Competencies: Security > Cloud Security

Cloud Security

Body of Knowledge

Topic	Description	Relevance	Career Tracks
Cloud Security Fundamentals	Shared responsibility model, cloud security architecture, multi-tenancy risks, data residency, cloud-native security patterns.	Critical	Cloud Security Engineer, Security Architect
AWS Security	IAM policies, Security Hub, GuardDuty, CloudTrail, Config, WAF, KMS, Secrets Manager, VPC security, S3 bucket policies.	Critical	Cloud Security Engineer, AWS Engineer
Azure Security	Entra ID (AAD), Defender for Cloud, Sentinel, Key Vault, NSGs, Azure Policy, Conditional Access, RBAC.	High	Cloud Security Engineer, Azure Engineer
GCP Security	Cloud IAM, Security Command Center, Cloud Armor, VPC Service Controls, Secret Manager, Cloud KMS.	Medium	Cloud Security Engineer, GCP Engineer
Cloud Identity & Access	Cloud IAM best practices, least privilege, service accounts, federated identity, cross-account access, permission boundaries.	Critical	Cloud Security Engineer, IAM Engineer
CSPM (Cloud Security Posture)	Misconfigurations detection, compliance monitoring, Prisma Cloud, Wiz, Orca, remediation automation.	High	Cloud Security Engineer, Security Engineer
CNAPP	Cloud-Native Application Protection, CSPM+CWPP convergence, runtime protection, shift-left security, supply chain.	Medium	Cloud Security Engineer, DevSecOps
Container Security in Cloud	EKS/AKS/GKE security, pod security policies, network policies, secrets, service mesh security, image signing.	High	Cloud Security Engineer, Platform Security
Serverless Security	Lambda/Functions security, execution role permissions, event injection, secrets handling, cold start attacks.	Medium	Cloud Security Engineer, Serverless Developer
Cloud Network Security	VPC design, security groups, NACLs, private endpoints, PrivateLink, transit gateway security, WAF placement.	High	Cloud Security Engineer, Cloud Network Architect
Cloud Logging and Monitoring	CloudTrail, CloudWatch, Azure Monitor, log retention, security analytics, threat detection, cost considerations.	High	Cloud Security Engineer, SRE

Topic

Description

Relevance

Career Tracks

Cloud Security Fundamentals

Shared responsibility model, cloud security architecture, multi-tenancy risks, data residency, cloud-native security patterns.

Critical

Cloud Security Engineer, Security Architect

AWS Security

IAM policies, Security Hub, GuardDuty, CloudTrail, Config, WAF, KMS, Secrets Manager, VPC security, S3 bucket policies.

Critical

Cloud Security Engineer, AWS Engineer

Azure Security

Entra ID (AAD), Defender for Cloud, Sentinel, Key Vault, NSGs, Azure Policy, Conditional Access, RBAC.

High

Cloud Security Engineer, Azure Engineer

GCP Security

Cloud IAM, Security Command Center, Cloud Armor, VPC Service Controls, Secret Manager, Cloud KMS.

Medium

Cloud Security Engineer, GCP Engineer

Cloud Identity & Access

Cloud IAM best practices, least privilege, service accounts, federated identity, cross-account access, permission boundaries.

Critical

Cloud Security Engineer, IAM Engineer

CSPM (Cloud Security Posture)

Misconfigurations detection, compliance monitoring, Prisma Cloud, Wiz, Orca, remediation automation.

High

Cloud Security Engineer, Security Engineer

CNAPP

Cloud-Native Application Protection, CSPM+CWPP convergence, runtime protection, shift-left security, supply chain.

Medium

Cloud Security Engineer, DevSecOps

Container Security in Cloud

EKS/AKS/GKE security, pod security policies, network policies, secrets, service mesh security, image signing.

High

Cloud Security Engineer, Platform Security

Serverless Security

Lambda/Functions security, execution role permissions, event injection, secrets handling, cold start attacks.

Medium

Cloud Security Engineer, Serverless Developer

Cloud Network Security

VPC design, security groups, NACLs, private endpoints, PrivateLink, transit gateway security, WAF placement.

High

Cloud Security Engineer, Cloud Network Architect

Cloud Logging and Monitoring

CloudTrail, CloudWatch, Azure Monitor, log retention, security analytics, threat detection, cost considerations.

High

Cloud Security Engineer, SRE

Personal Status

Topic	Level	Evidence	Active Projects	Gaps
No personal status recorded	—	—	—	—

Topic

Level

Evidence

Active Projects

Gaps

No personal status recorded

—