The bad news is there’s a global shortage of trained cybersecurity professionals: According to PWC, there will be 1.5 million cybersecurity job openings by 2019, and the talent market is not expected to catch up any time soon. The good news is that hundreds of quality resources are available to help both established and up-and-coming cloud security professionals educate themselves.
If you’re looking for networking opportunities and access to specialized training in your areas of interest, attending cloud security conferences is an excellent way to rack up your credentials, so be sure to visit our list of 50 cloud security conferences to attend in 2018 and beyond.
If conferences aren’t a good option for you, there are lots of other professional development avenues you can take. To help you in your cloud security training search, we’ve compiled a list of 50 different resources in a variety of categories, ranging from training courses to video content, whitepapers, and more — along with a few useful career resources to help you put those newly acquired skills to work.
It can be difficult to know which training resources are best for your situation, especially when you’re just beginning your career in cybersecurity. That’s why we’ve put this blog post together, grouping resources into logical categories that are intended to help you find resources that are best-suited to your specific needs.
Note: The cloud security training resources discussed below are not ranked in any way, and Threat Stack does not directly endorse any of them. We are simply providing them here for information purposes and have grouped them into logical categories for ease of navigation.
- Cybrary Cloud Fundamentals
- Cybrary Intermediate Cloud Security Course
- Cybrary ISC2 Certified Cloud Security Professional
- Cybrary Corporate Cybersecurity Management
- Cybrary CUI NIST 800-171
- Metasploit Ethical Hacking
- SANS CyberAces Online
- GIAC Certifications
- Secure Ninja
- InfoSec Institute
- Threat Stack Blog
- Cloud Academy Blog
- Cloud Security Alliance Industry Blog
- (ISC)² Blog
- Intrinsec Industry Experts Blog
- DZone Security Spotlight
- InfoSec Institute Blog
- Cybersecurity Ventures
- Security Now
- Security Weekly
- Google Cyber Security Tag
- DefCon Conference Vids
- Virtual Hacking Labs
- Hera Lab
- NDG Labs
- Cybrary Virtual Security Labs
- Virtual Security Cloud Labs 3.0
- Cybrary CompTIA SYO-501: Security+ Practice Test
- Udemy CCSK (v3.0) – Cloud Security Certification: Practice Tests
- Wiley CCSP Official (ISC)2 Practice Tests
- Intrinsec Quiz Library
- InfoSec Institute Sample Questions
- Amazon AWS Whitepapers
- Azure Security Whitepapers
- Cisco Whitepapers
- CIO Security Whitepapers
- SANS Cloud Computing Papers
- Kaspersky Whitepapers
- Oracle Security Articles
- SAP Security Whitepapers
- Cyber Degrees
- Cyber Security Jobs
- Indeed Cyber Security Jobs
This course is designed to help you master cloud-related processes and implement cloud security practices. The certification will help identify technology for securing mission-critical, cloud-based assets. Furthermore, it will keep you abreast of the processes, policies, and compliance requirements that are needed with new trends in technology.
- Learn application and data migration of cloud-based systems
- Identify core concepts of cloud computing
- Assess risks when moving to cloud technology
- Gain knowledge of infrastructure architecture of cloud-based systems
This course is designed to help you identify technology for securing mission-critical, cloud-based assets. The course teaches you about data migration as well as infrastructure architecture. You will also be able to assess risks for migration to cloud technology and use best practices to remediate vulnerabilities in cloud-based platforms. This is an intermediate course and is recommended for data system owners and custodians or cloud security professionals with 2–3 years’ of cloud security practice.
- Learn data migration concepts and application of cloud-based systems
- Identify mission-critical, cloud-based systems
- Learn about infrastructure architecture and application security of cloud-based systems
The Certified Cloud Security Professional (CCSP) course covers all the domains needed for cloud security. The course is 5.5 hours long and is conducted via six video modules. However, before taking this course, it is important to note that the ISC2 certification requires five years of IT experience with three of those in security and one year in cloud security.
- Introduction to Enterprise Architecture
- Data security lifecycle and security policies
- Identity and access management
- Determining data sensitivity and responsibilities
- Risk assessment, analysis, and mitigation
- Forensic investigation process and related laws
This course is geared for cyber security leaders and educates them about technical threats and their translation into business risk. The course helps you understand the impact of the threat and convert it into quantifiable data to observe the potential implications to your business. A complete knowledge of a cyber risk, legal considerations, and insurance can save a business from financial devastation should an incident occur.
- Legal concepts relative to cyber security
- Translating technical threats into business risks
- Cyber implications for publicly trading companies
- Underwriting process and considerations
This course is designed to go through the classifications for controlled, unclassified information as defined by the NIST 800-171 standard. It walks through the importance of having vital security controls over information when it is outside federal infrastructure. The course is intended for developers, project managers, and personnel in the organization who are involved in the software development life cycle (SDLC) or handling unclassified information (CUI).
- Access control and security requirements
- Identification and authentication requirements
- Risk and security assessment
- Systems and communications protection
Metasploit Unleashed (MSFU) is a free course offered by Offensive Security. This course acts as a starting point for Information Security Professionals who want to learn penetration testing and ethical hacking but who are not yet ready to plunge into a paid course in this arena. (The course is provided free of charge by Offensive Security to raise awareness for underprivileged children in East Africa. If you enjoy this free ethical hacking course, Offensive Security asks that you make a donation to the Hackers For Charity non-profit 501(c)(3) organization.)
- Introduction to penetration testing
- Basics of ethical hacking
SANS CyberAces Online offers this free course on the fundamentals of cyber security. It develops the knowledge and skills needed to master core concepts in security. The course develops a foundation for building a career in cyber security, or individuals can take it just to learn how to strengthen their own home network.
- Introduction to operating systems
- Understanding of network fundamentals
- Tools to perform system administration
The Global Information Assurance Certifications (GIAC) helps develop hands-on skills for security administration, management, audit, and software security. It offers more than 30 specialized information security certifications that correspond to specific job titles. Rather than a one-size-fits-all approach, it validates specific skills of security professionals and developers with established standards and the highest benchmarks in the industry.
- Cyber Defense
- Penetration Testing
- Incident Response and Forensics
- Management, Audit, and Legal
- Industrial Control Systems
(ISC)² offers courses that are created from the Common Body of Knowledge (CBK). It gives you an option for your training to be highly structured or flexible. You can take the course either online, in-person, instructor led, or as a self-study course.
- Provides real-world, in-depth practice
- Up-to-date security content and practices
- Training offered by industry experts
MIS Training Institute (MISTI) offers numerous courses in security training for audit and information security professionals to keep up to speed with the latest trends in technology. It also offers live events and seminars conducted by industry experts.
- Courses include proven audit and security practices
- MISTI is registered with the National Association of State Boards of Accountancy (NASBA)
SANS offers more than 65 courses that cover every topic from core essentials to advanced topics in penetration testing and ethical hacking, threat hunting, incident response, critical infrastructure defense, audit, and legal. Free course demos are available to give you a feel for individual courses.
- Series of basic and advanced courses available on security
- Special courses available live or online
Secure Ninja provides professionals with training and certifications related to IT and Cyber Security. It offers various training courses that are instructor-led and live online. The courses vary from foundational level to advanced hacking and are aligned to the National Initiative for Cybersecurity Education (NICE). However, these courses are open to corporate and government sponsored customers only.
- Learn about advanced systems and applications attack and defense
- Hands-on implementation of security applications
- Exploit development and advanced cyber war bootcamp courses
InfoSec Institute offers training on a wide range of security-specific topics, enterprise security awareness, and phishing training. It delivers training targeted to different roles, and the courses offered self-evolve with security aptitudes creating personalized learning experiences.
- Computer and mobile forensics training
- Ethical hacking
- Incident response and network forensics
The International Council of E-Commerce Consultants (EC-Council) is an organization that certifies professionals on a range of security skills. The courses offered provide information security professionals with the knowledge that will help them avert a cyber conflict if such a situation arises.
- Ethical Hacking
- Computer Hacking Forensics
- Penetration Testing
As a leading cloud security company, Threat Stack offers its comprehensive Threat Stack Cloud Security Platform® as well as the Threat Stack Cloud SecOps Program℠. And since we believe that informed people make better decisions, we’ve made it part of our mission since day one to ensure that reliable security information is available on the Threat Stack blog. Given the rapid pace of change in cybersecurity — along with the growing need to deal with infrastructure in transition as organizations build and manage increasingly sophisticated tech stacks — current, expert content is essential to good security.
Practical tips and guidance on a large number of cybersecurity topics including:
- Cloud security
- SecOps and DevOps
- Risk Management
The Cloud Academy Blog provides informative articles on various categories such as learning cloud computing, certification, and cloud security. It has weekly posts that deal with diverse topics related to cloud security. A regular reading of the blog will keep you current with GDPR requirements, best practices for security strategy, upcoming events in the industry, and more.
- Learn about current cloud security topics
- Learn about security, migration, and storage
- Keep abreast of current best practices
The Cloud Security Alliance (CSA) Industry blog has regular posts that promote best practices for providing security assurance within cloud computing. It educates readers on the uses of cloud computing to help secure all other forms of computing. The blog authors represent a wide spectrum of industry practitioners, associations, corporations, and other stakeholders.
- Current and informative security tips
- Cyber security trends and training Q & A
- Latest cyber security certifications needed for IT professionals
The (ISC)² blog serves as an open dialogue and collaboration between software, information, and infrastructure security professionals worldwide. The forum exchanges ideas and provides current best practices for a secure cyber world. It contributes to the community via a broad range of informational security topics.
- Acts as a platform for (ISC)² members to express their viewpoints
- Discusses various categories such as breaches, cloud security, cyber security training, and digital forensics
- Is an active forum to discuss the latest industry trends
This blog provides IT personnel with training resources on cloud and cyber security. The primary objective is to keep readers updated with the changes in information security and to provide tools to foster professional growth. Readers are given steps to increase security awareness as well as guides designed for professionals with any level of experience in every area of security.
- Features informative articles on cloud and cyber security
- Educates on handling cloud disaster and recovery
Dzone keeps readers updated with the latest application security news. It also discusses various tools to use in different cyber and cloud security circumstances, and provides educational tutorials designed to keep your security skills up-to-date. Additionally, leading experts share their viewpoints on the rapidly changing cyber world.
- Promotes the latest apps that assist in security
- Discusses ways in which cyber and cloud security is evolving
- Keeps readers updated with upcoming industry events and summits
The InfoSec Institute Blog shares current events regarding security breaches and mistakes, and outlines methods for mitigating risks surrounding similar security threats. The blog also shares information regarding insider threats, security concerns, risks involved, and ways to mitigate them. It is also a resource that provides guidance on current cloud security training and certifications needed by IT personnel.
- Provides a guide to cloud security certifications
- Discusses new possibilities in threat management
- Answers questions designed to increase cloud knowledge
Cybersecurity Ventures discusses the most current events, news, and statistics from the cyber security industry. It features blogs on topics that relate to monetary damages incurred due to cybercrime and also offers various cyber security market reports.
- Lists recent books on cybercrime
- Provides trending articles on cyber security from leading magazines
- Highlights security-related careers and resources
- Lists upcoming events, conferences, and summits
- Links to resources and tools needed for cyber security
- Displays a list of recently reported cyber crimes
Security Now is a video channel that features Steve Gibson who currently reports on cybercrime. Steve is the president and founder of Gibson Research Association, and is a developer and publisher with many products to his credit. In each of his episodes (which are often over two hours long), he presents an in-depth analysis of a recent cybercrime or security-related issues.
- Features a regular episode on News and Feedback
- Discusses varied topics ranging from Wi-Fi protection and cellular privacy to securing connected things
- Provides a detailed analysis of recently reported security breaches
The Security Weekly podcast/YouTube channel presents the latest interviews with leading security personalities. Most of the episodes are under an hour long and discuss varied topics related to information security. The podcast also features technical segments providing in-depth analyses of recent hacking or security concerns.
- Covers topics ranging from travel security and social media hacking to application security
- Features articles, news, and discussion
Hak5 is a video channel created by security professionals and hardcore gamers. It is not your conventional tech show that discusses current cyber breaches, but rather has over 1,000 short videos categorized into different playlists. You can select a playlist that interests you to start diving into the world of hacking. It also features a short weekly post, usually under 30 minutes, that discusses the newest hacks, mods, and privacy hardware or software.
- Threat Wire: Covers security, privacy, and internet freedom news
- Tech Thing: Discusses new technology, software, and hardware
- HakTip: Tips for current and aspiring hackers
- MetasploitMinute: Gives detailed breakdowns on breaking in
The Google Cyber Security channel has short (under 5 minute) education videos. The videos on this channel are created by users, nonprofit groups, businesses, schools, and government agencies.
- Short videos on phishing and computer safety
DefCon derives its name from a conference that is held annually in Las Vegas. It is attended by lawyers, law enforcement agents, cryptographers, civil libertarians, and hackers. This video channel features different speeches delivered at the conference. The videos vary from 30 minutes to an hour and cover diverse topics related to cyber hacking.
- Experienced professionals and industry experts share the stage and conduct workshops
- Educational videos deal with numerous topics of data, information, and security
- Videos also introduce new products and services relevant in the cyber security world
The primary focus of virtual hacking labs is practical penetration testing training solutions. It offers courses that are completely practical and scenario based. Virtual Hacking Labs offers training material at an affordable rate to all aspiring information security professionals. Their courseware starts from basic and gradually increases in difficulty by covering more advanced subjects.
- Offers a full penetration testing course and lab access
- The virtual lab has more than 35 vulnerable hosts
- Advanced progress tracking
- Personal reset interface
Hera Lab based in Santa Clara, California offers a sophisticated Virtual Lab on IT security. It operates under the eLearnSecurity brand, which is a leading innovator in the field of practical security training. It facilitates learning and practicing new skills by the virtualization technology in their Coliseum Web Application Security Framework and Hera Network Security Lab.
- Sophisticated virtual IT security lab
- Access to real corporate networks in VPN
- Initiates a new dedicated and isolated scenario for each request
- Users only pay for access time to the lab (as opposed to a monthly or quarterly plan)
NDG Online offers several labs that provide a platform for learning for aspiring IT professionals. The labs implement a “practice as you read” approach and feature coursebooks, lab exercises, and assessments. The coursebook functions as an online textbook whereas the lab exercises have easy-to-follow tasks that give the real-world experience needed to ensure understanding. The learner’s proficiency is gauged by tests and quizzes provided within the learning environment.
- Individuals are assigned self-paced learner accounts
- Ethical Hacking, Forensics, and Security labs are offered for intermediate level learning
- Advanced topics include cryptography, host-based security analysis, and attack methods
Cybrary Virtual Security Labs offers various labs that facilitate learning for professionals seeking to enhance their skills. Labs such as the Ethical Hacking Virtual Lab develop skills in hacking and penetration testing whereas the Security + Virtual Lab will help you deter hackers and avoid cybercrime incidents.
- Separate labs available for each vendor such as CISCO, Microsoft, CompTIA, and (ISC)²
- CompTIA Security+ 501 Virtual Lab provides practical and fundamental knowledge for securing a network and managing risk
- Introduction to Network Security Tools Virtual Lab provides learners with expertise on selecting the right tools to safeguard their organization
Virtual Security Cloud Labs has innovative labs that provide hands-on experiential learning. Their Information Systems Security and Assurance Curriculum provides a “fully immersive mock IT infrastructure” that enables students to enhance their skills with realistic security scenarios.
- Access to 80 virtual labs
- Ability to practice “white hat hacking” on actual IT infrastructure
- Includes lab challenge and analysis to supplement hands-on demonstration
- Progress tracking, Collapsible Lab Frame, and System Checker
This practice test is designed to prepare individuals to succeed in the CompTIA Security+ certification exam. The exam is 90 minutes long and has 90 multiple choice and performance-based questions. The CompTIA Security+ certification indicates that an individual possesses the ability to deter hackers and secure a network. The practice exam gives 6-months access on varied topics revolving around security of networks, operations, and applications.
- Allows customizable testing by configuring practice tests according to the student’s study objective and preferences
- Provides premade flashcards to review concepts
- Offers timed and preset tests that help determine the individual’s readiness for the certification exam
This practice test assesses your knowledge and expertise In preparation for the Certification of Cloud Security Knowledge (CCSK) exam. The practice test mimics the actual exam, includes questions from a) CSA Security Guidance for “Critical Areas of Focus in Cloud Computing v3” and b) ENISA report “Cloud Computing: Benefits, Risks and recommendations for Information” that form the CCSK exam body of knowledge.
- 2 full-length practice exams
- Students have 90 minutes to complete 60 multiple choice questions
This comprehensive book contains over 1,000 practice questions to test your understanding and gauge your readiness for the Certified Cloud Security Professional (CCSP) exam. It includes answers with full explanations and reasoning for each approach.
- Covers 100% of all CCSP exam domains
- Organized by domain so you can practice selected domain questions
- Includes two practice exams
Intrinsec specializes in providing educational services on cloud and cyber security. It offers two free practice quizzes that help you gauge your readiness for the CCSK exam. Each of the practice quizzes has 10 questions to be answered in 15 minutes. It does offer additional CCSK practice exams, but those have to purchased as part of a training program.
The 3 training programs that have the CCSK practice exam are:
- CCSK: On-Demand (Self-paced training)
- CCSK: Foundation (Instructor-led training)
- CCSK Plus (Instructor-led training)
InfoSec Resources offers training for the Certified Cloud Security Professionals (CCSP) certification. To test your knowledge on cloud technologies, they offer 10 sample questions with detailed explanations of each answer.
AWS whitepaper topics are authored by the AWS Team, independent analysts, or the AWS Community and cover technicalities in all areas such as architecture, security, compliance, and cloud computing economics.
- AWS security processes
- AWS security checklist
- AWS best practices
- AWS risk and compliance
Azure Security has numerous whitepapers that discuss the functionality of Azure security services in-depth. The whitepapers also explain technical overviews and best practices to be followed when using Azure security services.
- Advanced threat detection
- Azure network security
- Azure operational security
- Azure security technical capabilities
Cisco is committed to data protection and security, and Cisco Cloud Web Security (CWS) enforces stringent privacy and security policies in that regard. The whitepapers published by Cisco are: a) “Web Security: Protect Your Data in the Cloud” and b) “Cisco Cloud Web Security and Data Privacy”.
- Physical, data, network, and logical security
- Proactive attack analysis
- Cognitive threat analysis
CIO features a vast resource library of whitepapers that can be filtered according to sponsor. Numerous sponsors can be selected for whitepapers based on the product or service you are working with. The whitepapers cover diverse topics such as Big Data Cloud and Mobile.
- Best practices
- Current technology trends
- Blueprints for cyber security
SANS Cloud Computing currently features 32 papers written by prominent analysts as well as by students of SANS Technology Institute (STI) as their research findings. The papers cover diverse topics on cloud computing, including cloud security.
- Hybrid cloud security
- Future network security architecture
- Automating cloud security to mitigate risks
- Cyber security trends
Kaspersky is known for their threat intelligence and security expertise as well as providing a number of specialized security solutions and services. In accordance with that, they have numerous whitepapers that talk about the latest IT security technologies and solutions from Kaspersky Lab. The whitepapers are grouped in a number of categories.
- Cyber security solutions
- Anti-targeted attack
- Cloud security
- Endpoint security
- Fraud prevention
The Oracle website lists a number of security articles that talk about security-related issues and concerns. The issues discussed cover a wide spectrum from mobile security and cloud security to implementation of multi-factor authentication.
- Information security
- Overcoming security challenges
- Maintenance of proper security posture (PSF)
- Database security checklist
SAP has listed a series of whitepapers that give easy-to-understand, concise, and easy-to-implement information on how to improve the security of IT systems. The whitepapers cover various aspects of security, give recommendations for system configurations, and provide support needed for the implementation of SAP security fixes.
- SAP Cloud Platform security
- SAP’s guidelines for data protection
- Securing the SAP SDLC
- SAP security management
- Protecting SAP applications against attacks
Cyber Degrees offers a comprehensive directory of universities and colleges that offer cyber security degrees along with information on career paths that you can choose within the cyber security field. It also gives you a wealth of information on various professional security certifications, free online courses in security-related topics, and more.
- Search for degree programs based on areas of interest and state
- Lists of cyber security jobs
- Lists of online degree programs
- Cyber security resources and FAQs
This site, designed for individual job seekers and recruiters, lists thousands of cyber security jobs along with information about salaries, career options, and more. You can apply for a job and manage your job applications on this site.
- Allows you to filter job listings based on keywords and location
- FAQs for candidates
- Ability to search for full-time, contract, or part-time jobs based on your requirements
Indeed is a job portal that facilitates a two-way match between the employer and the candidate. You can upload your resume to allow employers to find you. Moreover, it also lists more than 40,000 security related jobs that you can apply for.
- Search for jobs in leading companies
- Filter jobs according to salary requirements
- Browse jobs in your preferred state