Services DevOps DevSecOps Cloud Consulting Infrastructure Automation Managed Services AIOps MLOps DataOps Microservices πŸ” Private AINEW Solutions DevOps Transformation CI/CD Automation Platform Engineering Security Automation Zero Trust Security Compliance Automation Cloud Migration Kubernetes Migration Cloud Cost Optimisation AI-Powered Operations Data Platform Modernisation SRE & Observability Legacy Modernisation Managed IT Services πŸ” Private AI DeploymentNEW Products ✨ ZippyOPS AINEW πŸ›‘οΈ ArmorPlane πŸ”’ DevSecOpsAsService πŸ–₯️ LabAsService 🀝 Collab πŸ§ͺ SandboxAsService 🎬 DemoAsService Bootcamp πŸ”„ DevOps Bootcamp ☁️ Cloud Engineering πŸ”’ DevSecOps πŸ›‘οΈ Cloud Security βš™οΈ Infrastructure Automation πŸ“‘ SRE & Observability πŸ€– AIOps & MLOps 🧠 AI Engineering πŸŽ“ ZOLS β€” Free Learning Company About Us Projects Careers Get in Touch
Homeβ€ΊBootcampβ€ΊCloud Security Bootcamp
πŸ›‘οΈ Bootcamp

Cloud Security Bootcamp

Defend Cloud Infrastructure Like an Adversary Thinks.

An advanced bootcamp on cloud security architecture β€” covering identity, network security, threat detection, incident response and red team fundamentals for AWS, Azure and GCP production environments.

Duration10 Weeks
Total Hours80 Hours
LevelIntermediate–Advanced
FormatOnline + Offline
CertificateYes
Enroll Now ← All Bootcamps
Delivery Format

Train How You Learn Best

πŸ’» Online β€” Live Instructor-Led

Live sessions via Zoom with a ZippyOPS practitioner. 4 sessions per week, all recordings provided. Ask questions in real time and get code reviewed live.

🏒 Offline β€” Chennai Lab Sessions

In-person at ZippyOPS Chennai labs. Mon–Fri batches. Lab machines provided. Direct hands-on access to instructors throughout every session.

Who Should Attend

Is This Bootcamp Right for You?

βœ… This bootcamp is for you if…

  • Security engineers moving into cloud or DevSecOps roles
  • Cloud engineers who want to own security responsibilities end to end
  • DevOps engineers preparing for security-focused certifications
  • Engineers targeting Cloud Security Engineer or Security Architect roles

πŸ“‹ Prerequisites

  • Solid understanding of cloud infrastructure β€” AWS, Azure or GCP
  • Basic networking β€” VPC, firewalls, DNS, TLS
  • Hands-on experience deploying cloud resources
Full Curriculum

What You'll Learn β€” Week by Week

01
Cloud Security Architecture Fundamentals
Week 1
β–Ύ
  • Shared responsibility model β€” what the cloud provider owns vs what you own
  • Cloud security reference architectures β€” AWS, Azure and GCP security pillars
  • Security domains β€” identity, network, data, applications and workloads
  • The attack surface of cloud environments β€” common initial access vectors
  • Cloud security maturity frameworks β€” CSA CCM, NIST CSF and CIS Controls
  • Lab: Audit an intentionally misconfigured AWS account and produce a prioritised remediation plan
02
Identity & Access Management
Week 2
β–Ύ
  • IAM fundamentals β€” users, groups, roles, policies and permission boundaries
  • Least privilege in practice β€” writing minimally scoped IAM policies
  • Cross-account access β€” role assumption, trust policies and external IDs
  • Privileged Access Management β€” just-in-time access and break-glass procedures
  • Federated identity β€” SSO, SAML, OIDC and identity provider integration
  • Lab: Redesign an overprivileged production IAM setup to least-privilege using automated policy analysis
03
Network Security
Week 3
β–Ύ
  • VPC design for security β€” public/private subnet architecture and DMZs
  • Security groups vs NACLs β€” stateful vs stateless controls and layering
  • AWS Network Firewall, Azure Firewall and GCP Firewall Policies
  • Private endpoints and PrivateLink β€” eliminating public internet exposure
  • VPC flow logs, traffic mirroring and network threat detection
  • Zero trust networking β€” micro-segmentation and service mesh mTLS
  • Lab: Implement a zero-trust network architecture for a multi-service EKS application with Istio mTLS
04
Data Security & Encryption
Week 4
β–Ύ
  • Encryption at rest β€” KMS, customer-managed keys and key rotation strategies
  • Encryption in transit β€” TLS configuration, certificate management and cert-manager
  • S3 bucket security β€” public access blocks, bucket policies and object-level logging
  • Database security β€” RDS encryption, parameter groups and access controls
  • Data classification and DLP β€” identifying and protecting sensitive data
  • Lab: Implement end-to-end encryption for a data pipeline using KMS-managed keys
05
Threat Detection & SIEM
Week 5
β–Ύ
  • AWS GuardDuty, Azure Defender for Cloud and GCP Security Command Center
  • CloudTrail and audit logging β€” tamper-proof audit trails across all services
  • Microsoft Sentinel and AWS Security Hub as cloud-native SIEM solutions
  • Threat intelligence integration β€” IOC feeds and automated blocking
  • Lab: Build a cloud SIEM that detects and alerts on 10 common attack scenarios
06
Container & Kubernetes Security
Week 6
β–Ύ
  • Kubernetes threat model β€” control plane, node, container and workload attack vectors
  • Pod Security Standards β€” privileged containers, host namespaces and capabilities
  • RBAC β€” designing minimal permissions for service accounts and users
  • Network policies β€” implementing default-deny and service-to-service segmentation
  • OPA Gatekeeper and Kyverno β€” policy-as-code for admission control
  • Falco β€” runtime threat detection for container workloads
  • Lab: Harden a Kubernetes cluster from default configuration to CIS Benchmark compliance
07
Penetration Testing Fundamentals
Week 7
β–Ύ
  • Ethical hacking methodology β€” reconnaissance, scanning, exploitation, post-exploitation
  • Cloud enumeration β€” identifying misconfigurations with Scout Suite and Prowler
  • AWS privilege escalation techniques β€” common paths from low-priv to admin
  • Container escape techniques β€” understanding breakout vectors and prevention
  • Web application attacks β€” SQL injection, XSS, SSRF and how to test for them
  • Lab: Conduct a structured penetration test against a deliberately vulnerable cloud environment
08
Incident Response in the Cloud
Week 8
β–Ύ
  • Cloud incident response lifecycle β€” detect, contain, eradicate, recover, retrospect
  • Evidence preservation β€” forensic acquisition without alerting attackers
  • AWS incident response β€” isolating EC2, revoking IAM keys, capturing memory
  • Container incident response β€” capturing container state and forensic artefacts
  • Runbook design β€” pre-approved automated responses for common incident types
  • Lab: Detect, contain and investigate a simulated account compromise with full chain-of-custody
09
Compliance & Governance Automation
Week 9
β–Ύ
  • CIS Benchmarks β€” Level 1 and Level 2 controls for AWS, Azure and GCP
  • AWS Config rules and Azure Policy β€” automated compliance assessment
  • SOC 2, ISO 27001 and HIPAA controls mapped to cloud controls
  • ArmorPlane β€” continuous CIS compliance scanning with auto-remediation
  • Audit evidence collection and security reporting for auditors
  • Lab: Implement CIS Benchmark compliance for an AWS account with real-time scoring dashboard
10
Capstone Project
Week 10
β–Ύ
  • Full cloud security architecture review and hardening of a provided AWS environment
  • IAM redesign to least privilege using automated policy analysis
  • Network security β€” VPC redesign with private endpoints and firewall rules
  • Threat detection β€” GuardDuty, Security Hub and custom CloudWatch alarms
  • CIS Level 2 compliance via ArmorPlane with automated remediation
  • Live architecture review and red team exercise with ZippyOPS security engineers
On Completion

Earn Your ZippyOPS Certificate

πŸŽ“
ZippyOPS Certified Cloud Security Engineer (ZCCSE)

Validates deep practical knowledge of securing AWS, Azure and GCP environments β€” identity, network, detection, response and compliance β€” through real-world lab assessments.

Enroll Today

Ready to Level Up?

Seats are limited per batch. Contact us to check availability and get full pricing for the next online or offline cohort.

Enquire & Enroll ← All Bootcamps
Scroll to Top