# Security on AWS This page contains links for folks looking to build their skills on all things security related within AWS Disclaimer: This page only contains public and no identifying information about persons or organisations that isn't already in the public domain. # TL;DR - AWS Security Learning Plan https://aws.amazon.com/training/learn-about/security/ is a 10 hr self paced collection of reading, labs and videos that are free to access. Check out the following links: - Start the Security Learning Plan takes you to the AWS Skill Builder site where you can enroll and then track your progress. It starts with the Learning Plan Structure and provides a pathway to the AWS Certified Security Speciality certification - Download the Security Ramp-Up Guide lists the full learning plan contents and provides quick links. Use this if you want to choose your own adventure. # Labs and Facilitated Training For those who want an instructor led or facilated security on AWS pathway then these options apply: - Classroom training led by an AWS instructor https://aws.amazon.com/training/classroom/?lasec=sec&sec=ct - Labs you can do yourself or your SA and Account Team can run immersion days and virtual or face to face workshops. Browse the catalogue of AWS Security Workshops at https://workshops.aws/categories/Security - The Startup Security Baseline lab is a good place to start. This lab is 100 level and contains a summary of the controls in the lab that is a useful checklist for those new to managing the security of AWS accounts. https://catalog.workshops.aws/startup-security-baseline/en-US/b-securing-your-account - For Security Hub check out - SIEM on Amazon OpenSearch Service Workshop (200 Level) - Integration, Prioritization, and Response with AWS Security Hub (300 Level) - Scaling threat detection and response on AWS (300 Level) - Building Prowler into a QuickSight powered AWS security dashboard (300 Level) - Visualize Security Hub Findings using AWS Analytics Services (300 Level) - AWS Incident Response Playbooks Workshop (400 Level) - The AWS Well Architected Labs (Security) also provide another option for self paced or Account team lead hands on experience. https://www.wellarchitectedlabs.com/security/?trk=c750fe34-f44f-43e1-bcc0-6219228839b9&sc_channel=el # Suggested Learning Plan Here's a suggested learning plan for a security team new to AWS. In between sessions inviduals can use the AWS Ramp Up Guide: Security to 'fill in the blanks' and learn more about topics of interest. https://d1.awsstatic.com/training-and-certification/ramp-up_guides/Ramp-Up_Guide_Security.pdf ## Introduction to AWS ### AWS Technical Essentials (1day) Schedule an AWS Technical Essentials class. These can be taken virtually https://www.aws.training/SessionSearch?pageNumber=1&courseId=10012&languageId=1&countryName=AU or in person scheduled for your organisation. This course will provide you with a broad first look at (100 level) compute, storage, networking, database, security and management. This class has a cost per person. ## Security Focused Training Here we'll include a mix of self paced, lab and classroom training. You'll want to space these out each fortnight to allow folks to enhance their understanding by choosing topics of interest in https://d1.awsstatic.com/training-and-certification/ramp-up_guides/Ramp-Up_Guide_Security.pdf ### AWS Security Fundamentals (1day) - AWS Security Fundamentals is an instructor led class that focuses on security of infrastructure using the AWS Shared Responsibility Model. Virtual classes at https://www.aws.training/SessionSearch?pageNumber=1&courseId=44517&languageId=1&countryName=AU . Reach out to your AWS Account team to schedule a class for your organisation. This class has a cost per person. ### Hands on Labs This series of labs will apply the learnings from AWS Technical Essentials and Security Fundamentals in practical, hands on labs. All these labs can be found at https://workshops.aws/categories/Security NOTE: You can combine two labs of 3 hours or less into a single day. These labs are free when part of an immersion day delivered by your account team. - Startup Security Baseline (100 level - 6 hours) - SIEM on Amazon OpenSearch Service Workshop (200 level - 3 hours) - Integration, Prioritization, and Response with AWS Security Hub (300 Level - 4 hours) - Scaling threat detection and response on AWS (300 Level - 3 hours) - Building Prowler into a QuickSight powered AWS security dashboard (300 Level - 3 hours) - Visualize Security Hub Findings using AWS Analytics Services (300 Level - 3 hours) Optional but applicable to those folks with a dual security and data analytics interest ## Wrap and Game Day A great way to wrap up a series of training and hands on sessions is to have a game day where folks or small teams compete against the clock and each other. - The AWS Well Architected Security Quests can be applicable here. https://www.wellarchitectedlabs.com/security - This can be planned after training has commenced.