Security in Google Cloud Platform, Austin

DESCRIPTION THROUGH LECTURES, DEMONSTRATIONS, AND HANDS-ON LABS, PARTICIPANTS EXPLORE AND DEPLOY THE COMPONENTS OF A SECURE GCP SOLUTION. PARTICIPANTS ALSO LEARN MITIGATION TECHNIQUES FOR ATTACKS AT MANY POINTS IN A GCP-BASED INFRASTRUCTURE, INCLUDING DISTRIBUTED DENIAL-OF-SERVICE ATTACKS, PHISHING ATTACKS, AND THREATS INVOLVING CONTENT CLASSIFICATION AND USE. DURATION 2 days, instructor-led 2 weeks, on-demand OBJECTIVES: This course teaches participants the following skills: * Understanding the Google approach to security * Managing administrative identities using Cloud Identity. * Implementing least privilege administrative access using Google Cloud Resource Manager, Cloud IAM. * Implementing IP traffic controls using VPC firewalls and Cloud Armor * Implementing Identity Aware Proxy * Analyzing changes to the configuration or metadata of resources with GCP audit logs * Scanning for and redact sensitive data with the Data Loss Prevention API * Scanning a GCP deployment with Forseti * Remediating important types of vulnerabilities, especially in public access to data and VMs DELIVERY METHOD Online self-paced or instructor-led AUDIENCE This class is intended for the following job roles: * Cloud information security analysts, architects, and engineers * Information security/cybersecurity specialists * Cloud infrastructure architects * Developers of cloud applications. PREREQUISITES To get the most out of this course, participants should have: * Prior completion of Google Cloud Platform Fundamentals: Core Infrastructure [https://cloud.google.com/training/courses/core-fundamentals/]or equivalent experience * Prior completion of Networking in Google Cloud Platform [https://cloud.google.com/training/courses/networking-gcp/] or equivalent experience * Knowledge of foundational concepts in information SECURITY: * Fundamental concepts: * vulnerability, threat, attack surface * confidentiality, integrity, availability * Common threat types and their mitigation strategies * Public-key cryptography * Public and private key pairs * Certificates * Cipher types * Key width * Certificate authorities * Transport Layer Security/Secure Sockets Layer encrypted communication * Public key infrastructures * Security policy * Basic proficiency with command-line tools and Linux operating system environments * Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment * Reading comprehension of code in Python or JavaScript COURSE OUTLINE PART I: MANAGING SECURITY IN GOOGLE CLOUD PLATFORM Module 1: Foundations of GCP Security * Google Cloud's approach to security * The shared security responsibility model * Threats mitigated by Google and by GCP * Access Transparency  Module 2: Cloud Identity * Cloud Identity * Syncing with Microsoft Active Directory * Choosing between Google authentication and SAML-based SSO * GCP best practices  Module 3: Identity and Access Management * GCP Resource Manager: projects, folders, and organizations * GCP IAM roles, including custom roles * GCP IAM policies, including organization policies * GCP IAM best practices  Module 4: Configuring Google Virtual Private Cloud for Isolation and Security * Configuring VPC firewalls (both ingress and egress rules) * Load balancing and SSL policies * Private Google API access * SSL proxy use * Best practices for structuring VPC networks * Best security practices for VPNs * Security considerations for interconnect and peering options * Available security products from partners  Module 5: Monitoring, Logging, Auditing, and Scanning * Stackdriver monitoring and logging * VPC flow logs * Cloud audit logging * Deploying and Using Forseti  PART II: MITIGATING VULNERABILITIES ON GOOGLE CLOUD PLATFORM Module 6: Securing Compute Engine: techniques and best practices * Compute Engine service accounts, default and customer-defined * IAM roles for VMs * API scopes for VMs * Managing SSH keys for Linux VMs * Managing RDP logins for Windows VMs * Organization policy controls: trusted images, public IP address, disabling serial port * Encrypting VM images with customer-managed encryption keys and with customer-supplied encryption keys * Finding and remediating public access to VMs * VM best practices * Encrypting VM disks with customer-supplied encryption keys  Module 7: Securing cloud data: techniques and best practices * Cloud Storage and IAM permissions * Cloud Storage and ACLs * Auditing cloud data, including finding and remediating publicly accessible data * Signed Cloud Storage URLs * Signed policy documents * Encrypting Cloud Storage objects with customer-managed encryption keys and with customer-supplied encryption keys * Best practices, including deleting archived versions of objects after key rotation * BigQuery authorized views * BigQuery IAM roles * Best practices, including preferring IAM permissions over ACLs  Module 8: Protecting against Distributed Denial of Service Attacks: techniques and best practices * How DDoS attacks work * Mitigations: GCLB, Cloud CDN, autoscaling, VPC ingress and egress firewalls, Cloud Armor * Types of complementary partner products Module 9: Application Security: techniques and best practices * Types of application security vulnerabilities * DoS protections in App Engine and Cloud Functions * Cloud Security Scanner * Threat: Identity and Oauth phishing * Identity Aware Proxy Module 10: Content-related vulnerabilities: techniques and best practices * Threat: Ransomware * Mitigations: Backups, IAM, Data Loss Prevention API * Threats: Data misuse, privacy violations, sensitive/restricted/unacceptable content * Mitigations: Classifying content using Cloud ML APIs; scanning and redacting data using Data Loss Prevention API  ** Notice: Cancellations will be charged an administrative fee through Eventbrite.