🌀

Learning Track · 12 modules

Google Cloud Platform

GCP IAM, networking, VPC Service Controls, Workload Identity Federation, Confidential Computing.

Why this track

GCP IAM, networking, VPC Service Controls, Workload Identity Federation, Confidential Computing. This track walks you from fundamentals through advanced techniques across 12 practitioner modules — the same body of knowledge senior security professionals build over years, structured for self-paced progression with India-specific context throughout.

Prerequisite: See module 1 for entry context. Most modules are self-contained but follow the suggested sequence for best results.

Modules

6.2 h

Total time

Free modules

∞

Quiz retries

Difficulty mix

Beginner · 2 Intermediate · 6 Advanced · 4

Module sequence

Google Cloud Platform Security

Resource hierarchy, IAM, service accounts, network, GCS/SQL/GKE/KMS hardening, Security Command Center.

Intermediate 90 min →

GCP Advanced — VPC-SC, WIF, Confidential Computing

VPC Service Controls, Workload Identity Federation, BeyondCorp, Confidential VMs, Assured Workloads, EKM.

Advanced 120 min →

GCP Organisation Hierarchy

GCP’s hierarchy is the foundation of multi-project security. Levels Organisation — top; tied to your Google Workspace / Cloud Identity domain Folders — group projects (by environment, business unit) Projects — workload boundary; resources live here Resources — buckets, instances, etc. IAM inheritance Roles granted at higher levels apply to all child resources. Org-level Owner […]

Beginner 15 →

VPC Service Controls

VPC Service Controls = GCP’s data-exfiltration defence. Define a perimeter; data can’t leave it even with valid credentials. The model Perimeter wraps GCP services + projects Inside perimeter: free communication Outside attempting to access services inside: blocked unless explicit ingress rule Inside attempting to send to outside: blocked unless explicit egress rule Common patterns Lock […]

Advanced 20 →

BigQuery Security

BigQuery is the most-used data warehouse for Indian fintech. Security model is rich; most teams use 30%. Access patterns Dataset-level — coarse; user can see entire dataset or none Authorized views — view exposes subset to other users without granting access to underlying tables Row-level security — policies restrict which rows a user sees Column-level […]

Intermediate 20 →

Google Secret Manager

GCP’s native secrets store. Simpler than Vault; sufficient for most. Features Versioned secrets (latest, specific version) IAM-scoped access Replication policies (auto / user-managed) Cloud KMS encryption Audit log per access Secret Manager Notifications for rotation triggers Pattern gcloud secrets create my-secret --replication-policy=automatic gcloud secrets versions add my-secret --data-file=./secret.txt # In application from google.cloud import secretmanager […]

Beginner 15 →

Cloud Armor for WAF & DDoS

Cloud Armor = Google’s edge security. WAF + DDoS + bot mitigation. Layers Standard — basic L3/4 DDoS, included with HTTP(S) load balancer Plus — adaptive DDoS protection, ML-based, paid tier WAF rules — preconfigured (OWASP CRS) + custom Bot management — reCAPTCHA Enterprise integration Common WAF rules OWASP CRS (XSS, SQLi, RCE, LFI/RFI) Custom […]

Intermediate 15 →

GKE Autopilot Security

GKE Autopilot = Google manages nodes; user manages workloads. Security defaults are enforced; less flexibility. What’s enforced Workload Identity Shielded GKE Nodes Network Policy Container-Optimized OS Auto-upgrade Limited node-level access (no SSH) Tradeoffs Higher per-pod cost than Standard Some advanced features (DaemonSets in kube-system, custom kernel modules) not allowed For most teams: tradeoff worth it […]

Intermediate 15 →

Binary Authorization

Binary Authorization = admission controller for GKE/Cloud Run. Only deploy images that pass policy. How it works Build pipeline produces image + attestation (using Cloud KMS-signed key) Binary Auth policy specifies required attestations Deploy attempt: image checked against policy Match → allow; no match → deny Common policies “Image must be from this Artifact Registry” […]

Advanced 15 →

M10

Cloud DLP

Cloud DLP API: detect and transform sensitive data at scale. Built-in detectors Aadhaar number, PAN, Indian phone, credit card, email, US SSN, names, addresses — 100+ infoTypes. Use cases Scan BigQuery datasets for PII; report findings Tokenise PII before storing (FPE — format-preserving encryption) Mask in real-time during data export De-identify production data for dev […]

Intermediate 15 →

M11

Security Command Center

SCC = GCP’s security findings hub. Like Defender for Cloud (Azure) or Security Hub (AWS). Tiers Standard — free; CIS benchmark scanning, basic IAM recommender Premium — Container Threat Detection, Event Threat Detection, Web Security Scanner, Compliance modules What it surfaces Misconfigurations (open buckets, weak IAM) Vulnerabilities in workloads Threat indicators (anomalous IAM grant, suspicious […]

Intermediate 15 →

M12

Confidential Computing

Confidential Computing = data encrypted in use, not just at rest and in transit. Hardware-based memory encryption. GCP options Confidential VMs — based on AMD SEV-SNP or Intel TDX Confidential GKE Nodes — same hardware for K8s workloads Confidential Spaces — for multi-party computation Use cases Process sensitive data without exposing to cloud admin Multi-party […]

Advanced 15 →

Common questions about this track

How long will this track take me? +

Most learners finish in 4-8 weeks at a sustainable 4-5 hours per week. Modules are self-paced so you can move faster or slower as life allows.

Do I need prior experience? +

Module 1 sets the entry baseline. The first module is always free; if it feels approachable, the track is for you.

Will this prepare me for industry certifications? +

Most modules align with the body of knowledge tested by senior security certifications. The Academy is not a cert-prep course but produces working knowledge that transfers to any cert exam in the same domain.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map