Cloud security

Securing cloud-based applications training: What you need to know

Joe South
February 9, 2023 by
Joe South

One of the critical areas I see the most mistakes across almost every organization is their struggle to build secure applications from the ground up. If they manage to do that, they greatly need help deploying applications securely in the cloud. Finally, I have seen too many organizations attempt to deploy tightly coupled applications into the cloud, thinking it is an easy lift and shift, only to get started and find out this is a multi-year project. 

Get your free course catalog

Get your free course catalog

Download the Infosec Skills course catalog to learn more about these courses — and hundreds more.

Why did I create the securing cloud-based applications course? Isn’t securing apps on-premises the same as in the cloud?

I want to help combat misconceptions and solve common security issues before they occur. The best way to do it is to ensure your security team is well-trained in this area, and there is a defined process that includes security right from the beginning. That’s what inspired me to develop the Securing cloud-based applications course. 

I don’t know how to code; can I still take this course?

My course is cloud agnostic to ensure that you can securely build and deploy applications into the cloud regardless of which cloud platform and provider your company is in and your cloud technologies. I will walk you through using cloud-native services designed to help secure your applications. I will even review how to take a legacy application and work towards migrating it into the cloud.

One of the largest hurdles to overcome with application security is the need to know how to code just as well as the developer creating the application. In this course, you won’t need coding experience;  we will not be using any code in this course. I am not against learning to code; every security professional should know how to code or at least put together a basic script. 

I built this course to give you a foundation for when you need to write code to help secure an application or to inform a developer on what code to write to better secure it. This is critical in being successful in securing any application in the cloud. If you are not aware of the capabilities of the cloud and the areas where other companies struggle, then you are bound to make the same mistakes. I want to avoid that to give you the best chance of success. 

What will I learn in this securing cloud-based applications course?

I start the learning path with a course in training and awareness, as everyone must be properly trained to secure applications by default from the beginning. We then dive into the attack vectors you need to be aware of in the cloud. Once we get the basics out of the way, we dive into the Secure by Design process to outline how to secure cloud-based applications. 

We then finish the learning path by comparing the big three cloud providers: AWS, Azure and GCP. We run through the cloud-native security services of each cloud provider to walk you through how to use the native cloud services to secure your applications. 

Finally, I take you through some open-source solutions that can be used to help you secure your cloud-based applications. The reason why we go over open-source solutions is that security solutions are not cheap. Not every company can afford to have top-tier tools in each category. You will likely encounter a situation where you need to secure an application but have little to no budget. 

Therefore, it is best to be aware of the open-source solutions, understand their limitations and know how to deploy them. At the end of each course is a lab where we practice what we teach in the course. Book knowledge in security only gets you so far. That is why it is critical to get hands-on experience wherever and whenever possible to ensure you have the skills required to perform in the real world. 

Why should you take securing cloud-based applications?

If you are interested in securing cloud-based applications, this course is perfect. You could already be in application security and need to become more aware of securing applications in the cloud. You may even be in cloud security and don’t have the required understanding or knowledge of securing cloud-based applications. Either way, this course is for you. 

This course doesn’t require you to have an advanced understanding of security or the cloud and meets you where you are to take you to a place where you can secure your cloud-based applications. 

Application security was always a weak point for me. I felt it was a weak point because I wasn’t very strong in coding, but there is so much more to application security than coding. The cloud makes application security more difficult, and this learning path is the perfect blend between application security and how to do it in the cloud. 

Even if your focus isn’t on application security or the cloud, understanding securing cloud-based applications is critical for being a well-rounded security expert.

 

Joe South
Joe South

Joe South has worked at companies of all sizes across multiple industries. Joe is currently in a role where he is empowered to introduce new and innovative solutions to increase the security posture of his organization. He enjoys teaching others what he’s learned and is the creator of a blog where he helps others get into cybersecurity and build a successful career.

Joe worked in vulnerability management, securing applications that served military and Department of Defense clients. He later expanded his skillset by diving into complex identity and access management (IAM) toolsets where he designed solutions for Fortune 500 companies across HIPAA, PCI and financial industries. He also architected solutions for companies to move into AWS, Azure and GCP while maintaining or increasing their security posture. Joe has his CCSP, AWS Security Specialty and AWS CCP certification, among others.