Security in Google Cloud Platform

English | 2-days
Book now Download brochure
Xebia Academy

Become a Professional GCP Security Engineer. Design, develop, and manage a secure infrastructure leveraging Google security technologies. This course is part of Google’s Security Engineering track that leads to a Professional Cloud Security Engineer certificate.

This 2-day training offers a combination of presentations, demos, and hands-on labs. You will explore and deploy the components of a secure GCP solution. You will learn mitigation techniques for attacks at many points in a GCP-based infrastructure, like Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.

What You'll Learn

Foundations of GCP Security

  • Google Cloud’s approach to security
  • The shared security responsibility model
  • Threats mitigated by Google and by GCP
  • Access Transparency

Cloud Identity

  • Cloud Identity
  • Syncing with Microsoft Active Directory
  • Choosing between Google authentication and SAML-based SSO
  • GCP best practices

Identity and Access Management

  • GCP Resource Manager: projects, folders, and organizations
  • GCP IAM roles, including custom roles
  • GCP IAM policies, including organization policies
  • GCP IAM best practices

Configuring Google Virtual Private Cloud for Isolation and Security

  • Configuring VPC firewalls (both ingress and egress rules)
  • Load balancing and SSL policies
  • Private Google API access
  • SSL proxy use
  • Best practices for structuring VPC networks
  • Best security practices for VPNs
  • Security considerations for interconnecting and peering options
  • Available security products from partners

Securing Compute Engine: Techniques and Best Practices

  • Compute Engine service accounts, default and customer-defined
  • IAM roles for VMs
  • API scopes for VMs
  • Managing SSH keys for Linux VMs
  • Managing RDP logins for Windows VMs
  • Organization policy controls: trusted images, public IP address, disabling serial port
  • Encrypting VM images with customer-managed encryption keys and with customer-supplied encryption keys
  • Finding and remediating public access to VMs
  • VM best practices
  • Encrypting VM disks with customer-supplied encryption keys

Securing Cloud Data: Techniques and Best Practices

  • Cloud Storage and IAM permissions
  • Cloud Storage and ACLs
  • Auditing cloud data, including finding and remediating publicly accessible data
  • Signed Cloud Storage URLs
  • Signed policy documents
  • Encrypting Cloud Storage objects with customer-managed encryption keys and with customer-supplied encryption keys
  • Best practices, including deleting archived versions of objects after key rotation
  • BigQuery authorized views
  • BigQuery IAM roles
  • Best practices, including preferring IAM permissions over ACLs

Monitoring, Logging, Auditing, and Scanning

  • Stackdriver monitoring and logging
  • VPC flow logs
  • Cloud audit logging
  • Deploying and Using Forseti

Protecting Against Distributed Denial of Service Attacks: Techniques and Best Practices

  • How DDoS attacks work
  • Mitigations: GCLB, Cloud CDN, autoscaling, VPC ingress, and egress firewalls, Cloud Armor
  • Types of complementary partner products

Application Security: Techniques and Best Practices

  • Examples of application security vulnerabilities
  • DoS protection in App Engine and Cloud Functions
  • Cloud Security Scanner
  • Threat: Identity and OAuth phishing
  • Identity Aware Proxy

Content-Related Vulnerabilities: Techniques and Best Practices

  • Threat: Ransomware
  • Mitigations: Backups, IAM, Data Loss Prevention API
  • Threats: Data misuse, privacy violations, sensitive/restricted/unacceptable content
  • Mitigations: Classifying content using Cloud ML APIs; scanning and redacting data using Data Loss Prevention API

Become a Google Cloud Security Engineer

Are you an Information Security Specialist or Cloud Architect planning to use Google Cloud Platform? Do you want to obtain a Professional Google certificate? Time to gain the knowledge and skills to design, develop, and manage a secure infrastructure leveraging Google security technologies. This training enables you to do this all on GCP and prepares you for the Google Security Engineer exam.

Security in GCP Is Perfect for

Cloud Information Security Analysts, Architects, Engineers, Information Security/Cybersecurity Specialists, Cloud Infrastructure Architects, and Developers of Cloud applications.

Before enrolling, we advise you to complete the Google Cloud Fundamentals: Core Infrastructure / Networking in Google Cloud Platform course. We recommend you have:

  • Knowledge of foundational concepts of Information Security
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience (deploying and managing applications on-premises or in a public cloud environment)
  • Reading comprehension of code in Python or JavaScript

Professional Cloud Security Engineer

The Cloud Security Professional should be proficient in all aspects of Cloud Security including managing identity and access management, defining organizational structure and policies, using Google technologies to provide data protection, configuring network security defenses, collecting and analyzing Google Cloud Platform logs, managing incident responses, and an understanding of regulatory concerns.

Abilities Validated by the Certification

  • Configure access within a cloud solution environment
  • Configure network security
  • Ensure data protection
  • Manage operations within a cloud solution environment
  • Ensure compliance

Recommended Knowledge and Experience

  • 3+ years of industry experience including 1+ years designing and managing solutions using GCP.

Instructor: Ben de Haan

Ben is a Security Consultant working for Xebia Security. He likes to spend time building and tuning SIEMs, integrating security into pipelines, and creating cool (and secure) things in the cloud.

Ben works as a Security Consultant for Xebia. He loves building and refining Security Information and Event Management (SIEM) tools, integrating Security into pipelines and creating cool things in the Cloud. He also enjoys sharing his experience with analyzing Alert Data and reviewing the Security of apps. His workshops are intuitive, interactive and very hands-on. Ben will teach you all about AWS Lambda Security in his workshop.

The Right Format For Your Preferred Learning Style

At Binx we offer four distinct training modalities:

  • In-Classroom Training
  • Online, Instructor-Led Training
  • Hybrid and Blended Learning
  • Self-Paced Training

Learn more about our training modalities

Some Clients We'Ve Helped

  • Yolt is a Binx customer_logo
  • Google Cloud is a Binx customer
  • Obi4Wan is a Binx customer_logo
  • Ijsvogel Retail is a Binx customer_logo
  • Flowtraders is a Binx customer
  • Royal FloraHolland - Binx customer_logo
  • YourSurprise - Binx customer_logo
  • DHL - Binx Customer_logo
  • WeTransfer - Binx Customer_logo
  • Unilever - Binx Customer_logo
  • TNT - Binx Customer_logo
  • RTL XL - Binx Customer_logo
  • Quby - Binx Customer_logo
  • Zorgdomein - Binx Customer_logo
  • ProActive - Binx Customer
  • Portbase - Binx Customer_logo
  • Aegon - Binx customer_logo
  • NS - Binx Customer_logo
  • Booking.com - Binx Customer_logo
  • Vereniging Coin - Binx Customer_logo

Ready to Learn?

-
21 Oct, 2021 - 21 Oct, 2021