In this course, we’ll explore Amazon Web Services (AWS) as a platform. We will take the perspective of a new startup company spinning up infrastructure in AWS for the very first time. We’ll use a scenario-based approach, where you’ll don the persona of a security engineer on your first day at a new startup. This course will demonstrate ideas like secure-by-default and will examine services and patterns for locking down defaults using a combination of open source and platform-native tooling. Finally, attendees will walk away with a practical understanding of various controls, detections, and guardrails.
In this course, students will learn how to:
- Perform incident response in AWS
- Provide technical guidance to teams implementing security controls on AWS
- Enact user access management models
- Audit for anti-patterns in cloud security
- Prevent common types of data breaches on AWS
- Avoid common mistakes and data breaches
- Build scalable infrastructure
Students will also:
- Gain insight into how to perform architecture reviews
- Gain insight into developing runbooks and playbooks for their organization
- Gain awareness of open-source tools to force multiply the security effort
WHO SHOULD TAKE THIS COURSE
Blue teamers, sysadmins, network admins, those working in devsecops, first responders, or anyone that wants to learn AWS cloud basics.
AUDIENCE SKILL LEVEL
This foundational course is for folks without any AWS skillset. The ideal attendee is someone looking to pivot from traditional sysadmin to CloudSec. Attendees with moderate experience will still benefit from hands-on labs with industry-standard, open-source tools and prescriptive guidance.
Students should have familiarity with basic shell (bash), text editors, and launching VMs on their own machine.
WHAT EACH STUDENT SHOULD BRING
Students should have an AWS account that they are accountable and billable for just for this course. Please do not utilize your existing account.
WHAT STUDENTS WILL BE PROVIDED WITH
- Incident response cheat sheet of Athena queries
- Downloadable VM file for the course
- CloudFormation templates to bootstrap secure environments
- Attack bot infrastructure for simulation of the course attack tactics
TRAINER & AUTHOR
Andrew Krug is a Security Geek specializing in Cloud and Identity and Access Management. Krug brings 15 years experience at the intersection of security, education, and systems administration. As a fierce advocate for Open Source and founder of ThreatResponse tool suite, Andrew has helped inspire the landscape around forensics and incident response in the Cloud. Krug has been a presenter at a variety of conferences, publishing papers with BlackHat USA, DerbyCon, and many more.