Red Teaming
mto,
Nov 22
2022
It’s no secret that cloud security is a hot field.
In fact, when we analyzed the skills of 657 cybersecurity teams that competed in our 2022 Business CTF event, we discovered that many underperformed when tackling cloud security challenges. This gap demand for talent presents a massive opportunity for those willing to specialize in cloud cybersecurity.
But where should your journey to becoming a cloud cybersecurity engineer (CSE) start? And what does a CSE actually do?
In this guest post, we invite Mateusz Gierblinski, a former Cloud Security Engineer at NVISO, to share insights about breaking into this fast-growing field.
Forever hungry for his next challenge, Mateusz started off in entry-level IT support and progressed to Sysadmin (ironically after being frustrated with the practices of other admins) before his role as Cloud Security Engineer at NVISO. He was also ranked among the top three HTB players in Belgium at one point!
90% of 610 IT leaders surveyed in the 2022 IDC/Cloudreach survey consider cloud technology essential for survival, and 70% see the gaping cloud skills gap as an urgent concern. In other words, the tech world cannot ignore the cloud for much longer as its presence and importance continue to grow.
Job security and pay are therefore some of the many obvious benefits of choosing a career in cloud security. I’ve also noticed that the cloud market is less saturated with talent in comparison to other fields (such as penetration testing) and holds many opportunities for progression.
And if you get bored easily or simply enjoy challenging yourself (like me), specializing in cloud security means exciting opportunities to learn new technologies and grow your skills!
Suggested read: 18 SOC analyst interview questions and answers
CloudSec centers around building and maintaining security for anything deployed with given cloud providers. As a former cloud security engineer, I’d help build, maintain, upgrade and continuously improve cloud networks and cloud-based systems that are responsible for the operation of secure infrastructure, platforms, and software.
It’s a field that’s still emerging and defining itself, so responsibilities may differ from role to role. Examples of tasks and projects I’ve worked on include:
Investigating and creating technologies to enhance the security of cloud-based environments.
Implementing security solutions such as Microsoft Defender for Endpoint.
Conducting cloud security assessments based on industry best practices.
Assessing client environments.
Performing threat simulations.
Most cloud security engineers come from various backgrounds, but I’ve noticed some prerequisite skills and foundational knowledge that are crucial for a career in cloud security:
I worked for several companies in my early 20s where I learned about servers and networking systems (often poorly configured) by setting up shares, group policy objects (GPOs), users, group permissions, and roaming profiles. The foundational knowledge and experience I gained (alongside extracurricular learning) enabled me to improve system security and still serves me well today.
I encourage anyone looking into a cloud security career to prioritize developing a solid grasp of networking fundamentals because cloud environments still need servers, switches, and routers. So spend plenty of time learning about TCP/IP and the fundamentals of networking. Learn Linux. Take the Introduction to Networking course on the HTB Academy. I’d also recommend IppSec’s videos, LiveOverflow, Github, and Hacktricks.
Free course on networking
Learn the core networking concepts that are fundamental for any IT career.
Practical, offensive experience within cloud environments is essential. Learning how to attack vulnerabilities will teach you how to defend against them. Even if you’re aiming for a more blue team role, defensive teams need to have some red teaming experience to understand how attackers think.
Play the AWS Fortress
Dive into the HTB Fortress from AWS that features a wide variety of realistic and current techniques, ranging from web exploitation to cloud privilege escalations for services used by thousands of businesses in over 190 countries worldwide.
Hands-on experience also makes your resume stand out to potential recruiters. This is where HTB’s offensive cloud security training will help. You can pick Azure, AWS, and GCP cloud environments and learn:
Enumeration (specific to the cloud environment you choose)
Exploitation of serverless applications
Exploiting misconfiguration
Lateral movement
Local privilege escalation
Mitigations and best practices
Situational awareness
Tip: Hack The Box's Cloud Track is a great way to exercise your knowledge of cloud exploitation vectors.
Security is job zero at AWS. As a penetration tester, it’s crucial to continuously learn and hone new techniques. Lots of our cloud security engineers across Amazon use Hack The Box and the various challenges they offer to keep their skills up to date.
Tobias Grimm, Penetration Testing Engineer at Amazon Web Services
Good IT is lazy. Learn to automate as much as possible to limit the number of mistakes you can make.
Computers are good at repetition; we humans are not. Invest the time to learn languages like Python for scripting, Kusto Query Language (KQL) to query data, and Terraform to build your infrastructure using code.
As a cloud security engineer, you will be monitoring your environment for anomalies and fixing any security issues. But you cannot protect what you do not understand, so spend enough time reading documentation and trying things yourself.
“Hey Mateusz, would you be interested in joining our cloud security team?”
I didn’t expect to receive a response from NVISO, but here was the invitation to present to the recruiting team and prove my knowledge.
I had to prepare a case study and give a presentation to an audience of three. It was of the most nerve-racking experiences of my life, and I felt like I butchered the presentation.
The days following the panel presentation were hard. I didn’t hear back from the team, so I chalked it up as a loss and started applying for other cybersecurity jobs. But then I got a call from the hiring manager. I landed the job on the CloudSec team!
The point of this story? Adequate presentation and communication skills are vital for leveling up your cybersecurity career. I wouldn't have got the job offer If I relied solely on my technical skills and knowledge.
The days of being awkward, socially challenged nerds are behind us. As cybersecurity professionals, we need to communicate effectively with our team members, manage conflicts, set boundaries, clear misunderstandings, and secure buy-in from executives and decision-makers – especially in a field like cloud cybersecurity where responsibilities and job roles may vary.
Everything felt alien to me when I started working in cloud security. I had (and still do) learn a lot. If you're interested in becoming a cloud security engineer yourself, I’d recommend the certifications listed below. Start with whatever is most relevant to the role you’re looking for and your current skill level:
For Amazon Web Services (AWS) Certified Cloud Practitioner certifications I’d recommend:
Being both an expert in Azure and AWS can be difficult, if not impossible, so choose one provider to begin with.
Master Cloud Security
Attack corporate-level cloud environments
Improve defensive skills
Get a certificate of completion (along with 40 CPE credits per lab)
Author bio: Mateusz Gierblinski (mto), Senior Linux System Administrator at IDalko Mateusz Gierblinski is a former NVISO Cloud Security Engineer and consultant. You can connect with him on LinkedIn or find him helping out in the Hack The Box community. |
Blue Teaming
Odysseus (c4n0pus), Dec 20, 2024