Reference guide to start AWS Security engineering journey
This post is related to folks with no cloud security experience and how can they get into this field.
Below topics will help you become more knowledgeable in AWS security domain. Pursuing certifications is not mandatory but it does give an extra edge and you go extra mile to study more and cover all areas and get a big boost if you achieve certification. It also adds weightage on your resume as it’s more likely to get shortlist while applying for a job. Ofcorse, getting a job is separate affair due to different nuances.
Outlining few resources here that will help you in this direction. I would recommend to pursue AWS Cloud Practitioner and AWS Certified Security Speciality exam.
Additional add-ons are experience with IAAC tools, high level language programming and shell experience.
- IAAC tools will help deploy resources in Cloud.
- Programming experience will help with running Lambda functions (Serverless apps) i.e. pretty useful in Detect and mitigate automations (XSOAR).
- Shell/powershell experience will also help with cloud automation stuff.
Try to find a cloud security task within current job and implement these solutions to get more hands on.
Example tasks:
- How to get alert if someone login with AWS root credentials ?
- Trigger lambda function on specific event. Example — How to automatically block ec2 instance from your VPC to connect a mining website ? Which event to monitor and logs you need to enable and services that can be used to have this solution in place ?
Hopefully, below guidelines will help you learn about cloud security:-
- AWS Cloud Practitioner Essentials :-
- https://aws.amazon.com/training/digital/aws-cloud-practitioner-essentials/ (Free). It will redirect you to https://explore.skillbuilder.aws/. Create your account and enjoy other free courses as well.
* AWS Technical essentials:
* 3D metaverse kind training (Cloud Practitioner) :
2. AWS Security White papers/References/Guides :
https://maturitymodel.security.aws.dev/en/
https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html
https://d1.awsstatic.com/training-and-certification/ramp-up_guides/Ramp-Up_Guide_Security.pdf
https://github.com/jassics/awesome-aws-security
https://www.youtube.com/@AWSEventsChannel
4. Certifications:
You can target AWS Cloud Practitioner and AWS Certified Security — Speciality exam and explore cloudguru/udemy courses as well.
https://www.udemy.com/course/aws-certified-security-specialty/
This will provide deep knowledge about security best practices.
Before attempting Certification → I would recommend below website before sitting in AWS exam. It can help you prepare better and cover all scenarios/gotchas with practice/mock exams.
5. Playground/Test accounts:
Self paced labs — https://aws.amazon.com/training/digital/aws-builder-labs/ Or go for paid ones OR you can also create lab env. yourself.
Enroll atleast 2–3 AWS accounts. This will help you to work on multi account setup such as →
- Enabling AWS Organization/Service control policies.
- Test cross account IAM policies.
- Enable Control tower with Guardduty/ Cloudtrail and setup SNS/automation based on events.
- Cross account lambda functions with XSOAR capabilities for mitgation.
- Security Hub/Macie/AWS Config / AWS Access analyzer/AWS Detective/ AWS Inspector etc. and alot security services can be explored with multi account option.
6. AWS Security Services Overview:
Read about all services and their usage/functions and how can we effectively leverage them to tighten our Org Cloud security.
7. Subscribe to AWS newsletter/Groups →
Sign up for AWS Email Newsletter/Preference Center
8. Github Cloud Security tools (Reference) :
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
9. Hands on Automation/Infra as a code in organization.
Examples — Terraform/ AWS CDK/ Pulumi etc. Better to select vendor agnostic tools.
10. Categorize assets and priortize tasks based on risk assessment:
You might have public facing Cloud resources and you can pay attention to full details. Example questions:
- Do we have ec2 instance attached to public NLB with IMDSV1 enabled ?
- Restricted security groups to public resources with SSL only and whitelist IP addresses.
- Are you protecting your endpoints (EC2/NLB/ALB) at edge layer i.e. DDOS/WAF protection ?
- Think of ONION model security i.e. shield of defensive layers. More layers = More Safety.
Last but not least try to find some work within the Organization and start supporting AWS Cloud security vertical as you can learn more with some real work/exercise.
If this post was helpful, please click the clap 👏 button below a few times to show your support for the author 👇
