Cloud Security Audit for Financial Institutions Training Course

Description:

This two-day CCSK Plus course encompasses all material from the CCSK Foundation course and builds upon it through extensive, hands-on laboratory sessions on the second day. Participants will gain practical experience by completing a series of exercises centred around a scenario where a fictional organization securely transitions to the cloud. Upon completion, students will be fully prepared for the CCSK certification exam, which is sponsored by the Cloud Security Alliance. While the second day includes some additional lectures, the majority of the time is dedicated to assessing, building, and securing cloud infrastructure during the practical exercises.

Objectives:

The course consists of two days of instruction, starting with CCSK Basics training, followed by a second day of advanced content and hands-on activities.

Target Audience:

While primarily designed for security professionals, this course is also highly beneficial for anyone seeking to broaden their understanding of cloud security.

The shift to cloud computing transforms how applications are constructed, deployed, and managed. This transition redistributes responsibilities between service providers and customers while introducing cloud-native technologies—such as containers, serverless architectures, and managed services—that necessitate adjusted security measures. Consequently, security strategies must encompass infrastructure hardening, identity and access management, data protection, secure development methodologies, and the mitigation of cloud-specific threats.

This instructor-led live training, available both online and onsite, is designed for intermediate developers, security engineers, and IT managers seeking practical, hands-on experience in securing cloud applications and their underlying infrastructure. Participants will learn to implement repeatable controls and assessment techniques aligned with current industry frameworks and cloud provider recommendations.

Upon completion of this training, participants will be able to:

• Explain the cloud shared-responsibility model and apply its principles to application security decisions.
• Harden cloud infrastructure (IaaS), secure platform services (PaaS), and evaluate SaaS configurations.
• Apply secure coding standards and OWASP-based mitigation patterns to cloud-hosted applications.
• Integrate security tools into CI/CD pipelines (including SAST, DAST, IAST, and RASP) and adopt shift-left security practices.

Course Format

• Interactive lectures and discussions supported by live demonstrations.
• Hands-on labs utilizing cloud consoles, containers, serverless functions, and CI/CD pipelines.
• Practical exercises focusing on secure configuration, vulnerability scanning, attack simulation, and remediation planning.

Customization Options

• For customized training arrangements, please contact us.

This course offers practical insights into securing OpenStack and private cloud environments. It begins with an introduction to the system, followed by hands-on training on securing private clouds and hardening OpenStack installations. Throughout the course, participants explore each core OpenStack module, building virtual resources for identity, images, networking, compute, and storage while addressing relevant security considerations. Each attendee receives a dedicated training environment featuring a full OpenStack setup based on a chosen cloud architecture (e.g., storage or networking). The curriculum can be highly tailored to meet specific client requirements.

Customization Options
The training duration can be adjusted to two days, focusing on the core aspects most relevant to the customer. Alternatively, the program can be expanded to cover administrative, design, networking, and troubleshooting topics related to OpenStack deployments.