Learn the basics
This document is not intended to “teach” anything specifically, instead it lays out my personal framework for systematically learning important concepts. This is the order and content I read while studying… There are 1000’s of nested pages of architecture and developer guides to sift though and it can easily become a rabbit hole…
I follow a simple principle, write down all the things you don’t know and assume and then go learn learn and validate them …
know what you don’t know – KWYDK
famous gcp cheat sheet
where are GCP locations, regions and zones
basic building blocks of gcp
how are you billed in gcp
what internal security does gcp have (Not the cloud offerings)
- https://cloud.google.com/security/overview/whitepaper
- https://cloud.google.com/security/compliance/compliance-reports-manager#/
- https://cloud.google.com/security/infrastructure/design/resources/google_infrastructure_whitepaper_fa.pdf
what enterprise organizations should learn first
- https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations
- https://cloud.google.com/solutions/policies/designing-gcp-policies-enterprise
- https://cloud.google.com/solutions/policies/implementing-policies-for-customer-use-cases
what do smaller organizations learn first
how are identities managed in gcp
- https://cloud.google.com/architecture/identity
- https://cloud.google.com/architecture/identity/reference-architectures
- https://cloud.google.com/architecture/identity/overview-google-authentication#external_identities
- When federating with Microsoft
- When federating with workspaces
resource hierarchy and access control
- https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
- https://cloud.google.com/iam/docs/resource-hierarchy-access-control
- https://cloud.google.com/solutions/policies/implementing-policies-for-customer-use-cases
how are users authenticated to the platform
- Enterprise Business
- SDKs
what are GCP organization level policies
- https://cloud.google.com/resource-manager/docs/organization-policy/overview
- https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints
what are google workspace integration security benefits
- Security Monitoring and Alerts
- Advanced Protection Program
- Context Aware Access
- Third Party SSO and MFA support
how do you connect to/from gcp vpc and services
- Enterprise Business – Network Integrations
- Medium Business – Network Integrations
- Small – Network Integrations
- API Access
- Global GCP IP Adresses
how do you connect within gcp vpC
- Intro to VPC Networking
- VPC Design Patterns
- Isolation Using Shared VPC
- Isolation Using Service Controls
what are the core security options within gcp
- GCP Platform – Access Management
- https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
- https://cloud.google.com/iam/docs/resource-hierarchy-access-control
- https://cloud.google.com/access-approval/docs/overview
- https://cloud.google.com/iam/docs/understanding-roles
- https://cloud.google.com/iam/docs/understanding-custom-roles
- https://cloud.google.com/iam/docs/service-accounts
- https://cloud.google.com/iam/docs/recommender-overview
- Encryption
- Encryption-In-Transit
- Encryption at Rest
- Key Management
- Certificate Management
- https://cloud.google.com/certificate-authority-service
- https://cloud.google.com/load-balancing/docs/ssl-certificates
- https://cloud.google.com/load-balancing/docs/ssl-certificates/self-managed-certs
- https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs
- https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
- Isolation Using Shared VPC
- Isolation Using VPC Service Controlshttps://cloud.google.com/vpc-service-controls/docs/overview
- Compute Instance Firewalls
- Security Command Center
- https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview
- https://cloud.google.com/security-command-center/docs/concepts-event-threat-detection-overview
- https://cloud.google.com/security-command-center/docs/concepts-container-threat-detection-overview
- https://cloud.google.com/security-command-center/docs/concepts-vulnerabilities-findings
- https://cloud.google.com/security-command-center/docs/concepts-vulnerabilities-findings
- Native Detection/Incident Response
- Platform Logging
- Apigee Edge (TPD)
what are common / popular services i should dig into next
- https://cloud.google.com/compute/docs
- https://cloud.google.com/storage/docs
- https://cloud.google.com/vpc/docs/vpc
- https://cloud.google.com/sql/docs
- https://cloud.google.com/spanner/docs
- https://cloud.google.com/bigquery/docs
- https://cloud.google.com/kubernetes-engine/docs
- https://cloud.google.com/functions/docs
- https://cloud.google.com/dns/docs
- https://cloud.google.com/cdn/docs
- https://cloud.google.com/pubsub/docs
- https://cloud.google.com/logging/docs
- https://cloud.google.com/appengine/docs
- https://cloud.google.com/monitoring/docs
what are some third party security technologies?
- https://www.g2.com/categories/cloud-compliance?tab=highest_rated
- https://www.g2.com/categories/api-security
- https://www.g2.com/categories/cloud-data-security?tab=highest_rated
what are some online training resources?
- INTRO YOUTUBE COURSES
- ACLOUDGURU
exam practices questions because i just care about certs?
Shame on you, go back and read all the articles above and do some hands on labs …
- https://cloud.google.com/certification/sample-questions/cloud-engineer
- https://tutorialsdojo.com/links-to-all-google-cloud-gcp-cheat-sheets/
- https://github.com/batmanbury/gcp_notes
- https://cloud.google.com/compute/docs/tutorials/robustsystems
- https://cloud.google.com/solutions/migrating-vms-migrate-for-compute-engine-getting-started
@secSandman 