+1 (512) 588 6950
Amazon Web Services (AWS) is the current king of cloud providers with Azure and GCP in fast pursuit
Professionals with AWS security skills are in huge demand as nearly every type of company from Fortune 500s to new startups use AWS as their cloud backbone
AWS itself provides a huge number of services you can learn to secure your cloud environment
Below is just a small sample of AWS security services ( and new ones will probably have come out by the time you read this article ! )
However, this huge list can also become a stumbling block for newcomers needing help figuring out where to start.
I have written before about how to get certified in AWS Security but what then ? Where do you start when it comes to securing your AWS environment ??
IAM ? VPC ? GuardDuty ? Control Tower ???
It can get overwhelming !
I have seen even certified and experienced AWS professionals jumping from one security service to another, as all of them seem so amazing to work on, leading to a need for more focus.
Below is my advice on how to learn AWS security systematically using completely free to use resources
You are free to choose your own path but hopefully this will help make the journey a bit easy if you are starting out !
First thing first .. if you do not have access to an AWS sandbox where you can experiment with services then get an AWS free tier account
As per AWS:
“The AWS Free Tier provides customers the ability to explore and try out AWS services free of charge up to specified limits for each service. The Free Tier is comprised of three different types of offerings, a 12-month Free Tier, an Always Free offer, and short term trials”
Simply put it gives you a playground to experiment with AWS services and see them in action. As long as you stay within the tiers you can pick up real + practical AWS skills
Do not make the mistake of simply learning concepts and not getting hands on with AWS
AWS workshops are an absolute treasure for newcomers
First of all they are completely free and they are built by the AWS team themselves on how to use AWS effectively.
As per AWS
“This website lists workshops created by the teams at Amazon Web Services (AWS). Workshops are hands-on events designed to teach or introduce practical skills, techniques, or concepts which you can use to solve business problems”
If you are new to AWS security then the best place to start is the “Startup Security Baseline” which provides step by step guidance on how to implement security in an AWS environment
The best thing about this workshop is how it systematically upskills you and teaches you where to start when it comes to practically securing your AWS environment and workloads
Now that you have finished the workshop .. next step is to learn how to do an AWS security assessment using Prowler
Prowler is a 100% free tool that “contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks”
I have already written about it in detail below which you can check out
There you have it
You have an AWS sandbox + a comprehensive workshop for becoming an AWS security master + tool to do a full security assessment of your AWS environment
Best of all .. it is all 100% free
Time to put those skills to action !
Taimur Ijlal is a multi-award-winning, information security leader with over two decades of international experience in cyber-security and IT risk management in the fin-tech industry. Taimur can be connected on LinkedIn or on his YouTube channel “Cloud Security Guy” on which he regularly posts about Cloud Security, Artificial Intelligence, and general cyber-security career advice.