GIAC – Cloud Security Automation (GCSA)

What is GCSA?

The GIAC Cloud Security Automation (GCSA) certification covers cloud services and modern DevSecOps practices that are used to build and deploy systems and applications more securely. The certification shows that you not only know how to speak the language of modern cloud and DevSecOps principles but also can put them into practice in an automated and repeatable manner.

Who Should Attend?

This course is designed for:

  • Anyone working in a public cloud or DevOps environment
  • Developers
  • Software architects
  • Operations engineers
  • System administrators
  • Security analysts and engineers
  • Auditors
  • Risk managers
  • Security consultants

Learning Objectives

The topic areas for each exam part follow:

  • Microservice Security: will demonstrate an understanding of microservice architecture and implementation in a DevOps environment. The candidate will show familiarity with the architecture’s attack surface and appropriate security controls used in various architectural designs and conditions.
  • Cloud Security Fundamentals: will demonstrate basic knowledge of Amazon Web Services (AWS) cloud architecture components, Identity and Access Management, usage of the command-line interface, as well as general knowledge of how to secure the environment.
  • Cloud Security Monitoring: will demonstrate an understanding of tools for monitoring and assessing a cloud environment. The candidate will show familiarity with tools that perform vulnerability assessments, threat detection, compliance benchmarking, audit logging, log evaluation, and network collection.
  • Compliance as Code: will demonstrate an understanding of the Secure DevOps auditing controls and how to leverage automated scanners to automate policy requirements.
  • Configuration Management as Code: will demonstrate an understanding of managing infrastructure using programmable configuration management toolsets. The candidate will demonstrate an understanding of the new attack surfaces presented by CI, CD, and CM tools and familiarity with techniques for how to harden these tools.
  • Container Security: will demonstrate an understanding of container security issues, hardening containerized environments, container orchestration tools, and running these workloads in the cloud.
  • Continuous Security Monitoring: will demonstrate an understanding of what metrics and monitoring tools are needed to inform security efforts in cloud and DevOps environments. The candidate will show familiarity with how this data is collected, parsing log files, network collection, setting thresholds, and alerting the security team.
  • Data Protection and Secrets Management: will demonstrate an understanding of cloud facilities used for storing and securing data at rest and securing data in motion. The candidate will also show the ability to select appropriate encryption configurations, and familiarity with key management options and practices, and secrets management practices.
  • Deployment Orchestration and Secure Content Delivery: will demonstrate an understanding of deployment patterns, such as canary and blue/green deployment processes, their benefits, and how to choose which approach is appropriate for a given situation. The candidate will demonstrate familiarity with the purposes and issues involved with using Content Delivery Networks (CDN). The candidate will show understanding of methods to safely bypass the Same Origin Policy, CDN configuration practices and issues, and demonstrate ways that access to CDN content can be controlled securely.
  • DevOps Fundamentals: will demonstrate familiarity with Secure DevOps fundamentals and culture, including terminology, automation, cloud infrastructure integration, and security risks.
  • DevSecOps Security Controls: will demonstrate an understanding of the DevOps deployment pipeline and security considerations for each step of the Continuous Delivery and Continuous Integration processes.
  • Runtime Security Automation: will demonstrate an understanding of virtual patching in the cloud using Security as a Service, such as the Web Application Firewall. The candidate will demonstrate an understanding of how to configure those services to protect against common website attacks.
  • Secure Infrastructure as Code: will demonstrate an understanding of setting up and managing cloud infrastructure via code. The candidate will show familiarity with cloud provider and third-party tools used to manage cloud infrastructure resources.
  • Securing Cloud Architecture: will demonstrate an understanding of securing cloud architecture using Continuous Integration / Continuous Deployment / Continuous Delivery pipelines. The candidate will show familiarity with Azure and AWS toolsets to track work items, code, test, build, and release, and how each stage is secured and automated.
  • Serverless Security: will demonstrate familiarity with serverless architectures, their features, advantages, security concerns, and tactics for deploying effective security in serverless implementations.

Benefits of GCSA?

  • Using cloud services with Secure DevOps principles, practices, and tools to build & deliver secure infrastructure and software
  • Automating Configuration Management, Continuous Integration, Continuous Delivery, and Continuous Monitoring
  • Use of open-source tools, the Amazon Web Services toolchain, and Azure services

Exam Format

  • 1 proctored exam
  • 75 questions
  • Time limit of 2 hours
  • Minimum Passing Score of 61%

General Information

  • Training is available in a variety of modalities including live conference training, online, and self study.
  • Practical work experience can help ensure that you have mastered the skills necessary for certification
  • College level courses or study through another program may meet the needs for mastery.
  • The procedure to contest exam results can be found at https://www.giac.org/about/procedures/grievance.