← Academy Hub
Learning Track · 23 modules

Cloud Security Practitioner

AWS → Azure → GCP → Kubernetes. Real hardening, not checklists.

Why this track

Cloud is now the default for Indian SaaS, fintech, healthtech, and increasingly traditional enterprises. But cloud security is not on by default. This track walks through AWS, Azure, GCP, and Kubernetes with one organising principle: shared responsibility done correctly. You will leave able to audit any cloud account against the CIS Benchmark, harden the IAM that nearly every breach we see in 2026 abuses, and design segmentation and logging that hold up under DPDP, RBI, SEBI, and IRDAI inspection.

What you will be able to do
  • Audit any AWS / Azure / GCP account end-to-end against CIS Benchmark
  • Harden IAM to remove the over-permissioned roles attackers actually exploit
  • Design VPC / VNet / VPC-SC architectures that survive segmentation testing
  • Implement detection and response with CloudTrail, Activity Log, Audit Logs + SIEM
  • Pass cloud-related controls in RBI / SEBI / IRDAI / SOC 2 / ISO 27001 audits
Prerequisite: Networking fundamentals strongly recommended. Basic Linux helpful.
23
Modules
20.9 h
Total time
23
Free modules
Quiz retries
Difficulty mix
Beginner · 1 Intermediate · 9 Advanced · 13

Module sequence

M1
Zero Trust Architecture — From VPN to Identity-Aware Access
What Zero Trust actually is, the five CISA pillars, the reference stack for Indian mid-market organisations, and a realistic 12 to 18 month rollout sequence — identity, devices, conditional access, ZTNA, workload identity, data classification.
Advanced 75 min
M1
Cloud Security Mental Models
Cloud security is often taught as a taxonomy — “AWS IAM works like this, GCP IAM works like this, Azure is different.” That’s how you end up memorising 300 service-specific checkboxes without ever understanding what matters. This module inverts the usual approach: we give you the mental models that apply across AWS, Azure, GCP, and […]
Beginner 60 min
M2
AWS IAM Deep Dive
AWS IAM is the single largest source of cloud misconfigurations. It’s also AWS’s most powerful feature. Master it and you can architect least-privilege cleanly; fumble it and you ship the kind of blast radius that makes every new access key a production-impacting event. This module is the concrete IAM practitioner’s guide. You’ve seen the mental […]
Intermediate 90 min
M3
Infrastructure-as-Code Security
Checkov, Trivy, kube-score. Terraform issue categories, Kubernetes hardening, Dockerfile patterns, Kyverno/OPA policies.
Intermediate 90 min
M3
S3 Security and Misconfigurations
Amazon S3 is the single cloud service that has caused more publicly-disclosed breaches than any other — by a wide margin. Hundreds of millions of records from financial institutions, healthcare organisations, government agencies, and consumer apps have leaked from misconfigured S3 buckets. Every single incident was preventable with settings available in the AWS console. This […]
Intermediate 60 min
M4
Kubernetes Attack Surface
Kubernetes is where 2024-2026 cloud security action is happening. Every Indian fintech, every serious SaaS, and most mature enterprises now run workloads on Kubernetes. And Kubernetes, by design, has the most complex security surface of any modern platform. The control plane, the worker nodes, the network fabric, the service mesh, the supply chain, the secrets, […]
Advanced 120 min
M5
Secrets Management
Every application has secrets — database passwords, API keys, TLS certs, encryption keys, third-party tokens. Where you store them determines whether a compromise is contained or catastrophic. This module covers secrets-management patterns for modern cloud applications. The problem Secrets historically lived in: environment variables, config files, source code, shared spreadsheets, Slack messages, CI/CD logs. Each […]
Intermediate 90 min
M6
Cross-Account Attacks in AWS
Multi-account AWS (or multi-subscription Azure / multi-project GCP) is the norm. Production in one account, staging in another, security tooling in a third, sometimes dozens of accounts across business units. Each cross-account boundary is a potential attack surface — and when misconfigured, a path from one compromised account to many. Why multi-account Blast-radius limitation — […]
Advanced 90 min
M7
Cloud Incident Response
Cloud incidents move fast. An attacker with a leaked access key can enumerate the account in minutes and begin exfiltration. Response time matters. This module covers a practitioner-grade cloud IR workflow — what to do in the first 30 minutes, 2 hours, and 24 hours after suspecting compromise. The cloud-specific challenges Speed — API-based actions […]
Advanced 120 min
M8
GCP IAM & Workload Identity Federation
Why this module exists. Every Indian SaaS that adopted GCP after 2022 inherited an IAM model fundamentally different from AWS. The pieces look similar — IAM, service accounts, roles — but the wiring is different and the attack paths are different. If you bring AWS muscle memory to GCP, you’ll either over-permission everything or miss […]
Advanced 35
M9
Azure RBAC & Privilege Escalation Paths
Why this module exists. Azure has two parallel permission systems — RBAC for management plane (resources), Entra ID roles for identity plane. Most engineers treat them as one. Attackers know they’re separate, and the mismatched grants are where privilege escalation lives. The two-plane model Management plane (Azure RBAC). Who can create / read / modify […]
Advanced 35
M10
Container Escape — From Pod to Node
Why this module exists. Containers are isolation, not security. The Linux kernel boundary between container and host has historically had escape paths every 6-18 months. Most enterprises run Kubernetes with Pod Security policies set to “permissive” because it’s the default. Every red team checks for container-escape primitives first. What “container escape” means A process inside […]
Advanced 35
M11
Service Mesh Security — Istio, Linkerd, mTLS
Why this module exists. “We added Istio and now we have zero trust.” No, you don’t. Service mesh adds powerful primitives — mTLS, identity-aware authorization — but most installations use ~20% of those primitives. The remaining 80% is where attacks live. What service mesh actually does An Envoy / Linkerd-proxy sidecar intercepts every request entering […]
Advanced 30
M12
AWS Lambda & Serverless Attack Surface
Why this module exists. Serverless is “no server to harden” — and a new attack surface that most security teams don’t review with the same rigour as VMs. Lambda functions, Cloud Functions, Azure Functions all share patterns: event-triggered execution, IAM-defined permissions, ephemeral compute, third-party dependencies. Each is an attack vector. The Lambda attack surface — […]
Intermediate 30
M13
Cloud SSRF & IMDS — IMDSv2 and Beyond
Why this module exists. Capital One. Capital One. Capital One. Every cloud security training references it because the chain is iconic: external SSRF → IMDS → IAM credentials → S3 dump. Six years later, IMDSv1 is still enabled on enough EC2 fleets to keep the attack practical. And Azure / GCP have their own metadata-service […]
Intermediate 30
M15
CloudTrail Forensics — Reading the Audit Log
Why this module exists. If you can’t read CloudTrail, you can’t do cloud incident response. CloudTrail is to AWS what Windows Event Logs are to AD: every action by every principal is recorded. Most defenders skim the volume; experienced cloud-IR practitioners write surgical Athena queries that crack open incidents in 20 minutes. What CloudTrail records […]
Intermediate 35
M16
Cost-Based Denial of Service
Why this module exists. Modern cloud architectures auto-scale. Auto-scaling means an attacker who can drive load can drive your bill — to bankruptcy levels — without taking the service down. The 2020-2024 wave of “DenialOfWallet” attacks demonstrated that autoscaling without circuit breakers is a financial DoS. Indian SaaS, especially YC-funded startups with low cash runway, […]
Intermediate 25
M17
Multi-Cloud Identity Federation Attack Surface
Why this module exists. Indian enterprises in 2026 are multi-cloud. Workloads on AWS, identity in Entra ID, data lakes in GCP, kubernetes on multiple clouds. Each integration uses identity federation — and each federation is a trust boundary that attackers can pivot across. The bugs that matter are at the seams between clouds, not within […]
Advanced 35
M19
Cloud Security Posture Management (CSPM) at Production Scale
What CSPM tools do Connect to cloud accounts via API; continuously enumerate resources and configurations; check against benchmark rules; report findings. Tool Strength Prowler (open-source) AWS-focused; broad CIS coverage ScoutSuite (open-source) Multi-cloud (AWS, Azure, GCP) CloudSploit / Aqua (open-source) Multi-cloud; modern UI Wiz, Orca, Palo Alto Prisma Commercial; agentless scanning + risk graph AWS Security […]
Intermediate 30
M20
Securing Multi-Cloud Architectures
Why organisations go multi-cloud Resilience against single-provider outage. Regulator preference (RBI may prefer certain providers for specific workloads). Best-of-breed (Azure for M365 integration, AWS for ML, GCP for data analytics). Vendor leverage in negotiation. Acquired company arrives with different cloud. The multi-cloud security challenges Distinct IAM models: AWS IAM, Azure RBAC, GCP IAM each have […]
Advanced 35
M21
Cloud Workload Protection (CWPP) — VMs, Containers, Serverless
CWPP vs CSPM CSPM CWPP Configuration of cloud resources What is running on those resources Public buckets, broad SGs, unencrypted volumes Malware, intrusion, suspicious processes, file integrity Agentless (mostly) Agent or eBPF probe per workload Mature programmes deploy both. CNAPP (Cloud-Native Application Protection Platform) is the converged offering — CSPM + CWPP + CIEM (identity […]
Advanced 35
M22
Kubernetes Security at Production Scale
The four production K8s domains Cluster security: API server, etcd, kubelet, control plane hardening. Workload security: Pod Security Standards, admission control, runtime protection. Network security: NetworkPolicy, service mesh, ingress, egress. Supply chain: image signing, SBOM, admission control verification. API server hardening API server reachable only through bastion / VPN / private endpoint; never public. Audit […]
Advanced 40
M23
Serverless Security — Functions, Event Sources, API Gateway
The serverless threat model What you no longer manage: OS patches, container runtime, network firewall (mostly). What becomes more critical: function code, IAM permissions, event sources, dependencies. The recurring vulnerability classes Over-privileged function roles: function role can do far more than the function actually needs. Compromise of function = wide IAM access. Injection via event […]
Advanced 30

Related tracks

Track
Attacker Mindset — Cloud
Shared responsibility reality, IAM sprawl, metadata endpoints, K8s + serverless + supply chain, data exposure, cloud-specific detection.
🔷
Track
Microsoft Azure & M365
Entra ID, Azure resources, M365 — the Microsoft cloud security stack.
🌀
Track
Google Cloud Platform
GCP IAM, networking, VPC Service Controls, Workload Identity Federation, Confidential Computing.
Track
DevSecOps
Security in the SDLC. SAST/DAST/SCA, IaC, CI/CD hardening, software supply chain.

Common questions about this track

Which cloud should I learn first? +

AWS for breadth (largest market share + most public CVEs / breach learning). Then add Azure if you serve regulated Indian customers (RBI / SEBI / banking lean Microsoft) or GCP if you are in data analytics / ML. Multi-cloud comes after single-cloud mastery.

Is this enough for AWS / Azure security certifications? +

It covers most of the practical knowledge tested in AWS Security Specialty and Azure SC-100. The cert exams add provider-specific service-trivia; this track adds the depth those services exist to support.

How does this differ from a CSPM tool? +

A CSPM tells you what is wrong; this track explains why it is wrong, why the misconfig exists, and how to design it not to. Tools complement understanding; they do not replace it.

Does this cover Kubernetes? +

Yes — there are dedicated K8s modules covering RBAC, Pod Security Standards, network policies, secrets, and runtime defence (Falco). EKS / AKS / GKE specifics included.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map