Training schedule
IN-COMPANY TRAINING PROGRAMS
Contact Giovanni Lanzani, if you want to know more about custom data & AI training for your teams. He’ll be happy to help you!
Check out more
Through lectures, demonstrations and hands-on labs, participants explore and implement the components of a safe GCP solution. Participants also learn attack mitigation techniques at many points in a GCP-based infrastructure, including distributed denial of service attacks, phishing attacks, and threats related to content classification and use.
This training is for you if…
you have:
- Previous completion of Google Cloud fundamentals: Basic infrastructure or equivalent experience
- Previous completion of Networking on the Google Cloud or equivalent experience
- Knowledge of the fundamental concepts of information security: Fundamental concepts: vulnerability, threat, attack surface, confidentiality, integrity, availability
- Types of common threats and their mitigation strategies, Public Key Cryptography ,Public and Private Key Pairs, Certificates, Encryption Types,
- Key Width, Certification Authorities. Transport Layer Security/Secure Sockets Transport Layer Encryption Communication, Public Key Infrastructures.
- Security policy: Basic command line tools and Linux operating system environments.
- Experience in system operations, including application deployment and management, either on-premise or in a public cloud environment, understanding of reading code in Python or JavaScript.
This training is not for you if…
you have:
- No previous completion of Google Cloud fundamentals: Basic infrastructure or equivalent experience
- No previous completion of Networking on the Google Cloud or equivalent experience
- Limited knowledge of the fundamental concepts of information security: Fundamental
Clients we've helped
What you'll learn
Foundations of GCP Security
- Mitigation techniques for attacks
- Distributed Denial-of-Service attacks
- Phishing attacks
- threats involving content classification and use
The schedule
Foundations of GCP Security
- Google Cloud’s approach to security
- The shared security responsibility model
- Threats mitigated by Google and by GCP
- Access Transparency
Cloud Identity
- Cloud Identity
- Syncing with Microsoft Active Directory
- Choosing between Google authentication and SAML-based SSO
- GCP best practices
Identity and Access Management
- GCP Resource Manager: projects, folders, and organizations
- GCP IAM roles, including custom roles
- GCP IAM policies, including organization policies
- GCP IAM best practices
Configuring Google Virtual Private Cloud for Isolation and Security
- Configuring VPC firewalls (both ingress and egress rules)
- Load balancing and SSL policies
- Private Google API access
- SSL proxy use
- Best practices for structuring VPC networks
- Best security practices for VPNs
- Security considerations for interconnecting and peering options
- Available security products from partners
Monitoring, Logging, Auditing, and Scanning
- Stackdriver monitoring and logging
- VPC flow logs
- Cloud audit logging
- Deploying and Using Forseti
Securing Compute Engine: techniques and best practices
- Compute Engine service accounts, default and customer-defined
- IAM roles for VMs
- API scopes for VMs
- Managing SSH keys for Linux VMs
- Managing RDP logins for Windows VMs
- Organization policy controls: trusted images, public IP address, disabling serial port
- Encrypting VM images with customer-managed encryption keys and with customer-supplied encryption keys
- Finding and remediating public access to VMs
- VM best practices
- Encrypting VM disks with customer-supplied encryption keys
Securing cloud data: techniques and best practices
- Cloud Storage and IAM permissions
- Cloud Storage and ACLs
- Auditing cloud data, including finding and remediating publicly accessible data
- Signed Cloud Storage URLs
- Signed policy documents
- Encrypting Cloud Storage objects with customer-managed encryption keys and with customer-supplied encryption keys
- Best practices, including deleting archived versions of objects after key rotation
- BigQuery authorized views
- BigQuery IAM roles
- Best practices, including preferring IAM permissions over ACLs
Protecting against Distributed Denial of Service Attacks: techniques and best practices
- How DDoS attacks work
- Mitigations: GCLB, Cloud CDN, autoscaling, VPC ingress, and egress firewalls, Cloud Armor
- Types of complementary partner products
Application Security: techniques and best practices
- Examples of application security vulnerabilities
- DoS protection in App Engine and Cloud Functions
- Cloud Security Scanner
- Threat: Identity and OAuth phishing
- Identity Aware Proxy
Content-related vulnerabilities: techniques and best practices
- Threat: Ransomware
- Mitigations: Backups, IAM, Data Loss Prevention API
- Threats: Data misuse, privacy violations, sensitive/restricted/unacceptable content
- Mitigations: Classifying content using Cloud ML APIs; scanning and redacting data using Data Loss Prevention API
- Understanding of Google’s approach to security
- Administrative identity management through Cloud Identity.
- Implementation of administrative access with minimum privileges using Google Cloud Resource Manager, Cloud IAM.
- Implementation of IP traffic controls using VPC firewalls and Cloud Armor
- Identity Aware Proxy Implementation
- Analysis of configuration changes or resource metadata with GC audit trails
- Scanning and writing sensitive data with the Data Loss Prevention API
- Scanning a GC implementation with Forseti
- Remediate important types of vulnerabilities, especially in public access to data and virtual machines.
Google Cloud Authorised Trainer
Koen Maes
TrainerKoen is a very experienced consultant with a long history in the information technology and services industry. He takes on a wide variety of roles in software development, always evolving and keeping up with new innovations. He picked up the potential of the cloud early on, which led him to become one of the first Authorized Trainers for Google Cloud.
He’s passionate about creating value for the customer… and getting things done!