Securing Cloud Operations is your practical guide to building secure, compliant workloads across AWS, Azure, and Google Cloud. Created and taught by Luca Berton on Starweaver, this intermediate, 9-hour course walks you step-by-step from a simple web stack to a hardened, auditable cloud environment.
If you’ve ever worried about open security groups, misconfigured IAM, exposed storage buckets, or missing logs, this course is designed to give you the skills, confidence, and checklists to prevent exactly those problems.
Enroll Now on Starweaver
What You’ll Learn
By the end of the course, you’ll know how to:
- ✅ Differentiate security responsibilities between cloud provider and customer across IaaS, PaaS, and SaaS
- ✅ Configure IAM and network controls (roles, policies, security groups, VPC firewalls) to enforce least privilege
- ✅ Enable and operationalize cloud-native security tools like AWS GuardDuty, Microsoft Defender for Cloud, and Google Cloud Security Command Center
- ✅ Apply encryption, logging, and monitoring to protect data and detect suspicious activity
- ✅ Map your setup to CIS, ISO/IEC 27001, and NIST CSF and export evidence for audits
- ✅ Use a 10-control, printable checklist to secure future projects quickly and consistently
This is not a “read the docs” tour — it’s a guided build and hardening process for a real (but compact) cloud environment.
Who Should Take This Course?
This course is ideal for professionals who touch cloud workloads and want to upgrade from ad hoc setups to secure-by-design operations:
- Cloud Engineers & Platform Engineers
- DevOps & SRE Professionals
- Security Analysts & SOC Engineers
- Solution Architects & Tech Leads
You’ll get the most from the course if you’re already comfortable with:
- Basic networking and virtualization concepts
- At least one public cloud platform (AWS, Azure, or GCP) at a beginner or better level
No prior security certification is required — just curiosity and a willingness to get hands-on.
Course Overview
- Why cloud security failures happen (and how to avoid the common ones)
- Service models 101: IaaS vs PaaS vs SaaS from a security perspective
- The shared responsibility model across AWS, Azure, and GCP
- Essential terminology: identities, policies, networks, keys, logs
- Designing a small, realistic web stack as your security “playground”
- Principle of least privilege applied to real cloud roles and policies
- Configuring IAM users, groups, roles, and service principals
- Avoiding dangerous anti-patterns (long-lived keys, admin-overuse, wildcards)
- Role-based access for developers, operators, and auditors
- Hands-on: lock down console and API access for your small web stack
- Designing VPCs, subnets, and security groups to minimize exposure
- Configuring firewalls and NSGs across AWS, Azure, and GCP
- Public vs private subnets and secure bastion patterns
- Using load balancers and WAFs as a defensive layer
- Hands-on: tighten ingress/egress rules for your application stack
- Encrypting data at rest with KMS/Key Vault/Cloud KMS
- Securing data in transit with TLS and managed certificates
- Storing secrets safely (no more passwords in code or CI logs)
- Backup and restore strategies for cloud-native workloads
- Hands-on: apply encryption and backup policies to your databases and storage
- Enabling and tuning AWS GuardDuty, Azure Defender, and Google Cloud SCC
- Centralizing and analyzing logs (CloudTrail, Activity Logs, Audit Logs)
- Connecting alerts to incident response workflows and on-call rotations
- Detecting misconfigurations and suspicious activities early
- Hands-on: simulate and respond to basic security findings
- Mapping your environment to CIS Benchmarks, ISO/IEC 27001, and NIST CSF
- Generating and organizing evidence for audits and due diligence
- Building a reusable 10-control checklist for new cloud projects
- Running lightweight security reviews for new features or deployments
- Capstone: test your VM against CIS Benchmarks and export an audit-ready report
Certificate
Upon completion, you’ll earn a Starweaver Certificate of Completion for Securing Cloud Operations.
Use it to:
- Highlight cloud security skills on your LinkedIn profile
- Support internal promotion or role transitions into cloud or security engineering
- Demonstrate practical security knowledge to hiring managers and clients
Hands-On Activities & Discussions
- Guided lab: build and secure a small multi-tier web stack
- Checklist-based security review using a printable 10-control framework
- Practice assessments to reinforce IAM, network, and compliance concepts
- Real-world project exposure: from initial setup to audit-ready documentation
- Community discussions with other learners about cloud misconfigurations and war stories
About the Instructor
Luca Berton is a cloud-native engineering leader and automation expert with 18+ years of experience designing and operating large-scale, secure infrastructure across AWS, Azure, and GCP.
- Luca helps global banks and ESG startups build resilient, automated platforms — from disaster recovery for hundreds of thousands of containers and VMs to AI-driven ESG calculators used by 100+ SMEs
- Published technical author (Kubernetes, Ansible, RHEL, RHCE exam prep) and instructor with Coursera, Pluralsight, and Educative
- Creator of Ansible & Terraform Pilot, with 500+ hands-on use cases and troubleshooting guides serving tens of thousands of monthly learners
Luca’s focus is simple: turn complex cloud security into repeatable, reliable practices you can use at work tomorrow.
Ready to make cloud security the default, not an afterthought?
Secure your next deployment with confidence and a clear checklist.
Enroll in Securing Cloud Operations on Starweaver