12Aug, 2024
Author Image Pat Saucier
Threat modeling with MITRE ATT&CK – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Threat modeling with MITRE ATT&CK

The MITRE ATT&CK framework has emerged as an interesting tool for organizations using AWS to understand, anticipate, and counteract cyber threats. This globally recognized framework offers a comprehensive matrix of tactics and techniques that are commonly employed by cyber adversaries. The MITRE ATT&CK for Cloud matrix, specifically, is tailored to address cloud environments. It provides insights into potential cloud-specific threats and vulnerabilities, which are particularly useful for AWS users.

Incorporating the MITRE ATT&CK framework into AWS security practices offers numerous benefits as it provides a structured methodology for understanding and anticipating potential threats within your AWS landscape. Here are its key integrations:

  • Mapping to AWS services: By aligning the ATT&CK framework with AWS services, organizations can gain detailed insights into potential attack vectors. This involves understanding how specific ATT&CK tactics and techniques can be applied to or mitigated by AWS services, such as EC2, S3, or IAM.
  • Utilization in security assessments: Incorporating the framework into security assessments allows for a more thorough evaluation of AWS environments. It helps in identifying vulnerabilities that could be exploited through known attack methodologies, thus enabling a more targeted approach to securing cloud assets. For instance, organizations can use the framework to simulate attack scenarios, such as a credential access attack, where an attacker might attempt to obtain AWS access keys through phishing or other methods.
  • Enhancing incident response: The framework can significantly improve incident response strategies. By mapping ongoing attacks to the ATT&CK matrix, incident response teams can more quickly understand the attacker’s Tactics, Techniques, and Procedures (TTPs), leading to faster and more effective containment and remediation.
  • Feeding continuous monitoring: The framework aids in the development of continuous monitoring strategies that are more aligned with the evolving threat landscape. It allows security teams to proactively look for indicators of attack tactics and techniques, enabling early detection of potential threats.
  • Developing customized threat models: Creating threat models based on ATT&CK scenarios tailored to AWS can significantly enhance defense strategies. For example, building a model around the exfiltration techniques can help in preparing defenses against potential data breaches from S3 buckets.
  • Developing red team exercises: Conducting red team exercises using ATT&CK-based scenarios provides a realistic test of AWS defenses. For example, simulating an attack where a red team uses lateral movement techniques to move between EC2 instances can test the effectiveness of network segmentation and access controls.

Building upon our discussion of MITRE ATT&CK and how to handle emerging threats in general, next, we will explore the wealth of resources available for continuous learning in AWS security.

1Dec, 2023
Author Image Pat Saucier
Leveraging resources for ongoing education – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Leveraging resources for ongoing education

The dynamic nature of AWS cloud technology and security necessitates continuous learning and adaptation. With AWS at the forefront of cloud innovation, there exists an extensive array of documentation, training programs, and community resources. This section aims to guide you through the wealth of information available so that you can learn about the latest in security practices and technologies in a way that aligns with your learning objectives. Let’s begin by establishing a learning path tailored to your specific goals in AWS security.

Building a personal learning path for AWS security

Developing a personal learning path in AWS security requires a thoughtful assessment of your current skills, career aspirations, and the specific knowledge areas you aim to master. Whether you are just beginning your journey in cybersecurity, aiming to become an AWS expert, or seeking to specialize in AWS security, setting clear career goals is the first step:

  • Identify your career goals: Determine if your objective is to become a cybersecurity expert with a broad understanding of various platforms, an AWS specialist who masters the intricacies of AWS services, or an AWS security expert focused on navigating the complex security landscape of AWS. For those aiming to excel in multi-cloud environments, understanding how AWS integrates with other cloud technologies will be crucial.
  • Prioritize your learning plan: Once you have defined your career trajectory, prioritize your learning objectives based on your role and goals. For cybersecurity professionals, gaining a deep understanding of cloud security fundamentals and threat landscapes across multiple platforms may be the starting point. AWS security specialists need to dive deeper into AWS security services, security automation, and compliance. Other AWS experts might seek to deepen their security knowledge to comprehend the security aspects related to their discipline, whether it be development, data science, or architectural design.
  • Resource selection: Choose resources that align with your learning style and objectives. AWS offers a wide range of learning materials, from documentation and whitepapers to workshops and certification courses, catering to different levels of expertise and areas of interest.

Let’s go through the different types of resources that AWS offers to bolster your security expertise.

12Nov, 2023
Author Image Pat Saucier
AWS security knowledge landscape – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

AWS security knowledge landscape

AWS provides an extensive array of resources that can be leveraged to support your ongoing education in AWS security. These resources are designed to cater to a wide range of learning needs, from foundational knowledge to advanced security techniques. Let’s learn more about them:

  • AWS whitepapers: Dive into AWS whitepapers for comprehensive insights into security best practices, architectural recommendations, and service-specific security advice. They serve as an excellent starting point, laying a solid foundation for understanding the principles behind AWS security measures and how they can be applied in real-world scenarios.
  • AWS security blog: This dynamic platform is regularly updated with insights from AWS security experts, offering deep dives into new features, security enhancements, and detailed guides on implementing AWS security services. The blog’s content is organized by product and by level (100, 200, 300, or 400), making it easy for readers to filter articles based on their expertise and areas of interest. Whether you are a novice in cloud security or an experienced professional, the AWS Security Blog provides valuable knowledge tailored to your learning curve.
  • AWS security announcements: Staying updated with the latest security announcements from AWS is crucial for maintaining the security integrity of your AWS environment. These updates include information on security patches, vulnerabilities, and compliance issues that may affect your services. Integrating these bulletins into an RSS aggregator is a proactive way to ensure you receive timely updates, enabling you to implement necessary security measures swiftly.
  • AWS documentation: The official AWS documentation is an indispensable resource for anyone working with AWS services. It covers detailed instructions on configuring and using AWS services, including security protocols and best practices. The documentation is regularly updated to reflect the latest service features and security guidelines, making it an essential reference for day-to-day operations and troubleshooting.
  • AWS Well-Architected Framework: This framework is pivotal for learning how to design and operate secure, high-performing, and resilient cloud applications. Its so-called Security Pillar in particular focuses on offering guidance for protecting data and systems. Learning through this framework enables you to assess and improve your architecture in alignment with AWS best practices, enhancing your ability to identify and mitigate risks.
  • AWS workshops: AWS workshops are interactive learning sessions that offer hands-on experience with AWS services, facilitating the practical application of theoretical knowledge. These workshops, categorized by level and topic, allow learners to select sessions that match their current skills and learning objectives. Opt for higher-level (300 or 400) security workshops to gain practical knowledge on implementing AWS security services and features.
  • AWS re:Post: As a user-driven Q&A community, AWS re:Post is a platform where AWS users can ask questions and share knowledge about AWS services, including security. It is an excellent resource for getting insights from real-world experiences and expert advice on specific security challenges.
  • AWS Q as your virtual mentor: Tap into AWS Q for an engaging and responsive learning experience, obtaining swift solutions to your AWS security questions. Whether you are addressing a particular challenge or looking for advice on security best practices, AWS Q serves as your on-demand guide, breaking down complex AWS concepts into understandable information. With its comprehensive coverage of AWS knowledge, including the topics discussed earlier, AWS Q is an essential resource for AWS learners of every level.

Incorporating these resources into your learning path allows for a structured and comprehensive approach to mastering AWS security. By staying informed about the latest developments and engaging with AWS security-related content, you can ensure that your skills remain sharp and relevant. Prioritizing your learning based on your career goals—whether you are aiming to be a cybersecurity generalist, an AWS expert, or a specialized AWS security professional—facilitates a focused and rewarding professional development journey in the realm of cloud security.

11Sep, 2023
Author Image Pat Saucier
Formal AWS certification program – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Formal AWS certification program

AWS certifications encompass a wide range of knowledge areas within AWS. They can be very interesting options for professionals seeking to validate and enhance their expertise. Opinions on the value of certifications in general vary widely and are often debated. I find certifications to be instrumental in setting goals for self-study and invaluable as a freelance AWS security consultant and instructor for demonstrating expertise and commitment to professional development.

Overview of the AWS certification program

AWS offers a series of certifications that can be instrumental for individuals aiming to develop and demonstrate their AWS knowledge. A considerable portion of each certification’s curriculum is devoted to security-related topics, accounting for 15% to 30% of the exam content, as outlined in the guide documentation for each specific exam. The exception to this range is the AWS Certified Security—Specialty exam, which is wholly centered on security topics.

For readers of this book embarking on their AWS learning path, the following certifications are particularly pertinent:

  • AWS Certified SysOps Administrator – Associate (SOA): This certification validates expertise in deploying, managing, and operating workloads. It also covers operational security to ensure VPCs and systems are secure and compliant.
  • AWS Certified Developer – Associate (DVA): Ideal for developers, this certification covers security concepts relevant to developing and maintaining secure applications on AWS throughout the CI/CD pipeline.
  • AWS Certified Solutions Architect – Associate (SAA): This certification focuses on designing secure and robust distributed systems using multiple AWS services. It covers aspects of network security, encryption, and access control, among others.
  • AWS Certified DevOps Engineer – Professional (DOP): Tailored to professionals involved in DevOps roles, this certification dives deeper into automation and security protocols for continuous delivery and the secure deployment of applications and infrastructures on AWS.
  • AWS Certified Solutions Architect – Professional (SAP): For advanced architectural skills, this certification includes designing scalable and secure solutions across diverse AWS projects and services.
  • AWS Certified Security – Specialty (SCS): Specifically tailored for security experts, this certification is crucial for those looking to prove their knowledge of AWS security services and best practices. It is highly relevant to you as it offers deep insights into AWS-specific security considerations.
  • AWS Certified Advanced Networking – Specialty (ANS): This certificate demonstrates mastery in architecting and operating highly available, secure network solutions on AWS. It’s ideal for network engineers and security specialists responsible for robust network infrastructure.

With an understanding of the key AWS certifications to target, let’s proceed to examine the wealth of resources and study strategies to ensure your success in these exams.

12Jul, 2023
Author Image Pat Saucier
Resources to prepare for your next exam – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Resources to prepare for your next exam

Preparing for an AWS certification exam demands a methodical study approach and the right resources:

  • Official exam page: Start with the official AWS certification web page, where you can find exam guides detailing the content areas covered. Ensure any training material you use is aligned with the correct exam number and version.
  • Online video courses: Platforms such as Udemy and Coursera offer video courses by highly recognized authors. These courses are very cost-effective and can be valuable for those who like learning from videos. Search for the most reviewed and recently updated courses, avoiding content older than 2 years.
  • Books: Investing in a well-reviewed book tailored to the targeted AWS certification exam can provide in-depth knowledge to study at your own pace. Note that this book itself, while not an exam guide, can complement your study plan with practical AWS security knowledge, enriching your preparation for any exam.
  • AWS Skill Builder: This platform is excellent for an official overview and exam preparation questions, although it may not be free.
  • Cloud Academy: This platform offers structured learning paths for AWS certifications, including hands-on labs and quizzes.
  • Tutorial Dojo: This platform provides a mix of free and paid content, including practice exams and cheat sheets that are highly regarded for exam preparation.
  • AWS exam preparation webinars: AWS regularly hosts webinars focusing on exam preparation, offering insights into the exam structure and tips for success.
  • Instructor-led classroom training: Though often the priciest option, they offer intensive, focused training sessions that can significantly boost your understanding and readiness for the exam. Perform due diligence and prefer official training delivered by AWS-accredited instructors in case of doubt.
  • Mentoring and peering: Connecting with peers or finding a mentor who has successfully navigated AWS certifications can provide personalized advice and encouragement.

Having explored the key resources that are available for your exam preparation, let’s move on to practical advice and strategies that can enhance your study routine and performance.

16May, 2023
Author Image Pat Saucier
Personal advice from an experienced exam taker – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Personal advice from an experienced exam taker

Having taken more than 20 exams in my career and only failing two on the first attempt, I recommend the following strategies for effective exam preparation:

  • Diversify learning resources: Use at least two different types of learning resources to cover all bases and limit the risk of bias from specific authors – for example, a Udemy video course and a book, or a video course and a Cloud Academy learning path.
  • Develop a detailed learning plan: Structure your study time and topics to cover comprehensively. Set achievable goals, regularly assess your progress, and adjust your plan as necessary to stay on track.
  • Schedule your exam date and time: Booking your exam in advance gives you a clear deadline to work toward. Schedule your exam for when you are most alert and focused. For many like myself, the morning is ideal. Additionally, after booking your exam, consider giving a call or sending an email to the exam center. Some centers are infrequently used, and issues such as no staff presence on the exam day can occur, leading to lengthy rescheduling frustrations.
  • Practice with exam quizzes: Engage in extensive quiz practice, focusing on retaking failed questions and undertaking full new quizzes to simulate the exam experience and improve time management. Aim to consistently score above 80% on fresh quizzes to gauge your readiness for the real exam day.
  • Manage time: Always aim to answer all questions as guessing yields a better success rate than leaving answers blank. Calculate the time per question and set easy-to-remember milestones. As an example, the CSC exam requires 65 questions to be answered within 170 minutes, which means you should allocate 2.5 minutes and 37 seconds for each question. Aim to answer 12 questions after the first 30 minutes, 24 questions by the 60-minute mark, and so on.
  • Prefer in-person exams for lengthy tests: While online proctoring allows for taking an exam from home, it can be overly strict, risking disqualification for minor infractions. My preference is to opt for test centers to avoid these issues.

Moving on from the AWS certification, let’s delve into continuous professional development, emphasizing the power of participating in events and networks.

15Mar, 2023
Author Image Pat Saucier
Engaging in continuous professional development – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Engaging in continuous professional development

Continuous professional development is essential for staying current in the rapidly evolving field of cloud computing and AWS security. Engaging in such activities ensures that professionals not only maintain their skills and knowledge but also stay ahead of new AWS technologies and security best practices. Let’s go through strategies for engaging in continuous learning and professional growth.

Participating in webinars

AWS and other reputable platforms frequently host webinars covering a broad spectrum of topics, from unveiling new services to comprehensive explorations of specific security practices. These sessions, which are often led by field experts, present a prime opportunity to stay abreast of the latest trends and best practices in AWS security. The majority of these webinars are offered free of charge, providing an accessible avenue for broadening your knowledge. Engaging in these webinars not only enhances your expertise but also facilitates interaction with professionals and allows for direct questioning. Here’s how to derive maximum benefit from these learning opportunities:

  • Select relevant topics: Focus on webinars and courses that align with your career goals and areas where you seek improvement or deeper knowledge.
  • Engage with experts: Most webinars offer Q&A sessions. Take advantage of these opportunities to engage directly with AWS experts and gain insights that are not readily available in written content. It is also common to connect with speakers on LinkedIn post-event. Seize the opportunity to expand your professional network and deepen your understanding.
  • Dedicate time for learning: Schedule regular slots in your weekly or monthly schedule for attending webinars or progressing through online courses, treating them as essential components of your workweek.
  • Apply learned concepts: After attending a webinar, look for AWS workshops or consult the AWS Security Blog for posts that offer hands-on applications related to the topics discussed. This approach helps bridge the gap between theoretical knowledge and practical implementation.
  • Become a speaker: Consider sharing your expertise by becoming a webinar speaker. This not only enhances your visibility within the professional community as a thought leader in AWS security but also deepens your understanding of the subject matter as you prepare your presentation.

The following platforms are known to regularly host webinars related to AWS security:

  • AWS events and webinars: This page lists all upcoming AWS webinars and events, ensuring access to the latest information directly from the source.
  • Securzy: A platform dedicated to security professionals, it offers deep-dive sessions into the latest AWS security technologies and challenges. While most webinars are free, replays may require a subscription.
  • BrightTALK and TechTarget: Both platforms offer a wide range of webinars across various topics, including cloud security and AWS-specific sessions. Note that content is often sponsored by vendors, so a degree of marketing material can be expected, yet they remain valuable for educational content.
  • Cloud Academy: While primarily known for its comprehensive courses, Cloud Academy also hosts webinars that delve into the latest trends and practices in AWS and cloud security.
  • Cloud Security Alliance (CSA): CSA provides webinars focusing on wider cloud security issues, which is ideal for those looking to understand the broader security landscape.

Following webinars, let’s dive into the opportunities offered by AWS conferences.

12Jan, 2023
Author Image Pat Saucier
Attending AWS conferences – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Attending AWS conferences

AWS conferences provide opportunities for deep immersion in the AWS community. Here’s how to make the most of these events:

  • Virtual or in-person attendance: Many AWS conferences are accessible both virtually and in-person, catering to a global audience. Virtual attendance can be a convenient option for those unable to travel, while in-person attendance offers a more immersive experience and direct networking opportunities.
  • Plan your agenda: With numerous sessions available in parallel and limited seats available, review the agenda in advance and prioritize sessions that are most relevant to your interests and professional needs.
  • Network actively: Use these gatherings to connect with peers, AWS professionals, and industry leaders. Networking can open doors to new opportunities, insights, and collaborative ventures.
  • Participate in workshops and breakout sessions: These interactive sessions provide valuable hands-on experience and facilitate deeper discussions on security features and challenges.
  • Stay updated on announcements: AWS often introduces new services, features, and updates during these events. Keeping up with these announcements can give you a competitive edge.
  • Replay access: Many conferences offer replay access to sessions post-event. This feature is useful for revisiting content or catching up on sessions you may have missed, ensuring you don’t miss out on any learning opportunities.

Here is an overview of key relevant AWS conferences:

  • AWS summits: These are free events that are hosted around the world, designed to bring the cloud computing community together to connect, collaborate, and learn about AWS. Attending these summits provides insights into new AWS features, networking opportunities with AWS experts and peers from your country, as well as hands-on workshops that can enhance your practical skills.
  • AWS re:Invent: This is the largest annual AWS cloud conference, offering multiple sessions on cloud strategies, security, and service deep dives. Besides attending AWS re:Invent, look for re:Cap sessions that summarize key takeaways, something that’s perfect for those unable to attend every session of interest.
  • AWS re:Inforce: This is another key event for security professionals and AWS enthusiasts focusing specifically on security. It is ideal for gaining advanced knowledge, discovering new tools and techniques, and networking with industry leaders in that field.

Transitioning from conferences, let’s shift our focus to communities and peer networks.

Leveraging communities and peer networks

Continuous professional development thrives on a strong support network. Seek out and engage with communities of like-minded individuals to exchange knowledge, troubleshoot challenges, and stay updated on the evolving AWS landscape. Here are a few ways to get involved:

  • Online forums: Utilize platforms such as AWS re:Post and Stack Overflow to ask questions, share your expertise, and connect with the broader AWS community.
  • Local meetups and user groups: Discover AWS user groups in your area. These gatherings foster a sense of community and create valuable opportunities for collaboration and networking with peers.
  • AWS Community Builders: This program offers a wealth of resources, mentorship, and networking opportunities for those passionate about sharing AWS knowledge. It’s a fantastic way to accelerate your learning, grow your professional network, and give back to the AWS community.
  • Conferences and community events: Actively participate in the various events hosted by AWS, community groups, or third-party organizations. These are excellent avenues to expand your professional network, learn from others’ experiences, and stay abreast of the latest trends in AWS security.
  • Find a mentor: Build relationships with experienced community members for mentorship and guidance. A mentor can help you learn faster, avoid common pitfalls, and become an active contributor to the AWS security community yourself.

In the next and final section, we will review best practices for keeping abreast of AWS security advancements, enabling you to proactively strengthen your knowledge and your AWS environment’s security posture.

15Dec, 2022
Author Image Pat Saucier
Keeping abreast with new technologies – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Keeping abreast with new technologies

The AWS ecosystem is dynamic, with the landscape of cloud technology and security threats constantly evolving. AWS and third-party vendors frequently introduce new security services, features, and tools designed to address these challenges. For AWS professionals, staying updated with these innovations is not just about enhancing security postures—it is also about ensuring their knowledge remains current. This section delves into effective strategies for keeping pace with these developments and seamlessly integrating them into your environment.

Staying informed

Information is power in the realm of security. Security professionals must proactively seek out information on the latest AWS security announcements and security blog posts related to their topics of interest. Regular participation in AWS-specific webinars and workshops provides opportunities to gain firsthand knowledge of the latest updates and how they can be applied in practice. These resources can help you to anticipate and mitigate emerging threats with the latest AWS security technologies.

The next crucial phase involves evaluating and testing these advancements within AWS.

Evaluating and testing

Upon discovering new security technologies, evaluating their potential impact and testing their effectiveness is key. This involves doing the following:

  • Defining security enhancement objectives: Evaluate how new services or features can bolster your security posture. Establish clear metrics for evaluating new security tools, including performance, compatibility with existing systems, and overall security enhancement.
  • Testing in a controlled environment: Implement new technologies in a sandbox or development environment first. This allows you to gauge their performance, identify any integration issues, and understand their operational implications without risking production systems.
  • Security testing: Determine the actual security benefits by simulating attack scenarios or using penetration testing tools. Evaluate how technology improves your defense against these simulated threats.
  • Performance testing: Measure how the new technology performs under different scenarios. Look at its responsiveness, speed, and resource consumption during peak and off-peak hours.

Following evaluation and testing, let’s transition to ensuring compatibility and compliance as our next essential step.

12Oct, 2022
Author Image Pat Saucier
Ensuring compatibility and compliance – Keeping Up with Evolving AWS Security Best Practices and Threat Landscape

Ensuring compatibility and compliance

As new security technologies are adopted, ensuring compatibility with existing systems and compliance with relevant regulations is essential. This step requires a thorough review of how new tools interact with current architectures and an assessment of compliance implications, especially for industries subject to strict regulatory standards. This requires doing the following:

  • Mapping the current infrastructure: Start by creating an updated map or diagram of your current AWS infrastructure and security setup. This will help you pinpoint where new tools will be integrated.
  • Identifying integration points: Highlight specific areas within your infrastructure where the new security solutions will interact with existing systems. This could include network connections, data flows, APIs, and Lambda functions.
  • Compatibility assessment: Conduct a detailed analysis of how new security solutions integrate with your current AWS setup. Look for potential conflicts or dependencies that might affect their function.
  • Compliance evaluation: For organizations subject to industry regulations, it is crucial to ensure that new technologies do not compromise compliance. Review the security and compliance documentation provided by AWS or third-party vendors to understand their implications.

Next, let’s discuss how to effectively integrate these solutions into your environment.

Integrating into existing environments

The successful adoption of new security technologies depends on their integration into your existing AWS environment without causing disruptions. This involves doing the following:

  • Incremental deployments: Gradually introduce new technologies, starting with non-critical systems to minimize disruption and allow for adjustments based on initial observations.
  • Automating where possible: Leverage automation for the integration process to reduce manual errors and streamline deployment. Automation can also assist in maintaining configuration standards across your environment.
  • Updating security documentation: Revise your existing security documentation. This update should cover any new Standard Operating Procedures (SOPs) introduced by the integration.
  • Monitoring and adjusting: After deployment, continuously monitor for operational and security performance. Be prepared to make adjustments based on the outcome.

Integration lays the groundwork for our final focus—planning for future-proof security.

Copyright © 2025 randolphfly.com