Table of Contents
Practical Steps to Starting a Career in Cloud Security — 2025 (RoadMap)
Resources
Headline
In 2025, businesses are thriving in a digital-first world, with cloud computing at the heart of their operations. As companies increasingly rely on the cloud to power innovation and efficiency, one priority dominates: protecting their data while maintaining complete visibility and control over their cloud environments.
This is where careers in Cloud Security shine. These roles focus on safeguarding sensitive data, applications, and infrastructure hosted in the cloud. Cloud Security professionals are the guardians of the digital frontier, creating strategies and deploying advanced tools to keep hackers at bay and ensure the cloud remains a safe space for innovation. In this era, Cloud Security isn’t just a career — it’s a mission-critical role shaping the future of technology.
Taimur Ijlal in one of his articles “Cloud Security Career Path — The Ultimate Guide For 2024 stated something profound “AI is the future and Cloud is the backbone on which this future is being built.”
AI tools such as ChatGPT have been integrated as an enhancement to our work productivity and might take over certain non-essential jobs. However, these AI tools are vulnerable to different cyber attacks due to their reliance on cloud infrastructure. The security of the models, applications, and APIs used in these AI tools falls under the responsibility of Cloud Security Engineers.
Disclaimer: This article shares personal experiences, gathered resources, and insights from professionals in cloud security. As every cloud security journey is unique, it is recommended that after reading this article, you craft a personalized roadmap tailored to your specific needs and preferences.
Cloud Security professionals would always be in high demand. However, meeting up with most companies hiring requirements can be difficult even for an entry level role.
A Bit About My Cloud Security Journey. I started my Cloud Security Journey in the first quarter of 2023. I had no idea how to get started, what courses to take, or what community to join. I came across one of Day Cyberwox’s YouTube Videos “From Zero to Cloud Security Hero in 2023: A Step-by-Step Guide”. Then, I got the idea of creating a Road map for myself.
Here are some highly recommended resources to help you craft a solid Cloud Security learning roadmap for 2025:
Nick Jones's blog on Breaking Into Cloud Security is a Must Read!! Blog Guide for Cloud Security Nick Jones Cloud Security Specialist, Principal Consultant & Cloudsec lead @ WithSecure www.nojones.net
How to become a cloud security engineer Mateusz Gierblinski, a former NVISO Cloud Security Engineer, shares his tips for breaking into a cloud cybersecurity… www.hackthebox.com
The path to becoming a cloud security expert - Intrinsec What you need to get started with your cloud security career, recommended certifications, and how we can help with your… intrinsecsecurity.com
How to start a Cloud Security Engineer career in 2023 This is the best time to get into Cloud Security taimurcloud123.medium.com
Welcome | Learn to Cloud GitHub license learntocloud.guide
Intro to Cloud Security | Tryhackme Writeup/Walkthrough | By Md Amiruddin Learn fundamental concepts regarding securing a cloud environment. infosecwriteups.com
Why you should focus on Cloud Security in the next 12 months Three reasons why cloud security is going to be red hot even in a recession taimurcloud123.medium.com
Must Watch Cloud Security YT Videos From Zero to Cloud Security Hero in 2023: A Step-by-Step Guide
Become a Cloud Security expert | Step-by-Step
How to Become a Cloud Security Engineer | AppSecEngineer
Cloud Security for Beginners: Part 1 — Starting in the Cloud
Three practical steps to learn AWS Security in 2023!
What does a Cloud Security Engineer do?
How to Become a Cloud Security Engineer in 2021
Cloud Security for Dummies
Cloud Security Is Simple. Here’s the Strategy You Need
5 Effective Ways to Learn Cloud Security
Cybersecurity Engineering Careers: CorpSec, Threat Detection & Incident Response Engineers by Day Cyberwox
Courses and Github Resources Introduction to AWS Security by Cybr: https://cybr.com/courses/introduction-to-aws-security/ https://github.com/Funkmyster/awesome-cloud-security https://github.com/jassics/security-study-plan/blob/main/common-skills-study-plan.md Practical Steps to Landing a Cloud Security Role
Step 1: Do your Research into various Aspects of Cloud Security and CSPs Start by doing your research on various things in cloud security such as companies offering cloud security services, tools used by cloud security Engineers, the Top 16 cloud security experts you should follow by wiz, different cloud service providers, etc. Your research findings would help you have an in-depth knowledge of cloud security and how to design your learning roadmap.
Step 2: Choose a Cloud Platform There are different Cloud Service Providers (CSPs) in the cloud computing market. However, there are three major (popular) CSPs (AWS, AZURE and GCP). When I started my cloud security journey, I had issues with either learning a particular CSP e.g. AWS, or learning multi-cloud CSPs (AWS, AZURE, and GCP). After my research and reaching out to the cloud security community at Fwdcloudsec, I got some feedback which prompted me to write an article on “Is multi-cloud worth learning as a Beginner or Expert in the cloud industry?”
It is recommended that you research the three Major CSPs in terms of which CSP is in high demand by most companies, and which skill sets are required by Human Resource personnel or hiring managers. Then, decided to learn one of the CSPs and its security services.
For Example in my view, AWS is ranked top due to high adoption by companies and 12 months free tier access to learn about AWS services.
Step 3: Understand the engineering process before learning security. It is important to know Cloud fundamentals and concepts such as the Shared Responsibility Models in each CSP; IaaS, PaaS, SaaS, Infrastructure as Code (IaC); Terraform, Serverless; lambda, IAM; cloud identity, Compute; EC2, Networking; VPC, Database; RDS, etc. Likewise, you need to know how to build and deploy mini applications or cloud resources with your selected CSP (e.g. GCP) before learning how to use its security services. Knowing how cloud resources are dynamically provisioned and scaled in a cloud environment would help you with a more informed approach to implementing effective security measures.
I recommend taking any Vendor Neutral Cloud security Certification e.g. Certified Cloud Security Engineer (CCSE) by EC-council, Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), and CompTIA Cloud+. They offer a holistic understanding of the multi-cloud providers.
However, I recently took the (CCSE) by EC-council certification and I can confidently boast of my cloud knowledge and hands-on projects. I had a good knowledge of the three major CSPs AWS (Amazon Web Services), Azure (Microsoft Azure), and GCP (Google Cloud Platform) which helped me to make deliberate choices on the specific CSP to build my security skills.
CSP-Specific Foundational Knowledge Certifications You can consider any of the following if your are not taking a vendor neutral cloud security certificate.
AWS Certified Solutions Architect — Associate Microsoft Certified: Azure Administrator Associate Google Cloud Engineer Learning Platform You Should Check Out: A Cloud Guru (now Pluralsight)- online training provider, that covers AWS, Azure, and Google Cloud Cloud Academy — online training provider, that covers AWS, Azure, and Google Cloud The provider’s training material Aws Training Azure on Microsoft Learn Google Cloud Training Open Guide for AWS — a GitHub repository of guides for different AWS services 4. PwnedLabs Bootcamp: 4-week hands-on training platform designed to build your skill-sets in AWS and AZURE.
Microsoft Cloud Attack and Defense Bootcamp Get hands-on experience with attacking and defending Azure & M365 environments in a live 4-week-long instructor-led… bootcamps.pwnedlabs.io
Step 5: Carve a niche for yourself in Cloud Security Specializing in a definite role within cloud security gives you expertise and helps you narrow your applications for specific gigs and roles.
I highly recommend that you research each of the sub-roles that interest you and match up with your skill set.
The good thing with cloud security is that you can always switch from one role to another.
Cloud Security's role encompasses various aspects. Here are selected sub-roles which might interest you:
Cloud Identity and Access Management (IAM) Specialist: You are responsible for managing users' access, authentication, and authorization within cloud systems. Cloud Incident Responder: You are responsible for responding to security incidents in cloud environments, investigating breaches, and implementing corrective actions. Cloud Security Analyst: Your responsibility involves monitoring and analyzing security threats, assessing risks, and developing strategies to mitigate potential issues in cloud environments. Cloud Compliance Specialist: You are responsible for ensuring that cloud systems adhere to industry regulations and compliance standards, and managing audits and assessments. Cloud Security Engineer: Your responsibility involves technical implementation and maintenance of security measures within cloud infrastructure, involving configuration, monitoring, and incident response. Cloud Security Architect: You are responsible for designing and implementing security protocols, policies, and frameworks specific to cloud environments. Cloud Security Content Engineer (New Role): Your responsibility involves creating cloud security hands-on guided labs and courses for students (customers) from beginner to advanced levels. E.g. for companies like Pwnlabs and TryHackMe. Check out my Medium post on “Content Engineering in Cybersecurity”
Cloud Threat Detection Engineer (New Role): Your responsibility involves detecting threats and vulnerabilities in cloud-native environments, log telemetry, and building detection logic rules to detect identified vulnerabilities. Cloud Threat Researcher (New Role): You are responsible for researching evolving Cloud threats in CSP (Cloud Service provider e.g. AWS) Services Offering and cloud breaches e.g. Method of infiltration on Uber data breach attack and publish findings in cloud communities or Open Cloud Vulnerability databases such as cloudvulndb.org. Cloud Security LLM & GenAI Engineer (New Role): Your responsibility involves Collaborating with AI researchers and developers to integrate security best practices into the AI model development lifecycle, and to design, develop, and deploy security mechanisms in the protection against adversarial attacks, data breaches, and other security vulnerabilities in generative AI systems. Cloud Security Sales Engineer: You are responsible for understanding and promoting cloud security solutions to potential clients or customers such as DLP, CASB, CNAPP, (Identity) CIEM, (Workload) CWPP, (Platform) CSPM, etc. Likewise, this role comes with other responsibilities such as Sales Support, Solution Development, Customer Education, and Collaboration with Technical Teams. DevSecOps (Development, Security, Operations) Engineer: Your responsibility involves integrating security practices into every stage of the software development lifecycle. Key responsibilities include Collaboration, Automation, Continuous Monitoring, Risk Management, etc. Step 6: Create your Brand Learning and building your cloud security skill set is not enough. You need to put yourself and your content out there for people to see. As a newbie in the cloud space, I created technical cloud security labs on Hashnode and stayed active on LinkedIn. In the fourth quarter of 2023, I got a role as a Cloud Security Content Engineer with no technical interview because I had Evidence to show for my self-development.
You must create Proof for your learning journey by creating an online presence through technical YouTube videos or Blog content using platforms such as Medium, Hashnode, or Dev.to. Likewise, utilize the power of LinkedIn and X (formerly Twitter) to connect with professionals and companies in cloud security or cybersecurity.
Lastly, No one possesses all the knowledge and skill sets required for every role out there, so it’s advisable to apply for positions that align with your existing skill set. However, applying for roles slightly beyond your current expertise can also provide valuable experience in navigating technical interviews.
Secret Take Away Tips Possess a dedicated and determined mindset for continuous learning. Research and connect with companies and professionals you are interested in working with. (e.g. HRs, CEO, and Senior associate staff working in the role you are interested in via LinkedIn or X platform). Join Cloud security Communities e.g. AWSUsergroup in your Country, fwdcloudsec, etc. Research and build personal cloud security projects and publish them on GitHub. Collaborate with community members on building cloud security Projects. Certifications are not the automatic key to landing your dream role in cloud security. Take Certifications that are relevant in the Job market and not just for showcase on your resume. Design your own RoadMap to match your desired skill level and dream job. Build and showcase Cloud Security projects simulating real-world projects on any blog platform and GitHub. Check out amazing Cloud Security projects @ My Hashnode Blog
Let’s connect via Linkedin || Twitter || Hashnode
Wishing you Success in your cloud security Journey !!🚀🚀🚀 Cloud Security Cloud Computing AWS Azure Gcp 504
4
~ goody Written by ~ goody 287 Followers · 120 Following Cloud☁️ Security || C☁️d Threat🐝 Detection 🕵️♂️ ||
Follow
Responses (4) Xuan Thuy Dang Xuan Thuy Dang
Cancel Respond Sanjeev Jaiswal (Jassi) Sanjeev Jaiswal (Jassi)
Mar 6, 2024
Nice article to start a career in cloud security. I would suggest these two github repositories as well for those aspirants and your readers. 1. Awesome AWS Security: https://github.com/jassics/awesome-aws-security 2. AWS Security Study Plan…more 1
1 reply
Reply
Adeoluwa Adeoluwa
Jan 18, 2024
Amazing article and will definitely use in my career roadmap
