Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Are You a Fit for CSA’s Advanced Cloud Security Practitioner (ACSP) Training?

Are You a Fit for CSA’s Advanced Cloud Security Practitioner (ACSP) Training?

Blog Article Published: 12/07/2023

Written by Rich Mogull, CEO at Securosis.

Over a decade ago, there was a significant lack of cloud security skills and knowledge within the industry. We developed the CCSK+ training class as a “101” level training to help security professionals move into the world of cloud computing and gain an understanding of cloud fundamentals. CCSK has evolved over the years, but considering it’s still one of the most popular cloud security training options out there, I think we did a pretty decent job of designing a class that builds a foundation for the cloud security professional journey.

However, around 2015, I started to notice an increasing demand for harder cloud security technical skills. Security professionals were looking to take the next steps and operationalize their skills as their organizations dramatically increased their use of cloud. In 2016 I tested the waters at Black Hat with “Advanced Cloud Security and Applied DevSecOps,” which we further refined with CSA to transform into the Advanced Cloud Security Practitioner training course. Read on to learn what the ACSP is and if you’re the right fit for the course.

What is the ACSP?

The ACSP is an advanced multi-day course that teaches you how to build an enterprise-scale cloud security program from the practitioner point of view. This is a different perspective from the trainings and certifications from cloud service providers, which focus on learning how to effectively use their products and capabilities. The ACSP starts with your organization’s design and then covers the major domains of a cloud security program and how to design and operate them.

The ACSP covers Service Control Policies; centralized security telemetry; IAM; building shared services; workload, data, and network security (including different network models and use of service endpoints); running open source assessment tools; CI/CD pipelines; automated security testing; and even a little incident response.

I try to minimize lecture and use labs to teach the lessons. No, you probably won’t implement things exactly as we do in the labs, but there is no replacement for seeing how it works in action, even if you’ll go a different route in your actual operations.

That’s how I like to position ACSP. There are better classes if you want to know the ins and outs of your provider’s services. There are classes that focus on particular domains like networking or application security. But this is the class if you want to know how to build a cloud security program, and what skills to develop.

Is the ACSP the Right Class for You?

If you’ve taken the CCSK+ or a technical training from your cloud provider, you are likely in good shape to get a lot out of the class, even if you can’t finish all the labs. That’s okay, I designed things so that nearly no one can get through every lab during the class period, otherwise it would be too easy. But you won’t lose out on learning the concepts and materials just because you fat fingered a command line.

This is also very practitioner focused. I’ve had some auditors and managers take it, but we present everything from an operations perspective.

Additionally, the labs are currently only in AWS. While we do discuss multi-cloud, there just isn’t enough time in class for hands-on labs on multiple providers.

The course is offered on an ad-hoc basis. If you are interested in signing up to be notified of our next course, you can fill out this form.

If you are a security professional that wants to level up your skills and see what it takes to build an enterprise-scale cloud security program, ACSP is a great choice.

Learn more about ACSP here.

Share this content on your favorite social network today!