Cloud Security Audit for Financial Institutions Training Course

Description:

This 2-day CCSK Plus course covers all material from the CCSK Foundation course and extends it with comprehensive hands-on labs during the second day of instruction. Participants will apply their knowledge through a series of exercises centered on a scenario that safely transitions a fictional organization to the cloud. Upon completion of this training, students will be well-prepared for the CCSK certification exam, which is sponsored by the Cloud Security Alliance. While the second day includes additional lectures, the majority of the time is dedicated to assessing, building, and securing a cloud infrastructure through practical exercises.

Objectives:

This two-day course begins with CCSK- Basic training, followed by a second day featuring additional content and hands-on activities.

Target Audience:

This class is primarily designed for security professionals but is also valuable for anyone seeking to expand their understanding of cloud security.

The adoption of cloud technologies transforms how applications are constructed, deployed, and managed. This shift redistributes responsibilities between service providers and customers while introducing cloud-native platforms such as containers, serverless architectures, and managed services, all of which necessitate adapted security controls. Consequently, security strategies must encompass infrastructure hardening, identity and access management, data protection, secure development methodologies, and cloud-specific threat mitigation.

This instructor-led, live training (available online or onsite) targets intermediate-level developers, security engineers, and IT managers seeking practical, hands-on skills to secure cloud applications and their underlying infrastructure. Participants will learn repeatable controls and assessment techniques aligned with current industry frameworks and cloud provider guidelines.

Upon completion of this training, participants will be able to:

• Explain the cloud shared-responsibility model and apply it to application security decisions.
• Harden cloud infrastructure (IaaS), secure platform services (PaaS), and evaluate SaaS configurations.
• Apply secure coding and OWASP-based mitigation patterns to cloud-hosted applications.
• Integrate security tooling into CI/CD pipelines (SAST/DAST/IAST/RASP) and adopt shift-left practices.

Format of the Course

• Interactive lectures and discussions supported by live demonstrations.
• Hands-on labs utilizing cloud consoles, containers, serverless functions, and CI/CD pipelines.
• Practical exercises covering secure configuration, vulnerability scanning, attack simulation, and remediation planning.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This course delivers hands-on expertise in OpenStack and private cloud security. It begins with a system introduction, followed by practical guidance on securing private clouds and hardening OpenStack installations. Throughout the training, core OpenStack modules are explored in depth. Participants will construct virtual identity, image, network, compute, and storage resources while addressing relevant security considerations. Each attendee receives a dedicated training environment featuring a complete OpenStack deployment tailored to a specific cloud architecture (e.g., storage or networking configurations). The curriculum is fully customizable to align with client requirements.

Customization options
Participants can choose a condensed two-day format that focuses on essential aspects relevant to their specific needs. Alternatively, the training can be expanded to cover administrative tasks, design principles, networking, and/or troubleshooting scenarios related to OpenStack deployments.