AWS Security Training

I provide 2 days of advanced, in-person or remote, private training to companies on AWS security. This is useful for security teams securing own their AWS environments, incident responders, pentesters, developers, and more. This training is fast paced and densely packed.

These are some statements from those who have taken it:

Just finished a truly excellent AWS security training by [Scott Piper]. Well delivered, lean and super useful.Claudio Criscione
Cloud security is complex, and confusing the first time you look at it. Scott's AWS training was clearly structured, well-delivered, and helped me ramp up *way* more quickly than I could have on my own.Thomas Dullien (halvarflake)
If you're looking for *serious* AWS Security training [Scott Piper] from @SummitRoute is your guy. Highly recommend considering this if your security teams are still scratching their heads on how to tame clouds, or believe they figured it all out.Karim El-Melhaoui
I’m still digesting the knowledge drop from [Scot Piper] and his @summitroute training this week @sensepost. If you’re in security and ever touch AWS, you need this course. So much of it is deep knowledge borne of some serious focus. He’s also a super nice guy.Dominic White
I just finished up a @SummitRoute AWS web security training led by [Scott Piper] My brain is mush after all that. If you're looking for AWS security training for your team check them out.Joe Pistone
Content includes:
  • How I audit AWS environments and the types of issues I've found across the hundreds of AWS accounts I've looked at.
  • How AWS security tools work, their limitations, and what to look for when considering which ones to use. As the maintainer of two popular AWS security tools (CloudMapper and CloudTracker), I have expert knowledge of these areas.
  • How IAM and resource policies work and how to spot problems. I've found and helped fix many issues not only in client environments, but also with AWS's own policies and their documentation in this area.
  • What log sources exist on AWS, their limitations, and how to analyze them using tools like jq and Athena.
  • How to detect problems and attackers in real-time and how to do incident response.
  • What attack tools exist, techniques that can be used by attackers, and known security incidents of companies running on AWS.
  • What strategies and techniques can be used to run securely on AWS and avoid problems.
  • And more!

Training includes lecture and labs. Labs are done within my own AWS account. Students need only a laptop.

If you're interested in me providing your company with this training, reach out!