Description

Below course outline ensures a comprehensive coverage of Google Infrastructure and Security Management, with each session focused on a specific aspect of security and infrastructure management within Google Cloud. Adjustments can be made depending on the specific needs or level of the audience.

1st Session: Introduction to Google Cloud Infrastructure

• Overview of Google Cloud Platform (GCP)
  • Core services and products
  • Global infrastructure and regions
  • Understanding resource hierarchy: organizations, folders, projects
• Identity and Access Management (IAM)
  • IAM roles and policies
  • Service accounts and keys
  • Best practices for managing IAM

2nd Session: Networking in Google Cloud

• VPC (Virtual Private Cloud) Fundamentals
  • VPCs, subnets, and IP addressing
  • Firewalls and routes
  • Peering and shared VPC
• Load Balancing and CDN
  • Types of load balancers in GCP
  • Configuring Cloud CDN
  • Traffic distribution and management

3rd Session: Compute and Storage Security

• Compute Engine Security
  • VM security and best practices
  • Managing machine images and snapshots
  • Shielded VMs and Confidential Computing
• Storage Security
  • Securing Cloud Storage (buckets, objects)
  • Managing encryption at rest and in transit
  • Access control and data protection

4th Session: Google Kubernetes Engine (GKE) Security

• Introduction to GKE
  • Kubernetes architecture on GCP
  • Setting up clusters and managing nodes
• Security in GKE
  • Network policies and pod security policies
  • Securing workloads and containers
  • Best practices for GKE security

5th Session: Identity Management and Security

• Identity and Access Management (Deep Dive)
  • Advanced IAM roles and conditions
  • Managing identity across projects and services
• Cloud Identity and Google Workspace Integration
  • Managing users and groups
  • Single Sign-On (SSO) and multi-factor authentication (MFA)

6th Session: Data Protection and Privacy

• Data Encryption
  • Encryption by default: at rest and in transit
  • Customer-managed encryption keys (CMEK) and Customer-Supplied Encryption Keys (CSEK)
• Data Loss Prevention (DLP)
  • Using Cloud DLP to discover, classify, and protect sensitive data
  • Setting up DLP jobs and alerts

7th Session: Monitoring and Incident Response

• Monitoring with Google Cloud
  • Setting up Google Cloud Monitoring and logging
  • Using Stackdriver for observability
  • Creating alerts and dashboards
• Incident Response
  • Best practices for incident management
  • Setting up response plans and playbooks
  • Using Google Cloud Security Command Center (SCC)

8th Session: Compliance and Governance

• Compliance Frameworks
  • Understanding GCP compliance offerings (HIPAA, GDPR, etc.)
  • Auditing and reporting in Google Cloud
• Resource and Cost Management
  • Setting up budgets and alerts
  • Using Resource Manager for governance
  • Policy intelligence and recommendations

9th Session: Automation and Infrastructure as Code

• Infrastructure as Code (IaC)
  • Using Terraform with Google Cloud
  • Managing deployments and state
  • Best practices for IaC security
• Automation and Scripting
  • Google Cloud SDK and CLI tools
  • Automating tasks with Cloud Functions and Cloud Run

10th Session: Advanced Security Features and Case Studies

• Advanced Security Tools
  • Security Health Analytics
  • VPC Service Controls and BeyondCorp
  • Using Cloud Armor for DDoS protection
• Case Studies and Best Practices
  • Real-world examples of Google Cloud security implementations
  • Lessons learned from incidents and how to prevent them
  • Q&A and final discussion on best practices