Summary

To excel in a cloud security career by 2024, one should focus on mastering Infrastructure as Code (IaC), understanding Serverless architectures, and implementing Security Automation, as these skills are essential for cloud environments and can differentiate a professional in the field.

Abstract

The article emphasizes the importance of developing specific cloud security skills to stand out in the industry by 2024. It suggests that while cloud security certifications are popular, they are not enough to distinguish oneself. Instead, professionals should concentrate on learning Infrastructure as Code (IaC) to efficiently manage cloud resources through automated code, which enhances security and scalability. Additionally, understanding Serverless computing is crucial, as it represents the future of cloud applications, shifting the security focus solely to the application code. Lastly, the article highlights the significance of Security Automation, leveraging cloud-native tools to create automated workflows for incident response and continuous security monitoring, effectively replacing the need for constant human oversight. These skills are provider-agnostic and applicable across AWS, Azure, and Google Cloud platforms.

Opinions

The author believes that cloud security professionals often overlook the importance of IaC, which is a mistake as it is fundamental for cloud infrastructure management and security.
There is an opinion that Serverless architectures are underappreciated by cloud security professionals, who need to understand them to secure this emerging technology effectively.
The article suggests that reliance on third-party tools can be reduced by learning to read and understand IaC templates directly.
The author expresses that Serverless computing is reaching its full potential and will be a significant part of the cloud's future, necessitating a shift in security practices.
Security Automation is seen as a key advantage of cloud environments, allowing for the creation of responsive, automated security workflows that improve upon traditional on-premises solutions.
The author advocates for the use of AI-powered tools like ChatGPT and Amazon CodeWhisperer to facilitate the learning process and enhance the capabilities of security professionals in the realm of IaC and Serverless technologies.
The author encourages cloud security professionals to engage with these skills proactively to stay competitive and prepare for the evolving landscape of cloud security.

Learn these Cloud Security skills to succeed in 2024

These skills will boost your cloud security profile and make you stand out

2024 is right around the corner and if you are planning to start a Cloud Security Career in it would be a good idea to know skills to focus on.

As full-time employees, we have to be smart about using our time, so prioritizing what to learn is very important.

I have already written about what cloud security certifications you can choose in 2024, which you can read about below

The Ultimate Guide to Cloud Security Certifications For 2024

Choose Your Cloud Security Cert with this guide

taimurcloud123.medium.com

But the problem with cloud security certifications is that EVERYONE is doing them.

What are the other skills that make you stand out?

Here are some of the key cloud security skills you should start developing to stand out

The good thing is that these skills are independent of any provider and scale across AWS, Azure, and Google Cloud.

1. Infrastructure as Code

If you are working in the cloud, then there is no escape from Infrastructure as Code as it is one of the most essential skills you need.

The good news is that GenAI tools like ChatGPT have made it extremely simple to learn and generate code !

IaC, like its name, basically means you define Infrastructure in a code template which is then processed by the provider and converted into actual infra in the cloud.

A few lines of code like the one below will let you spin up a complete server in the cloud.

IaC lets you implement proper automation, as no one in a proper cloud environment will provision hundreds of servers through a management interface.

All of them will be using IaC templates like Cloudformation or Terraform.

There are also numerous security benefits like complete visibility, code review, and immutability.

Most cloud security professionals do not bother learning about IaC and miss out on detecting many security issues early on. Do not rely on too much of third-party tools, and learn how to read IaC templates yourself.

If you are serious about learning IaC, then I would suggest starting with the basics of Terraform, which can be used in any cloud environment

2. Serverless

Serverless can be considered the cloud reaching its full potential as CIOs can forget worrying about underlying operating systems or runtime environments and focus on delivering applications.

Serverless is an execution model with full abstraction of the environment. Only code exists to run (and secure!).

In a Serverless model, there is no server to patch or scan and no network boundary to protect; the total security weight falls on the application code.

It always amazes me how many Cloud Security professionals are unaware of Serverless functions and how to secure them.

Suppose a cloud security professional cannot write a simple “Hello World” function in Serverless.

In that case, this needs to be addressed ASAP, as they will find themselves lost when trying to understand this unique operating model of the cloud.

Try creating some simple serverless functions and get to grips with this new model.

You do not need to be a coding master at getting to grips with serverless. Tools like ChatGPT and Amazon CodeWhisperer have made serverless MUCH more easier to understand and play around with

It will make you stand out from the competition and enable you to move towards full security automation, which brings us to the next point

3. Security Automation

This skill builds on the previous one, as automation is one of the key advantages the cloud has over on-prem.

Once you realize you can make services talk to each other, you can create complete workflows without any human involvement whatsoever easily in the cloud.

While you can do automation on-prem, the ease and power of the cloud simply give it a far superior advantage.

By understanding how cloud events happen and writing a few serverless functions to respond to them, you can automate your response to security issues in the cloud.

Think of Serverless and Automation as a 24/7 security analyst in the cloud, just waiting for something to happen and respond.

As an example, take a look at the below workflow, which you can read about here in which a complete security incident response workflow has been created just using native AWS services without a single third-party solution in sight!

https://aws.amazon.com/blogs/compute/orchestrating-a-security-incident-response-with-aws-step-functions/

Thanks for reading this !

If you are interested in taking your Cybersecurity Career to the next level 🚀 then check out my Cybersecurity Career Accelerator Course here.

Taimur Ijlal is a multi-award-winning, information security leader with over two decades of international experience in cyber-security and IT risk management in the fin-tech industry. Taimur can be connected on LinkedIn or on his YouTube channel “Cloud Security Guy” on which he regularly posts about Cloud Security, Artificial Intelligence, and general cyber-security career advice.

PlainEnglish.io 🚀

Thank you for being a part of the In Plain English community! Before you go:

Be sure to clap and follow the writer️
Learn how you can also write for In Plain English️
Follow us: X | LinkedIn | YouTube | Discord | Newsletter
Visit our other platforms: Stackademic | CoFeed | Venture