Cloud Security Engineer

abnmi

What courses/certs do you think would help in becoming a Cloud Security Engineer.

Find more posts tagged with

cloud

#splunk #certification #certifieduser

help

#Education

Comments

TheFORCE

Cissp, aws, azure, networking knowledge and domain knowledge from 10 different other areas.

abnmi

what what domains if I can ask.

cyberguypr

SANS SEC 545

powerfool

Understand the technologies that you're looking to secure.

jayc71

I work as a Cloud Security Architect, I currently just maintain several AWS certs and a CISSP. Will get around to taking the CCSP eventually. A lot of the job is based on past experience as an engineer, knowing networking, storage, OS's and security tools, plus how to build things in the cloud (granted I focus on AWS, but the high-level concepts are similar with Azure, GCP, etc). Having a background of working in highly secure environments helps, it makes security issues in less secure (ie private sector) environments really jump out at you. Understanding the policy side is key as well, it teaches you how to play the game with the security people you run into who do not have a technical background.

chrisone

Question, from what you have described it seems most of your infrastructure is in AWS? Is your domain infrastructure (DCs, AD, etc) still on-prem or Azure or AWS? If your domain infrastructure is AWS why not Azure? Sorry for all the questions, but I really wanted to pick a cloud security architects brain.

Thanks

jayc71

chrisone said:

Question, from what you have described it seems most of your infrastructure is in AWS? Is your domain infrastructure (DCs, AD, etc) still on-prem or Azure or AWS? If your domain infrastructure is AWS why not Azure? Sorry for all the questions, but I really wanted to pick a cloud security architects brain.

Thanks

It's a mix. I work with a couple different clients, both still have on-prem infrastructure. One has extended their internal AD/DNS infrastructure into AWS by running DC's on EC2 and another still maintains all of that on-prem with Direct Connects back to the datacenter. We federate access to allow AD users/groups to login and manage cloud resources, it works very well. AWS instead of Azure has mostly been a matter of choice by the clients and their internal IT teams. It can definitely be done on either platform.

For my own consulting company, we run everything out of Office365 with no real infrastructure (granted we are small), and we federate AWS access via Jumpcloud for our internal AWS labs and systems.

chrisone

Very cool! Thanks for the reply.

I guess I am still trying to wrap my mind around building Microsoft infrastructure in AWS over Azure. There is just more integration a company can take advantage of with their Microsoft domain and all the Azure and O365 features.

I get it that AWS is great at many things, and I write this prematurely and with little aws experience, but it seems they are great at storage, web, IaaS, PaaS, but do they compete with Microsoft O365 in SaaS?

just wondering what your thoughts are.

thanks!

scasc

Pretty much the best way to authenticate via federated access over SAML. I’ve been working in both environments and they both are pretty good with a rich range of options to use to protect each layer of the stack. Traditionally AWS was built to shift your workloads as an IaaS and now they like MS are also pushing out server less automation via PaaS - rapid development and action based on rule sets.

jayc71

chrisone said:

Very cool! Thanks for the reply.

I guess I am still trying to wrap my mind around building Microsoft infrastructure in AWS over Azure. There is just more integration a company can take advantage of with their Microsoft domain and all the Azure and O365 features.

I get it that AWS is great at many things, and I write this prematurely and with little aws experience, but it seems they are great at storage, web, IaaS, PaaS, but do they compete with Microsoft O365 in SaaS?

just wondering what your thoughts are.

thanks!

AWS has ways to leverage AD like the AD Connector and Directory Service, or you can just run DCs on EC2 or set up ADFS, but yeah I get what you mean. Azure is in MS's universe so approaching cloud from a Windows/AD infrastructure point of view it probably makes sense to stick with MS's cloud. AWS and O365, from my point of view, are very different offerings. Many environments I have worked in have utilized them side by side to take advantage of the strengths of each.

chrisone

Thanks @jayc71 & @scasc for the great responses!

scasc

No problem at all. You can leverage either cloud model in both - and depending on the shared responsibility of cloud you would want to deploy appropriate controls, I.e. SaaS is higher up the stack so you have less security responsibility than the others.

In respect to O365 - as mentioned above it’s different to AWS though more in line with something like sales force or archer (SaaS based where you can choose how to access/enforce permissions based on roles etc).

With MS. If you have an O365 license you get an azure offering included. Clever way to boost the appeal, just like IE with Windows.