Training schedule


Contact Giovanni Lanzani, if you want to know more about custom data & AI training for your teams. He’ll be happy to help you!
Check out more

Through lectures, demonstrations and hands-on labs, participants explore and implement the components of a safe GCP solution. Participants also learn attack mitigation techniques at many points in a GCP-based infrastructure, including distributed denial of service attacks, phishing attacks, and threats related to content classification and use.

This training is for you if…

you have:

  • Previous completion of Google Cloud  fundamentals: Basic infrastructure or equivalent experience
  • Previous completion of Networking on the Google Cloud or equivalent experience
  • Knowledge of the fundamental concepts of information security: Fundamental concepts: vulnerability, threat, attack surface, confidentiality, integrity, availability
  • Types of common threats and their mitigation strategies, Public Key Cryptography ,Public and Private Key Pairs, Certificates, Encryption Types,
  • Key Width, Certification Authorities. Transport Layer Security/Secure Sockets Transport Layer Encryption Communication, Public Key Infrastructures.
  • Security policy: Basic command line tools and Linux operating system environments.
  • Experience in system operations, including application deployment and management, either on-premise or in a public cloud environment, understanding of reading code in Python or JavaScript.

This training is not for you if…

you have:

  • No previous completion of Google Cloud  fundamentals: Basic infrastructure or equivalent experience
  • No previous completion of Networking on the Google Cloud or equivalent experience
  • Limited knowledge of the fundamental concepts of information security: Fundamental

Clients we've helped

What you'll learn

Foundations of GCP Security

  • Mitigation techniques for attacks
  • Distributed Denial-of-Service attacks
  • Phishing attacks
  • threats involving content classification and use

The schedule

Foundations of GCP Security

  • Google Cloud’s approach to security
  • The shared security responsibility model
  • Threats mitigated by Google and by GCP
  • Access Transparency

Cloud Identity

  • Cloud Identity
  • Syncing with Microsoft Active Directory
  • Choosing between Google authentication and SAML-based SSO
  • GCP best practices

Identity and Access Management

  • GCP Resource Manager: projects, folders, and organizations
  • GCP IAM roles, including custom roles
  • GCP IAM policies, including organization policies
  • GCP IAM best practices

Configuring Google Virtual Private Cloud for Isolation and Security

  • Configuring VPC firewalls (both ingress and egress rules)
  • Load balancing and SSL policies
  • Private Google API access
  • SSL proxy use
  • Best practices for structuring VPC networks
  • Best security practices for VPNs
  • Security considerations for interconnecting and peering options
  • Available security products from partners

Monitoring, Logging, Auditing, and Scanning

  • Stackdriver monitoring and logging
  • VPC flow logs
  • Cloud audit logging
  • Deploying and Using Forseti

Securing Compute Engine: techniques and best practices

  • Compute Engine service accounts, default and customer-defined
  • IAM roles for VMs
  • API scopes for VMs
  • Managing SSH keys for Linux VMs
  • Managing RDP logins for Windows VMs
  • Organization policy controls: trusted images, public IP address, disabling serial port
  • Encrypting VM images with customer-managed encryption keys and with customer-supplied encryption keys
  • Finding and remediating public access to VMs
  • VM best practices
  • Encrypting VM disks with customer-supplied encryption keys

Securing cloud data: techniques and best practices

  • Cloud Storage and IAM permissions
  • Cloud Storage and ACLs
  • Auditing cloud data, including finding and remediating publicly accessible data
  • Signed Cloud Storage URLs
  • Signed policy documents
  • Encrypting Cloud Storage objects with customer-managed encryption keys and with customer-supplied encryption keys
  • Best practices, including deleting archived versions of objects after key rotation
  • BigQuery authorized views
  • BigQuery IAM roles
  • Best practices, including preferring IAM permissions over ACLs

Protecting against Distributed Denial of Service Attacks: techniques and best practices

  • How DDoS attacks work
  • Mitigations: GCLB, Cloud CDN, autoscaling, VPC ingress, and egress firewalls, Cloud Armor
  • Types of complementary partner products

Application Security: techniques and best practices

  • Examples of application security vulnerabilities
  • DoS protection in App Engine and Cloud Functions
  • Cloud Security Scanner
  • Threat: Identity and OAuth phishing
  • Identity Aware Proxy

Content-related vulnerabilities: techniques and best practices

  • Threat: Ransomware
  • Mitigations: Backups, IAM, Data Loss Prevention API
  • Threats: Data misuse, privacy violations, sensitive/restricted/unacceptable content
  • Mitigations: Classifying content using Cloud ML APIs; scanning and redacting data using Data Loss Prevention API


  • Understanding of Google’s approach to security
  • Administrative identity management through Cloud Identity.
  • Implementation of administrative access with minimum privileges using Google Cloud Resource Manager, Cloud IAM.
  • Implementation of IP traffic controls using VPC firewalls and Cloud Armor
  • Identity Aware Proxy Implementation
  • Analysis of configuration changes or resource metadata with GC audit trails
  • Scanning and writing sensitive data with the Data Loss Prevention API
  • Scanning a GC implementation with Forseti
  • Remediate important types of vulnerabilities, especially in public access to data and virtual machines.

Google Cloud Authorised Trainer

meet your trainer

Koen Maes


Koen is a very experienced consultant with a long history in the information technology and services industry. He takes on a wide variety of roles in software development, always evolving and keeping up with new innovations. He picked up the potential of the cloud early on, which led him to become one of the first Authorized Trainers for Google Cloud.

He’s passionate about creating value for the customer… and getting things done!

Flexible delivery

The Right Format For Your Preferred Learning Style

In-Classroom & In-Company Training
Online, Instructor-Led Training
Hybrid and Blended Learning
Self-Paced Training
Get in touch with the experts

Have any questions?

Contact Giovanni Lanzani, our Managing Director of Learning and Development, if you want to know more. He’ll be happy to help you!

Call me back

You can reach him out by phone as well at +31 6 51 20 6163

Course: Security in Google Cloud Platform

Book now