EC Council Certified Cloud Security Engineer

5 Day Course
Official Curriculum

Book Now - 1 Delivery Method Available:

Classroom Virtual Classroom Private Group - Virtual Self-Paced Online


Master Cloud Security Skills with the Certified Cloud Security Engineer (CCSE) Certification - A unique blend of vendor-neutral and vendor-specific cloud security concepts.
EC-Council’s Certified Cloud Security Engineer (CCSE) course is curated by cloud security professionals in association with renowned subject matter experts to deliver a mix of vendor-neutral and vendor-specific cloud security concepts. The vendor-neutral concepts focus on cloud security practices, technologies, frameworks, and principles. In contrast, the vendor-specific materials deliver the practical skills that are needed to configure specific platforms, such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). This offers candidates a well-balanced mix of theoretical and practical skills. In addition, advanced topics also cover modules on securing the cloud infrastructure by implementing regulations and standards to maintain security. EC-Council’s cloud security course is mapped to the real-time job roles and responsibilities of cloud security professionals and is ideal for beginners as well as experienced cybersecurity professionals.


With CCSE, candidates learn:

  • Plan, implement, and execute cloud platform security for an organization.
  • Securely access cloud resources through identity and access management (IAM).
  • Evaluate and control organizational cloud network architecture by integrating various security controls the service provider offers.
  • Evaluate cloud storage techniques and threats on data stored in the cloud and understand how to protect cloud data from attacks.
  • Implement and manage cloud security on various cloud platforms, such as AWS, Azure, and GCP.
  • Understand the shared responsibility model of the service provider.
  • Evaluate various cloud security standards, compliance programs, and features offered by AWS, Azure, and GCP, and perform cloud computing security audits.
  • Implement various threat detection and response services provided by Azure, AWS, and GCP to identify threats to an organization’s cloud services.
  • Evaluate and mitigate security risks, threats, and vulnerabilities in a cloud platform.
  • Integrate best practices to secure cloud infrastructure components (network, storage and virtualization, and management).
  • Secure organizational cloud applications by understanding the secure software development lifecycle of cloud applications and by implementing additional security controls to enhance the security of hosted cloud applications.
  • Design and implement a GRC framework, a cloud incident response plan, and a business continuity plan for cloud services.
  • Utilize the security services and tools provided in Azure, AWS, and GCP to secure the organizational cloud environment.
  • Understand the legal implications associated with cloud computing to protect organizations.
  • Implement operational controls and standards to build, operate, manage, and maintain the cloud infrastructure.
  • Understand and implement security for private, multi-tenant, and hybrid cloud environments.

Target Audience

Who Should Earn a Cloud Security Certification?

  • Network security engineers
  • Cybersecurity analysts
  • Network security analysts
  • Cloud administrators and engineers
  • Network security administrators
  • Cloud analysts
  • Cybersecurity engineers
  • Those working in network and cloud management and operations

Why Should You Become a Certified Cloud Security Engineer (CCSE)?

Organizations need cloud security engineers to help them build a secure cloud infrastructure, monitor vulnerabilities, and implement incidence response plans to mitigate cloud-based threats. CCSE, with its unique blend of vendor-neutral and vendor-specific concepts, trains candidates in the fundamentals while equipping them with job-ready practical skills. 

EC Council's OFficial delivery platform includes study material, iLabs (virtual labs) and gives you the most flexible options for training to fit your busy schedule.

Additional Information

Why CCSE is the Perfect Choice for Cloud Security Engineers:
The CCSE program provides hands-on training in creating and implementing security policies to safeguard cloud infrastructure and applications.
CCSE by EC-Council is the first certification to offer a blend of vendor-neutral and vendor-specific concepts. It covers features and services of AWS, Azure, and GCP.
The program teaches best practices for securing cloud infrastructure through evaluating cloud storage techniques and threats, configuring cloud services, designing and implementing incident response plans, and auditing cloud computing security.
The course instills an understanding of security orchestration, automation, and response (SOAR), which security operations teams collect and analyze to create incident analysis reports and automate incident response in the cloud.
The CCSE program equips individuals with the skills to design and implement governance frameworks, models, and regulations (ISO/IEC 27017, HIPAA, and PCI DSS).
The program teaches the tools and techniques used to perform forensics investigations on cloud platforms such as AWS, Azure, and GCP. Participants learn forensic methods and how they can be automated to identify and investigate vulnerabilities and threats.
The CCSE program teaches individuals how to implement standards through features, services, and tools for regulation and audits of AWS, Azure, and GCP.
CCSE is the only certification course that provides hands-on training in a simulated environment. More than 50 complex labs train learners to tackle real-world industry-level challenges for cloud security professional roles.

Training Partners

We work with the following best of breed training partners using our bulk buying power to bring you a wider range of dates, locations and prices.


Collapse all

Module 1: Introduction to Cloud Security: (1 topic)

  • In this module, you will be presented with the core concepts of cloud computing, cloud service models, and cloud-based threats and vulnerabilities. The module highlights service provider components, such as evaluation and the shared security responsibility model, that are essential to configuring a secure cloud environment and protecting organizational resources.

Module 2: Platform and Infrastructure Security in the Cloud: (1 topic)

  • This module explores the key components and technologies that form a cloud architecture and how to secure multi-tenant, virtualized, physical, and logical cloud components. This module demonstrates configurations and best practices for securing physical data centers and cloud infrastructures using the tools and techniques provided by Azure, AWS, and GCP

Module 3: Application Security in the Cloud: (1 topic)

  • The focus of this module is securing cloud applications and explaining secure software development lifecycle changes. It explains the multiple services and tools for application security in Azure, AWS, and GCP.

Module 4: Data Security in the Cloud: (1 topic)

  • This module covers the basics of cloud data storage, its lifecycle, and various controls for protecting data at rest and data in transit in the cloud. It also addresses data storage features and the multiple services and tools used for securing data stored in Azure, AWS, and GCP.

Module 5: Operation Security in the Cloud: (1 topic)

  • This module encompasses the security controls essential to building, implementing, operating, managing, and maintaining physical and logical infrastructures for cloud environments and the required services, features, and tools for operational security provided by AWS, Azure, and GCP.

Module 6: Penetration Testing in the Cloud: (1 topic)

  • This module demonstrates how to implement comprehensive penetration testing to assess the security of an organization's cloud infrastructure and reviews the required services and tools used to perform penetration testing in AWS, Azure, and GCP.

Module 7: Incident Detection and Response in the Cloud: (1 topic)

  • This module focuses on incident response (IR). It covers the IR lifecycle and the tools and techniques used to identify and respond to incidents; provides training on using SOAR technologies; and explores the IR capabilities provided by AWS, Azure, and GCP.

Module 8: Forensics Investigation in the Cloud: (1 topic)

  • This module covers the forensic investigation process in cloud computing, including various cloud forensic challenges and data collection methods. It also explains how to investigate security incidents using AWS, Azure, and GCP tools.

Module 9: Business Continuity and Disaster Recovery in the Cloud: (1 topic)

  • This module focuses on the various governance frameworks, models, and regulations (ISO/IEC 27017, HIPAA, and PCI DSS) and the design and implementation of governance frameworks in the cloud. It also addresses cloud compliance frameworks and elaborates on the AWS, Azure, and GCP governance modules.

Module 10: Governance, Risk Management, and Compliance in the Cloud: (1 topic)

  • This module focuses on the various governance frameworks, models, and regulations (ISO/IEC 27017, HIPAA, and PCI DSS) and the design and implementation of governance frameworks in the cloud. It also addresses cloud compliance frameworks and elaborates on the AWS, Azure, and GCP governance modules.

Module 11: Standards, Policies, and Legal Issues in the Cloud: (1 topic)

  • module discusses standards, policies, and legal issues associated with the cloud. It also covers the features, services, and tools needed for compliance and auditing in AWS, Azure, and GCP.

There are also 54 Labs included in this course: (54 topics)

  • Implementing AWS Identity and Access Management
  • Implementing Key Management Services
  • Creating Secure EC2 Instances in AWS Virtual Private Cloud (VPC)
  • Deploying a Secure Windows Server VM in Azure with Antimalware Extension Enabled
  • Implementing Role-Based Access Control in Microsoft Azure
  • Block Management Ports with Azure Security Center to Prevent Brute Force Login Attacks on Virtual Machines in Azure
  • Securing GCP Instances using Firewall Rules
  • Implementing a Private Secure Connection Between Instances with VPC Network Peering
  • Implementing Role Based Access Control with GCP IAM
  • Implementing Secure Deployments in GKE with Binary Authorization
  • Implementing Web Application Firewall in AWS
  • Enforcing Principle of Least Privilege with SAML based Single Sign-on in Azure
  • Using Azure AD Multi-Factor Authentication Settings to Block and Unblock Microsoft Azure User
  • Restricting Access to App Engine Applications in GCP with Cloud IAP
  • Restricting access to S3 Bucket Object Using CloudFront
  • Restricting Access to AWS S3 Buckets using ACL and Bucket Policy
  • Restricting Non-SSL Access for S3 Objects using Bucket Policies
  • Securing Amazon RDS from Accidental Deletion
  • Preventing Deletion of Backups Using an Amazon Backup Vault Resource-based Access Policy
  • Preventing Accidental Deletion and Modification of S3 Objects using S3 Object Lock
  • Restricting Access to Azure Storage Account Using Shared Access Signature (SAS)
  • Disabling Anonymous Access to Blob Container in Azure
  • Preventing Accidental Deletion of Resources Using Azure Resource Locking
  • Restricting Network Access to Azure Storage Account Using Virtual Network Service Endpoints
  • Protecting Secrets in Azure with Key Vault
  • Implementing Encryption and Decryption of Data with Google Cloud KMS
  • Inspecting Sensitive Information in GCP with Cloud DLP
  • Discovering Potential Security Issues using Amazon Inspector
  • Monitoring User Activity using AWS CloudTrail
  • Notifying Security Group Change using CloudTrail and CloudWatch
  • Restricting Remote Desktop Access to Virtual Machines Using Network Security Group (NSG) in Azure
  • Securing RDP/SSH Access to Azure Virtual Machines Using Azure Bastion
  • Scanning for Vulnerabilities in App Engine Applications with Google Cloud Web Security Scanner
  • Identifying Misconfigured S3 Buckets in AWS by Penetration Testing
  • Identifying Publicly Accessible Data with Compromised AWS API Keys
  • Detecting Compromise of Sensitive Data in S3 Buckets with Amazon Macie
  • Creating Activity Log Alerts with Azure Monitor
  • Monitoring Suspicious Network Traffic with VPC Flow Logs in GCP
  • Detecting Incidents in GCP with Cloud Monitoring
  • Examining Logs on Amazon CloudWatch Console
  • Forensically Acquiring and Examining VM in Microsoft Azure
  • Backup and Restore Failed EC2 Instance Using EBS Snapshot in AWS
  • Implementing Backup of Amazon S3 Objects with Cross-Region Replication
  • Recovering EC2 Instances using AMI Backup option
  • Implementing Disaster Recovery in Azure using Storage Data Replication and Failover
  • Implementing Backup and Restore of Virtual Machines with Azure Backup
  • Creating Snapshot of a VM instance and Restoring the instance using the Snapshot in GCP
  • Ensuring Service Availability using HTTP Load Balancing in GCP
  • Investigating Compliance Findings using AWS Security Hub
  • Restricting Deployment of S3 Buckets to a Specific Region using IAM Policy in AWS
  • Enforce Compliance by Assigning In-built Policy and Creating Custom Policy in Azure
  • Conducting Security Audit in AWS with AWS Trusted Advisor
  • Auditing Compliance of Azure Resources by creating Policy Assignments with Azure Policy
  • Conducting Audits in GCP with Cloud Audit Logs

Scheduled Dates

Please select from the dates below to make an enquiry or booking.


Different pricing structures are available including special offers. These include early bird, late availability, multi-place, corporate volume and self-funding rates. Please arrange a discussion with a training advisor to discover your most cost effective option.

Code Location Duration Price Sep Oct Nov Dec Jan Feb
Later scheduled dates may be available for this course.

Course PDF


Share this Course


Recommend this Course