Cloud Security Audit for Financial Institutions Training Course

Description:

The CCSK Plus course, spanning two days, encompasses all material from the CCSK Foundation course and extends it with comprehensive practical labs on the second day. Participants will apply their acquired knowledge through a series of exercises centered around a scenario that securely integrates a fictional organization into the cloud. Upon completion, students will be thoroughly prepared for the CCSK certification exam, which is sponsored by the Cloud Security Alliance. While the second day includes additional lectures, the majority of the time is dedicated to assessing, constructing, and securing a cloud infrastructure during practical exercises.

Objectives:

This two-day program starts with CCSK Basic training, followed by a second day of advanced content and hands-on activities.

Target Audience:

This course is designed for security professionals but is also beneficial for anyone seeking to broaden their understanding of cloud security.

The shift towards cloud computing transforms the lifecycle of applications—altering how they are constructed, released, and managed—while redistributing responsibilities between service providers and customers. This transition introduces cloud-native architectures (such as containers, serverless environments, and managed services) that necessitate adapted security controls. Consequently, security strategies must encompass infrastructure hardening, identity and access management, data protection, secure development methodologies, and the mitigation of cloud-specific threats.

This instructor-led training, available online or in-person, targets intermediate developers, security engineers, and IT managers seeking practical, hands-on expertise to secure cloud applications and their underlying infrastructure. Participants will acquire repeatable control mechanisms and assessment techniques aligned with current industry frameworks and cloud provider recommendations.

Upon completion of this training, participants will be equipped to:

• Explain the cloud shared responsibility model and apply its principles to application security decisions.
• Harden cloud infrastructure (IaaS), secure platform services (PaaS), and assess SaaS configurations.
• Implement secure coding standards and OWASP-aligned mitigation strategies for cloud-hosted applications.
• Integrate security tooling into CI/CD pipelines (including SAST, DAST, IAST, and RASP) and embrace shift-left security practices.

Course Format

• Interactive lectures and discussions reinforced by live demonstrations.
• Practical labs utilizing cloud consoles, container environments, serverless functions, and CI/CD pipelines.
• Actionable exercises focusing on secure configuration, vulnerability scanning, attack simulation, and remediation planning.

Customization Options

• To request a tailored training session for this course, please contact us to make arrangements.

This course provides hands-on expertise in OpenStack and private cloud security. It begins with an introduction to the system, followed by practical training on security best practices for private clouds and securing OpenStack installations. Throughout the course, each core OpenStack module is explored in detail; participants will build virtual identity, image, network, compute, and storage resources while addressing relevant security considerations. Each participant receives a dedicated training environment featuring a complete OpenStack installation tailored to a selected cloud architecture (e.g., storage, networking). The training can be highly customized to meet specific client requirements.

Customization options
The training duration can be contracted to 2 days, focusing on core aspects most relevant to the customer. Additionally, the training can be extended to cover administrative, design, networking, and/or troubleshooting topics related to OpenStack deployments.