Securing the Cloud Foundations with Andrew Krug

In this course, we’ll explore Amazon Web Services (AWS) as a platform. We will take the perspective of a new startup company spinning up infrastructure in AWS for the very first time.

Live Training $575.00

On-Demand $575.00

Course Length: 16 Hours

Includes a Certificate of Completion

Enroll Now

Next scheduled date: April 1st, 2026 @ 10:00 AM EDT

Description

In this course, we’ll explore Amazon Web Services (AWS) as a platform. We will take the perspective of a new startup company spinning up infrastructure in AWS for the very first time.

We’ll use a scenario-based approach, where you’ll don the persona of a security engineer on your first day at a new startup. This course will demonstrate ideas like secure-by-default and will examine services and patterns for locking down defaults using a combination of open source and platform-native tooling. Finally, attendees will walk away with a practical understanding of various controls, detections, and guardrails.

System Requirements
- Students should attend the course on a laptop using a modern web browser (Chrome or Firefox)
- An AWS Account owned by the learner (not a corporate account) to use as a lab environment

Syllabus

Module 1: Forming your world

Become familiar with the AWS platform
Bootstrapping static IAM users
Setting up consolidated billing and billing alarms
Introduction to Logging

Lab 1.1 Get Familiar with Common Issues

Lab 1.2 Setting up a user

Lab 1.3 Setting up command line AWS access

Lab 1.4 Setting up billing alarms using the CDK

Lab 1.5 Setting up CloudTrail

Lab 1.6 Adversary Emulation

Module 2: Deploying Sample Applications

Become familiar with infrastructure as code (IaC)
Learn to lint and secure IaC
Get familiar with serverless functions
Analyze log files using ANSI SQL

Lab 2.1 Deploying a simple application

Lab 2.2 Get familiar with Terraform

Lab 2.3 Deploying nested stacks

Lab 2.4 Setting up flow logging

Lab 2.5 Setting up DNS logging

Lab 2.6 Analyze Flow Logs

Module 3: Detecting and remediating common misconfigurations

Examining Common Misconfigurations
Auditing for different types of misconfigs using open source
Identity and Access Management mishaps and tools

Lab 3.1 Identify breach root causes

Lab 3.2 Deploying AWS Config

Lab 3.3 Auditing with Prowler

Lab 3.4 Auditing Identity with PMapper

Lab 3.5 Working with permissions boundaries

Module 4 : Maturing your security posture

Understand what guardrails are
Become familiar with AWS Organizations
Manage the lifecycle of SCPs
Building an authentication workflow using single sign on (SSO)
Creating security automations using frameworks

Lab 4.1 Enabling access analyzer

Lab 4.2 Exploring SCPs

Lab 4.3 Exploring the deployment of SCPs with Terraform

Lab 4.4 Setting up Identity Center

Lab 4.5 Creating security automations

FAQ

Key Takeaways

In this course, students will learn how to:

• Perform incident response in AWS
• Provide technical guidance to teams implementing security controls on AWS
• Enact user access management models
• Audit for anti-patterns in cloud security
• Prevent common types of data breaches on AWS
• Avoid common mistakes and data breaches
• Build scalable infrastructure

Students will also:

• Gain insight into how to perform architecture reviews
• Gain insight into developing runbooks and playbooks for their organization
• Gain awareness of open-source tools to force multiply the security effort

Who Should Take This Course

Blue teamers, sysadmins, network admins, those working in devsecops, first responders, or anyone that wants to learn AWS cloud basics.

Anyone looking to pivot their career into the cloud space or go deeper across the set of domains in Cloud Security.

Audience Skill Level

This foundational course is for folks without any AWS skillset. The ideal attendee is someone looking to pivot from traditional sysadmin to CloudSec. Attendees with moderate experience will still benefit from hands-on labs with industry-standard, open-source tools and prescriptive guidance.

This course is designed for learners at any level but is best suited for intermediate practitioners.

Prerequisites

Some command line knowledge working in a Linux terminal
Ability to edit text files
Familiarity with Git workflows

What Each Student Should Bring

Students should have an AWS account that they are accountable and billable for just for this course. Please do not utilize your existing account.

What Each Student Will Be Provided With

• Incident response cheat sheet of Athena queries
• Downloadable VM file for the course
• CloudFormation templates to bootstrap secure environments
• Attack bot infrastructure for simulation of the course attack tactics

About the Instructor

Andrew Krug

Bio

Andrew Krug is a Security Geek specializing in Cloud and Identity and Access Management. Andrew brings 15 years experience at the intersection of security, education, and systems administration. As a fierce advocate for Open Source and founder of ThreatResponse tool suite, Andrew has helped inspire the landscape around forensics and incident response in the Cloud. Andrew has been a presenter at a variety of conferences, publishing papers with BlackHat USA, DerbyCon, and many more.

Register for Upcoming

Filter by Product Date
- 04/01/2026 10:00 AM EDT
Filter by Product Instructor
- Andrew Krug
Filter by Product Type
- Live Training
- On-Demand

This event is part of the Private: SOC Summit