How to upskill your cloud security team in 3 quick steps

Source : canva

If you are a Cloud Security Manager or anyone responsible for mitigating risks in cloud migrations; one of the biggest headaches is ensuring your teams have the necessary skills to handle the same.

It has been my experience that is easy to find Cloud professionals and easy to find Cyber security professionals but VERY difficult to find Cloud Security Professionals

This problem is by no means small with the recent ISC2 Cloud Security Report 2022 stating that more than half of organizations look at staff expertise as being the main challenge for compliance in the cloud.

source : https://cloud.connect.isc2.org/cloud-security-report

However, the good news is that it is possible to upskill your team quickly to the cloud.

A lot of companies make the mistake of relying on certifications only while ignoring the other aspects of hands-on experience which leaves their teams with good theoretical knowledge but not much!

If your team cannot navigate the cloud console without relying on documentation then you will have a serious problem later on

Based on my own experiences with many many cloud migrations; I propose the below steps which will help to make sure your teams get the necessary cloud security skills.

Step 1: Gain access to a cloud sandbox

Your team can attend as many trainings on cloud security as you want but that will not give them a hands-on experience which is essential to learn about cloud controls

Most cloud providers are happy to provide companies sandbox accounts in which the team can play around and understand how the different services work.

AWS, Google, and Azure all give you free tier accounts or free credits as you can see below.

Get the teams to access these accounts which should be completely separate from your production or dev cloud environments. The goal is to get familiar with cloud services and their functionality

Source: AWS
Source: GCP

Step 2: Build something on the cloud

Now that you have access to a sandbox, the main step is to give your teams something concrete to do in the sandbox.

I always recommend assigning your teams β€œbuild” projects on the cloud which do not necessarily have to be security projects. Most cloud providers provide free easy to build workshops on their services which the teams can use to gain knowledge A few of them are listed below :

AWS Workshops: https://workshops.aws/

Azure Workshops: https://microsoftcloudworkshop.com/

Google Cloud: https://cloud.google.com/training

Believe me when I say nothing will give your teams more confidence than actually making something with different cloud services.

Source: Azure

Step 3: Be smart about certification

Certifications do matter but you have to be smart about it and not fall for the hype

Do not jump directly into the security certifications if the cloud environment is not familiar to you or the team.

I always recommend first starting with a solutions architect certification before moving on to security-focused ones as it provides a great foundation to learn about the cloud services on which you can build.

If the team does not know how a service works then they will not appreciate securing it. A solutions architect certification will give them a great overview of the entire cloud ecosystem.

Secondly, link certifications to job achievements i.e. making it part of the performance objective for the year or creating a β€œtrain the trainer” program where the knowledge is passed on by the teams. This provides a great motivational factor for the team to learn more and more

Learning never stops in the cloud!

Even after spending several years dedicated to cloud security, I can safely say that I am still learning. Cloud migrations do not have to be unhappy, stressful projects they can become if your team has confidence in their cloud security skills. Start learning today

If you are interested in learning more then sign up for my upcoming book on Cloud Security careers here

Taimur Ijlal is a multi-award-winning, information security leader with over two decades of international experience in cyber-security and IT risk management in the fin-tech industry. Taimur can be connected on LinkedIn or on his blog. He also has a YouTube channel β€œCloud Security Guy” on which he regularly posts about Cloud Security, Artificial Intelligence, and general cyber-security career advice.

If you enjoyed reading this then consider supporting me by becoming a Medium member using this link