Securing the Cloud #23

Securing the Cloud #23

Dive into AWS cloud security essentials, plus, career advice on starting at the bottom, spaced repetition for learning, and insights from AWS Security Hero Sena Yakut.

Brandon Carroll
Amazon Employee
Published Mar 25, 2024
Hello everyone. This week you're in for a treat! We will publish two editions of the newsletter. That's right. This edition, #23, was set to publish last week, but we had an issue with every single link in the article. We've sorted that out and will share #23 today, and #24 on Friday.
Welcome to the 23rd edition of the Securing the Cloud Newsletter! In this issue, we dive into the basics of cloud security on AWS, exploring the shared responsibility model, identity and access management, VPC security, encryption services, logging and monitoring, and incident response. Additionally, we'll discuss the importance of starting at the bottom when pursuing a career in tech, and the power of spaced repetition in mastering technical topics. Finally, we'll hear from a community voice sharing their insights on the journey of becoming a cloud security expert.

Technical Topic: Fundamentals of AWS Cloud Security

Technical Content
Fundamentals of AWS Security
I'm sure you know that cloud computing has become an integral part of modern business operations. As organizations embrace the flexibility and scalability of cloud platforms like Amazon Web Services (AWS), ensuring robust security measures is top of mind for most. Cloud security encompasses a broad range of practices and technologies designed to protect cloud-based systems, data, and applications from unauthorized access, cyber threats, and vulnerabilities. I wrote about the fundamental services you should know in this article. The content in this section of the newsletter summarizes what I shared there. Head over to that article for the details.

Shared Responsibility

At the core of cloud security lies the Shared Responsibility Model. This fundamental principle defines the security obligations shared between the cloud service provider (AWS) and the customer. AWS is responsible for securing the underlying cloud infrastructure, including the physical data centers, hardware, and virtualization layers. As the Customer, you are accountable for securing your applications, data, operating systems, network traffic, and identity and access management (IAM) configurations.

Identity Management

Another crucial part of securing your cloud environment on AWS is Identity and Access Management (IAM). IAM allows organizations to regulate and oversee which users can access AWS resources and what actions they can perform. It ensures that only approved individuals or applications have the necessary permissions to carry out specific tasks. By adhering to the principle of least privilege and employing multi-factor authentication (MFA), organizations can significantly reduce the risks associated with unauthorized access and potential data breaches.

VPC Security

Now, diving deeper into securing your AWS infrastructure, let's explore Virtual Private Cloud (VPC) security. VPCs serve as isolated sections of the cloud, allowing you to finely tune your network settings, routing configurations, and security protocols. Within VPCs, two core components stand out for network security: security groups and Network Access Control Lists (NACLs). Security groups act as virtual firewalls for EC2 instances, controlling both inbound and outbound traffic based on customizable rules. Complementing security groups, NACLs provide subnet-level traffic filtering, letting you establish an additional layer of defense against unauthorized network access and potential threats.

Other Topics

I also covered Encryption Services, Logging and Monitoring, and Incident Response in the original article. Again, head over there to read the full article.

GenAI: Learning about Security with PartyRock

I wanted to share a fun side project I've created: the AWS Security and Networking Trainer". It was a playful experiment to demonstrate the capabilities of generative AI in an educational context. If you're curious about blending technology with learning, check it out. It was created using PartyRock, a Generative AI playground created by AWS. It's completely free to use, and its a lot of fun.

Career Topic: Start at the Bottom, Climb to the Top

Career Topic
You have to start somewhere.
Finding a job in tech can be hard if you're not willing to start at the bottom. Too many people want to jump into a network or security engineer role with no experience when they should be thinking about a job that gets them some experience working with people and solving problems. This could be a help desk job or a services job like working for the phone company or cable company. But you have to get in, and these are good ways to start out.
Starting at an entry-level position allows you to gain invaluable hands-on experience and develop essential skills that will serve as a foundation for your future career growth. Help desk roles, for instance, provide opportunities to hone your problem-solving abilities, customer service skills, and technical knowledge. By working closely with end-users and troubleshooting various issues, you'll develop a deeper understanding of how technology operates and how to effectively communicate technical concepts to non-technical individuals.
Moreover, entry-level positions in the tech industry often expose you to a wide range of technologies and systems, broadening your horizons and allowing you to explore different areas of interest. This exposure can help you identify your true passions and strengths, guiding you towards the specialization that aligns best with your goals and aspirations.
Here are a few searches on LinkedIn to get you started:

Learning Topic: Mastering the Art of Spaced Repetition

spaced repetition
Use spaced repetition to learn cloud concepts
The advice this week should be around the idea of getting out of your own head and having the confidence that you can learn technical topics by employing the idea of spaced repetition. Spaced repetition is a method where the subject is asked to remember a certain fact with the time intervals increasing each time the fact is presented or said.
One effective example of spaced repetition is the use of flashcards. Create flashcards with technical concepts, definitions, or code snippets on one side, and the corresponding explanations or solutions on the other. Review these flashcards regularly, but with increasing intervals between each review session. For instance, you might review a flashcard after one day, then three days, then a week, and so on. This technique reinforces the information in your memory and helps you retain it for longer periods.
Another approach is to create a study schedule that incorporates spaced repetition. After learning a new concept or technique, revisit it periodically, gradually increasing the time between each review session. This could involve re-reading notes, watching instructional videos, or practicing coding exercises related to the topic.
Spaced repetition can also be applied to real-world scenarios. When you encounter a problem or task that requires a specific skill or knowledge, make a conscious effort to recall and apply what you've learned. This active recall process strengthens the neural pathways associated with that information, making it easier to retrieve and utilize in the future.
Here is an article that discusses how to use spaced repetition for cloud certifications.

Community Voice: Exploring the Clouds with Sena Yakut

Community Voices
Community Voices
This week's community voice comes from Sena Yakut, an AWS Security hero.
Sena says:
" Starting out in cloud security is like beginning a fun and challenging adventure. For me, it's a journey that keeps going, always offering new things to learn. To start well, we need to know cloud services from every angle, explore all features, and understand how they work. You should think of yourself as an explorer, always looking for new ways to keep the cloud safe. Also, you need to stay excited about technology and always be eager to learn more. You will read lots of stuff about security and the cloud – books, blogs, and online courses are great places to start. The more you learn, the better you'll get at keeping the cloud secure. With your enthusiasm and passion, becoming a cloud security whiz is inevitable."
Here is why Sena says it's important to follow and read content shared by the community:
"Sharing content is important for our community in lots of ways. First of all, when we deal with technical stuff every day, we often run into problems. It's so helpful when someone else has faced the same issue and figured out a solution they can share with us, it's a time saver. In addition to this, when we share what we know, it's not just for ourselves – it helps everyone else too. It's like giving a hand to your friends in need. Also, when we check out shared content, we get to see things from different perspectives. It's like getting fresh ideas that we might not have thought of on our own. And you know that saying, "the more, the merrier"? Well, it's the same with knowledge. When we all share what we know, it makes our community stronger and smarter together. So, by sharing content, we not only help ourselves but also uplift the entire community, making it a win-win situation for everyone involved."
Thank you for your insights Sena!
If you're not following Sena already, be sure to start doing that!
Links to relevant resources, articles, or discussions:


We hope you found this edition of the Securing the Cloud Newsletter informative and engaging. Remember, mastering cloud security is an ongoing journey, and staying up-to-date with the latest trends and best practices is crucial. If you have any questions or would like to discuss further, feel free to reach out to me. Don't forget to subscribe to the newsletter and share it with your friends and colleagues who might find it valuable. Together, we can continue to learn, grow, and secure the cloud. For more information about me and my work, visit my personal blog at https://brandonjcarroll.com.

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.