
Overview
Overview
Course Description
Prepares professionals to become skilled Cybersecurity & Cloud Security Engineers with emphasis on Cloud-Security-Compliance-Automation.
Course Features
- Lectures 62
- Quiz 0
- Duration 10 weeks
- Skill level All levels
- Language English
- Students 0
- Certificate No
- Assessments Yes
Curriculum
Curriculum
Curriculum
- 25 Sections
- 62 Lessons
- 10 Weeks
Expand all sectionsCollapse all sections
- PHASE 1: SOLID CYBERSECURITY FOUNDATION (THE "SECURITY" IN DEVSECOPS)This is the non-negotiable baseline. You cannot secure the cloud if you don't understand security fundamentals.0
- MODULE 1: CORE SECURITY CONCEPTS & GOVERNANCEDevelop foundational knowledge of CIA, AAA, and Defense-in-Depth principles while mastering GRC frameworks, risk assessment, and compliance standards (NIST, ISO, GDPR, HIPAA, PCI-DSS, SOC 2) to enhance secure cloud and DevSecOps practices.6
- MODULE 2: NETWORK SECURITYGain practical expertise in TCP/IP, firewalls, proxies, IDS/IPS, and Zero Trust while applying network segmentation and VLAN strategies to design, secure, and monitor resilient cloud and enterprise network infrastructures.10
- 3.1NOTES/VIDEO
- 3.2NETWORK FUNDAMENTALS & PROTOCOL ANALYSIS
- 3.3DEFENSIVE NETWORK ARCHITECTURE
- 3.4FIREWALLS & NETWORK BOUNDARY DEFENSE
- 3.5INTRUSION DETECTION & PREVENTION SYSTEMS
- 3.6VIRTUAL PRIVATE NETWORKS & ENCRYPTED TUNNELS
- 3.7LESSON 6: WIRELESS NETWORK SECURITY
- 3.8LESSON 7: NETWORK MONITORING & TRAFFIC ANALYSIS
- 3.9LESSON 8: CLOUD NETWORK SECURITY
- 3.10LESSON 9: NETWORK ATTACKS & PENETRATION TESTING
- MODULE 4: CRYPTOGRAPHY & SECRETS MANAGEMENTUnderstand cryptography fundamentals, PKI, and secrets management by applying encryption, hashing, and certificate principles to protect data integrity, confidentiality, and secure key lifecycles across cloud and DevSecOps environments.13
- 4.1NOTES/VIDEOS
- 4.2LESSON 1: CRYPTOGRAPHY FUNDAMENTALS & MATHEMATICAL FOUNDATIONS
- 4.3LESSON 2: SYMMETRIC CRYPTOGRAPHY & STREAM CIPHERS
- 4.4LESSON 3: ASYMMETRIC CRYPTOGRAPHY & PUBLIC KEY INFRASTRUCTURE
- 4.5LESSON 4: CRYPTOGRAPHIC HASH FUNCTIONS & MESSAGE AUTHENTICATION
- 4.6LESSON 5: KEY MANAGEMENT LIFECYCLE & BEST PRACTICES
- 4.7LESSON 6: SECRETS MANAGEMENT ARCHITECTURE & PATTERNS
- 4.8LESSON 7: SECRETS MANAGEMENT TOOLS & PLATFORMS
- 4.9LESSON 8: CRYPTOGRAPHY IN DEVOPS PIPELINES
- 4.10LESSON 9: CLOUD CRYPTOGRAPHY SERVICES
- 4.11LESSON 10: CRYPTOGRAPHIC VULNERABILITIES & ATTACKS
- 4.12LESSON 12: CRYPTOGRAPHY COMPLIANCE & GOVERNANCE
- 4.13HANDS-ON LABS & PRACTICAL EXERCISES
- MODULE 6: LINUX SECURITY FUNDAMENTALSDevelop foundational Linux security skills by mastering user permissions, file system protection, service hardening, and log auditing to secure servers, automate compliance, and strengthen cloud-based and on-premises DevSecOps environments.4
- PHASE 2: AWS & CLOUD SECURITY (THE "CLOUD" IN CLOUD SECURITY)Core Lessons for Cybersecurity, Cloud Security & DevSecOps Engineers0
- MODULE 1: AWS CORE SERVICES PROFICIENCY12
- 7.1LESSON 1: AWS CLOUD FOUNDATIONS & SECURITY MODEL
- 7.2LESSON 2: IDENTITY & ACCESS MANAGEMENT (IAM) MASTERY
- 7.3LESSON 3: NETWORK SECURITY WITH VPC
- 7.4LESSON 4: COMPUTE SERVICES SECURITY
- 7.5LESSON 5: STORAGE SERVICES SECURITY
- 7.6LESSON 6: DATABASE SERVICES SECURITY
- 7.7LESSON 7: MONITORING, LOGGING & AUDITING
- 7.8LESSON 8: AWS SECURITY SERVICES
- 7.9LESSON 9: ENCRYPTION & KEY MANAGEMENT
- 7.10LESSON 10: APPLICATION SERVICES SECURITY
- 7.11LESSON 11: DEVOPS & SECURITY AUTOMATION
- 7.12HANDS-ON LABS & PRACTICAL EXERCISES
- PHASE 3: DEVSECOPS INTEGRATION & AUTOMATION (THE "ENGINEERING")This is where you merge Phase 1 and Phase 2 to automate security into a high-velocity engineering organization.*0
- MODULE 1: DEVOPS & CI/CD FUNDAMENTALSThis stage focuses on building security in before a single line of code is written. Culture & Practice: Threat Modeling: Systematically identifying potential threats and vulnerabilities during design. (e.g., using STRIDE, PASTA). Security Requirements & Compliance: Defining security stories and compliance requirements (e.g., "Must use FIPS-validated crypto," "Must pass OWASP ASVS Level 1") as part of the Definition of Done. Secure Design Patterns: Training architects and developers on patterns for authentication, authorization, and data protection. Key Security Tools: Threat Modeling Tools: OWASP Threat Dragon, IriusRisk, Microsoft Threat Modeling Tool. Policy as Code (PaC) for Governance: Open Policy Agent (OPA) with Styra DAS to define and enforce design-time policies. Secure IaC Templates: Curated, organization-wide Terraform Modules and CloudFormation Templates that are secure by default.1
- MODULE 1: DEVSECOPS & CI/CD8
- 10.1LESSON 1: DEVOPS PHILOSOPHY & CULTURAL TRANSFORMATION
- 10.2LESSON 2: MODERN SOFTWARE DEVELOPMENT LIFECYCLE
- 10.3Threat Modeling and DevSecOps
- 10.4STRIDE Threat Modeling Framework
- 10.5PASTA Threat Modeling Framework
- 10.6TRIKE Threat Modeling Framework
- 10.7VAST Threat Modeling Framework
- 10.8LESSON 3: VERSION CONTROL SYSTEMS & SECURITY
- STAGE 2: CODE & COMMIT (DEVELOPER-FIRST SECURITY)This stage empowers developers to find and fix issues as they code. Culture & Practice: Secure Code Training: Ongoing training on OWASP Top 10, CWE/SANS Top 25, and language-specific pitfalls. Peer Code Reviews: Mandatory security-focused checklists for code reviews. Pre-commit Hooks: Preventing common security issues from ever entering the repository. Key Security Tools: Static Application Security Testing (SAST): Snyk Code, Checkmarx, SonarQube, GitHub Advanced Security (Code Scanning). Integrated directly into the IDE (e.g., VS Code, IntelliJ). Secrets Detection: gitleaks, GitGuardian, truffleHog, git-secrets. Run as pre-commit hooks and in the CI pipeline. Software Composition Analysis (SCA) - Early: Snyk Open Source, Dependabot, Mend (formerly WhiteSource). Scans for vulnerable dependencies in the developer's local environment.1
- STAGE 3: BUILD & PACKAGE (AUTOMATED QUALITY GATES)This stage creates immutable artifacts and validates their security integrity. Culture & Practice: Immutable Artifacts: A build produces a versioned, immutable artifact (e.g., a container image, JAR/WAR file) that is promoted through stages. Breaking the Build: Establishing a zero-tolerance policy for critical vulnerabilities by failing the build. Dependency Management: Automating updates and enforcing policies against problematic licenses. Key Security Tools: Software Composition Analysis (SCA) - Pipeline: Snyk Open Source, Dependabot, Mend. Integrated into the CI pipeline (e.g., Jenkins, GitLab CI) to fail builds on policy violations. Container Image Scanning: Trivy, Snyk Container, Grype, Aqua Security. Scanning the final container image for OS packages and language dependencies as part of the build process. Infrastructure as Code (IaC) Scanning: Checkov, Tfsec, Terrascan. Scanning Terraform, CloudFormation, or Kubernetes YAML files for misconfigurations before deployment.0
- STAGE 4: TEST & VALIDATE (PRE-PRODUCTION SECURITY ASSURANCE)This stage performs dynamic and interactive testing against a staged environment. Culture & Practice: Security as a Test Type: Treating security tests (SAST, DAST, IaC Scan) as a standard part of the test suite, not a separate, manual audit. Automated Compliance Checks: Using PaC to validate that deployed configurations match compliance frameworks (e.g., CIS, NIST). Key Security Tools: Dynamic Application Security Testing (DAST): OWASP ZAP, Burp Suite Enterprise, Rapid7 AppSpider. Automated scans against a running test environment. Interactive Application Security Testing (IAST): Contrast Security, Seeker. Agents within the test application provide real-time vulnerability feedback during automated tests. Infrastructure as Code (IaC) Scanning - Validation: Re-running Checkov or Tfsec against the actual generated cloud template for final validation. Chaos Engineering for Security: AWS Fault Injection Simulator (FIS), Chaos Toolkit. Testing security controls' resilience by injecting failures.0
- STAGE 5: RELEASE & DEPLOY (SECURE, CONTROLLED ROLLOUT)This stage ensures that only validated, secure artifacts are deployed to production in a secure manner. Culture & Practice: Immutable Infrastructure: Replacing servers instead of patching them. A new deployment is the only way to change the environment. Secure Secrets Injection: Secrets are injected at runtime from a secure vault, never stored in the artifact or deployment scripts. Approval Gates: Automated or manual gates that require security scan results to be clear before promoting to production. Key Security Tools: Container Image Signing & Verification: Notary, Cosign. Ensuring only trusted, scanned images are deployed. Secrets Management: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault. Integrated with the orchestrator (e.g., Kubernetes) to inject secrets. Policy as Code (PaC) - Admission Control: OPA Gatekeeper, Kyverno. Enforcing security policies (e.g., "no containers running as root") at deployment time in Kubernetes. Secure Deployment Strategies: Native support in Kubernetes, AWS CodeDeploy, and Spinnaker for blue/green and canary deployments.0
- STAGE 6: OPERATE & MONITOR (CONTINUOUS SECURITY & RESPONSE)This stage provides continuous visibility, protection, and response in the production environment. Culture & Practice: Blameless Post-Mortems: Analyzing security incidents to improve processes and tools. Continuous Compliance: Automating evidence collection for audits (SOC2, ISO27001). Just-in-Time Access: Implementing zero-standing-privileges with tools that provide temporary, elevated access. Key Security Tools: Cloud Security Posture Management (CSPM): Wiz, Palo Alto Prisma Cloud, Microsoft Defender for Cloud. Continuously monitoring for cloud misconfigurations and compliance drift. Cloud Workload Protection Platform (CWPP): Aqua Security, Sysdig Secure, Wiz. Runtime protection for containers and servers. Security Information & Event Management (SIEM): Splunk, Microsoft Sentinel, Elastic Security. Correlating logs from CloudTrail, GuardDuty, WAF, and OS to detect threats. Web Application Firewall (WAF) & DDoS Protection: AWS WAF, Cloudflare, Azure Application Gateway. Protecting applications from external attacks. Threat Intelligence Integration: Platforms like CrowdStrike Falcon X or Recorded Future to enrich SIEM/CSPM findings with context on active threats.0
- PROJECTS AND LABS0
- PROJECT 1: SNYK INTEGRATION WITH GITHUB & GITHUB2
- PROJECT 2: SONACLOUD INTEGRATION WITH GITHUB & GITHUB0
- PROJECT 3: PRISMACLOUD INTEGRATION WITH GITHUB & GITHUB0
- PROJECT 4: INFRASTRUCTURE AS A CODE2
- PROJECT 5: INFRASTRUCTURE AS A CODE SECURITY SCANNER-STATIC ANALYSIS0
- CloudFormation Guards1
- BridgeCrew0
- PROJECT 6: VULNERABLITY MANAGEMENT AND AUTOMATION2
- PROJECT 6: SECURITY CONTROL MAPPING0
Instructor
Instructor