compete with Microsoft O365 in SaaS?

    just wondering what your thoughts are.

    thanks!
    AWS has ways to leverage AD like the AD Connector and Directory Service, or you can just run DCs on EC2 or set up ADFS, but yeah I get what you mean.  Azure is in MS's universe so approaching cloud from a Windows/AD infrastructure point of view it probably makes sense to stick with MS's cloud.  AWS and O365, from my point of view, are very different offerings.  Many environments I have worked in have utilized them side by side to take advantage of the strengths of each.  
    CISSP, CCSK, Sec+, AWS CSA/Developer/Sysops Admin Associate, AWS CSA Pro, AWS Security - Specialty, ITILv3, Scrummaster, MS, BS, AS, 2nd place in the 6th grade spelling bee, All-District offensive line one year in HS, pretty handsome according to my mom.
  • chrisonechrisone Senior Member Member Posts: 2,045 ■■■■■■■■■□
    Thanks @jayc71 & @scasc for the great responses! 
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: PTXv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500, eLearnSecurity: eWPT (in-progress), eLearnSecurity: eCIR (complete), eLearnSecurity: eCPTXv2
  • scascscasc Member Posts: 285 ■■■■□□□□□□
    No problem at all. You can leverage either cloud model in both - and depending on the shared responsibility of cloud you would want to deploy appropriate controls, I.e. SaaS is higher up the stack so you have less security responsibility than the others. 

    In respect to O365 - as mentioned above it’s different to AWS though more in line with something like sales force or archer (SaaS based where you can choose how to access/enforce permissions based on roles etc).

    With MS. If you have an O365 license you get an azure offering included. Clever way to boost the appeal, just like IE with Windows. 
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
Sign In or Register to comment.