Get Ahead Of 99% Of People In Cloud Security By Focusing On These Skills
Build These Skills For a Successful Cloud Security Career
“I have done every Cloud Security Certification under the sun but I am still not able to land a job !”
The above is a common complaint from newcomers to the Cloud Security Industry.
Despite all the hype about how the cloud industry is going strong, they cannot land jobs or clinch that final offer.
It is no secret that times are tough in the tech industry as of 2024.
Layoffs are not letting up, and a tightening economy means jobs are harder to find than ever, so I can understand the frustration !
I have written earlier about how to get into Cloud security and which certifications can help.
Unfortunately, one common mistake I see people making is over-focusing on certs and under-focusing on skills
I cannot stress the following enough:
Cloud Security certifications may get you that interview call but it is your skills that will land you that job
Today, I want to focus specifically on what skills you should develop for a successful cloud security career in 2024
Focus on these, and I guarantee you will see an improvement in how potential employers look at your profile
1 — Infrastructure as Code
Let me be as straightforward as possible .. you cannot escape Infrastructure as Code in the Cloud.
I cannot count the number of people holding cloud security certifications, but I depend on the management console to spin up cloud infrastructure.
In an enterprise environment .. no one spins up infrastructure via a shiny interface.
It is all code, and you NEED to learn the basics.
The good news is that there are awesome, free tutorials present, like the one on the Hashicorp website
Learn how to spin up some basic infrastructure using code .. you can even use GenAI to write code samples to help you
2— Open Source Cloud Security Tooling
All the major cloud providers have amazing security tools like AWS Security Hub, Google Security Command Center, Azure Defender, etc.
But you will be expected to know about open-source cloud security tooling to fill in any gaps that those tools cannot fill.
Learn how to scan your cloud environment with open-source security tooling like CloudSploit or Prowler.
CloudSploit
CloudSploit by Aqua is an open-source project designed to allow the detection of security risks in cloud infrastructure accounts, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.
Prowler
Prowler is an Open Source security tool to perform AWS, GCP, and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness.
I have made a complete video on this also that you can refer to:
3 — Securing a CI/CD Pipeline
Again, this a common mistake .. most cloud professionals know all about DevOps / DevSecOps but cannot spin up a simple pipeline to save their lives
Set up a simple pipeline to deliver code and THEN try to secure it .. not before
Learn how to plug in free cloud security tools that halt the pipeline from progressing and delivering insecure infrastructure into production
As Software Supply Chain Attacks become increasingly more dangerous .. this skill is becoming more and more crucial
4 — Containers And Serverless
Containers and Serverless are two things that you will almost definitely come up against when securing Cloud environments
These two models are VERY different from trying to secure an on-prem server
Containerization and an Event-driven architecture can completely change how you look at cloud security
Here are a few tips to help you get started:
Spin up a simple container and learn how to secure it
Same with Serverless .. set up a simple “Hello World” function and see how you can secure it before moving on to the big stuff
5 —Securing A MultiCloud Environment
In a perfect world, there would be only a cloud environment to secure
However, most companies use a multi-cloud strategy and spread their workloads around
Understand what this means for security and why you need things like Single Sign On (SSO) and Cloud Security Posture Management tools
How will you manage and monitor security in such an environment?
Check out this video I made a while back: