Who should attend
This class is intended for the following job roles:
- Cloud information security analysts, architects, and engineers
- Information security/cybersecurity specialists
- Cloud infrastructure architects
- Developers of cloud applications.
Prerequisites
To get the most out of this course, participants should have:
- Prior completion of Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or equivalent experience
- Prior completion of !GO-NGCP or equivalent experience
- Knowledge of foundational concepts in information security:
- Fundamental concepts:
- vulnerability, threat, attack surface
- confidentiality, integrity, availability
- Common threat types and their mitigation strategies
- Public-key cryptography
- Public and private key pairs
- Certificates
- Cipher types
- Key width
- Certificate authorities
- Transport Layer Security/Secure Sockets Layer encrypted communication
- Public key infrastructures
- Security policy
- Fundamental concepts:
- Basic proficiency with command-line tools and Linux operating system environments
- Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
- Reading comprehension of code in Python or JavaScript
Course Objectives
This course teaches participants the following skills:
- Understanding the Google approach to security
- Managing administrative identities using Cloud Identity.
- Implementing least privilege administrative access using Google Cloud Resource Manager, Cloud IAM.
- Implementing IP traffic controls using VPC firewalls and Cloud Armor
- Implementing Identity Aware Proxy
- Analyzing changes to the configuration or metadata of resources with GCP audit logs
- Scanning for and redact sensitive data with the Data Loss Prevention API
- Scanning a GCP deployment with Forseti
- Remediating important types of vulnerabilities, especially in public access to data and VMs
Course Content
This course gives participants broad study of security controls and techniques on Google Cloud Platform. Through lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure GCP solution. Participants also learn mitigation techniques for attacks at many points in a GCP-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.