Skip to content

Cloud Security Resources

This page distills the highlights

For the full, continuously updated list, see jassics/awesome-cloud-security-learning-resources on GitHub. Also see the companion Awesome AWS Security repo.

Use this page as the "go deeper" reference for the whole Cloud Security section - organized so you can jump straight to standards, papers, tools, or hands-on practice depending on what you need.

Standards & Frameworks

Framework What It Covers
CSA Cloud Controls Matrix (CCM) v4 The de-facto control framework spanning all major cloud providers
NIST SP 800-210 General access control guidance for cloud systems
MITRE ATT&CK for Cloud Real-world adversary tactics/techniques specific to cloud environments
CIS Benchmarks Configuration baselines for AWS, Azure, GCP, and Kubernetes
Azure Security Benchmark Microsoft's baseline security recommendations for Azure workloads
Google Cloud Security Foundations Blueprint Google's reference architecture for a secure GCP organization
AWS Well-Architected Framework: Security Pillar AWS's own security design guidance

Books

Book Author
AWS Security Dylan Shields - hands-on, covers IAM/VPC/KMS/GuardDuty/Security Hub
Practical Cloud Security Chris Dotson - cloud-agnostic, very accessible (2nd ed. 2023)
Microsoft Azure Security Infrastructure Yuri Diogenes
Cloud Security Handbook Eyal Estrin - multi-cloud, defender-oriented

Videos & Conferences

Courses & Certifications

AWS - AWS Skill Builder Security Learning Plan (free), SANS SEC488/SEC510/SEC540

Azure - Microsoft Learn AZ-500 path (free), SC-100 Cybersecurity Architect

GCP - Google Cloud Skills Boost - Security Engineer path

Vendor-neutral - CCSK, CCSP, Practical DevSecOps CCSE

Certifications - AWS Security-Specialty, Azure AZ-500, Google Professional Cloud Security Engineer, CCAK

Tools

Multi-Cloud CSPM / CNAPP (Open Source)

Tool Purpose
Prowler AWS/Azure/GCP/Kubernetes CSPM, 400+ checks
ScoutSuite Multi-cloud security auditing
Cloudsplaining AWS IAM least-privilege assessment
Steampipe Query cloud configuration with SQL
Cartography (Lyft, now CNCF sandbox) Graph-based infrastructure asset inventory

AWS-Specific

Pacu, aws-nuke, Parliament (IAM policy linter), Policy Sentry (least-privilege policy generator), CloudMapper, PMapper, S3Scanner

Azure-Specific

ROADtools, AzureHound, MicroBurst, Stormspotter (archived, still useful)

GCP-Specific

GCPBucketBrute, gcp_scanner

Commercial CNAPP Landscape

Wiz (acquired by Google, $32B, 2025), Orca Security, Cortex Cloud by Palo Alto Networks (formerly Prisma Cloud, rebranded Feb 2025), CrowdStrike Falcon Cloud Security, Lacework (Fortinet), Microsoft Defender for Cloud, AWS Security Hub + GuardDuty + Inspector, Sysdig Secure, Aqua Security, Snyk Cloud, Tenable Cloud Security.

Hands-On Labs & CTFs

See Cloud Red Teaming & Practice Labs for the full list organized by provider (flaws.cloud, CloudGoat, AzureGoat, GCPGoat, HackTricks Cloud, and more) plus assessment methodology.

Blogs & Research

Where to Go Next on This Site

Credits/References

  1. jassics/awesome-cloud-security-learning-resources - the full, continuously updated source this page distills
  2. jassics/awesome-aws-security - companion AWS-specific repo
  3. Hacking the Cloud