I am making the study plan irrespective of job role under GCP Security category. It can be Cloud Security Analyst, Cloud Security Researcher or Cloud Security Engineer or Cloud Security Operations Expert or Cloud Security Manager or Cloud Governance.
So, check how much you can cover and learn practically. The more you are good at these concepts, the better candidate you are for the job role. Also, I assume you have already checked and comfortable with Common Security Skills study plan.
My only suggestion here is ask below 4 questions while learning each topic/concepts etc.
- What is this? (For example: What is instance group, where it is used and why?)
- Why am I learning this specific service or concept now? Will it help me for my job role and in future?
- How can I implement this? (Practical aspects, hands-on knowledge always have an extra edge)
- How it will make secure or how to make it secure depending upon the topic or concept?
I am listing only the topic name with few lines and possibly some examples. How much you learn and comfortable with the concept or topic is upon you. And I will share the minimal link to make you up to the mark and you are free to learn anything more than this for better candidacy and experience.
- What does this service do?
- What problem it would solve for the business?
- Security Best Practices guide for GCP services. Ex: GCS security best practices, VPC security best practices.
- What permissions you should provide for each role or principal or service account to maintain the least privilege principle.
- How it is being used, can there be some security misconfiguration if not configured properly. If so, what are the security guideline to configure it.
- Is multi-tier, multi region required for this service?
- How data at rest and data in transit can be achieved?
- Is logging required? If so, how are you going to log and what data and till what period
- Are we monitoring it? what's the reason for Yes or No?
- Any specific security settings for that service like Bucket Permissions for specific GCS bucket
To understand and use GCP resources effectively from security standpoint, you must understand common resources which an organization would use. Below are some important resources which you need to understand as you are either the cloud solution engineer or cloud architect.
It's very important topic for any cloud role. Try to understand it practically as much as your job demands.
- Start with GCP IAM official doc
- Understand IAM roles and permissions is 2nd important thing to excel in IAM concepts
- User, Group, Roles and when to use when and don't forget to ask why this, why not that
- Custom role vs Google Managed role
- Cross-Account IAM policy to different roles, services, account
- Understand the IAM policy from security mindset. Why this, why not this?
- Using IAM Securely
What I mean to say here is:
- GCP core services related to security
- GCP Security services hands-on knowledge
What are these?
These are the core services:
- IAM, super important
- Compute Instances
- GCS (Storage Object)
- VPC, I feel it as the toughest one so far apart from GKE
- CloudSQL (RDS)
- Bigtable (NoSQL)
- API Gateway
- GKE
- Cloud Run
- Cloud Function
- Cloud Composer
- BigQuery
- DataStore
- DataProc
- Secret manager
- Cloud Key Management
Below are GCP Core Security services that you should know and try hands-on as much as possible
- IAM Policy Analyzer
- IAM Organization Policies
GCP has awesome lists of whitepapers related to GCP Security. We are adding few important one here. You can anytime check more for updated or new security whitepapers here
And don't forget to bookmark GCP Security bulletin for new vulnerabilities' news from here
- GCP Overview - One of the important whitepapers to understand an overview of GCP
- Introduction to GCP Security Whitepaper
- Google Cloud Security Foundation Guide
- GCP Well-Architected Security Pillar
- Risk Governance of Digital Transformation
- GCP Security Checklist
- Google Infrastructure Security Design Overview
- NIST Cybersecurity Framework in the GCP cloud
- NIST 800-144 Security and Privacy in Public Cloud Computing
- A Damn Vulnerable GCP Infrastructure GCPGoat
- Try out the scenarios in Cloud Goat
- GCP Pentest Labs
- GCP Pentesting
- CIS Benchmark for Google Cloud. You can download pdf version from here
- CSA Cloud Matrix and STAR Framework
- NIST CSF for GCP
- ISO 27017
- GCP Cloud Security Features
- GCP Full Course from Intellipat
- Google Cloud Security Fundamentals - Level 1
- Managing Secuirty in Google Cloud
I have a separate repo for GCP Security interview questions. I will keep it updated time to time. You can star it or fork it.