Who has some good Cloud Security Interview resources? I am preparing for an Incident Response SecEng interview and I learned it's difficult to find good interview prep questions or study materials relevant for cloud-native companies. Looking for resources for garden variety startup tech stacks: - AWS / GCP - Kubernetes - Terraform - Container security (image scanning/validation, dependency monitoring), CWP - Other relevant security tools - Whatever I'm missing ------------------------------------------------ TC: $360k YOE: 10+ #cybersecurity #interview #security ------------------------------------------------- What I have so far: (very basic) CCSK Prep Questions: testpreptraining.com/blog/top-50-cloud-security-knowledge-ccsk-interview-questions/ OWASP Container Security Verification Standard (CSVS): owasp.org/www-project-container-security-verification-standard/migrated_content OWASP Kubernetes 10: owasp.org/www-project-kubernetes-top-ten/ OWASP DevSecOps Guideline: owasp.org/www-project-devsecops-guideline/latest/02a-Static-Application-Security-Testing Mitre ATT&CK Enterprise Cloud: attack.mitre.org/matrices/enterprise/cloud/ SaaS: attack.mitre.org/matrices/enterprise/cloud/saas/
You can read up but if you are starting out, just say so. You will get down leveled even if you pass
Thanks for the tip. I am not new to security or cloud. I will get down leveled either way, so why not minimize the impact by preparing as much as I can?
80% of knowledge comes from on the job training, honestly. Another resource might be appsecengineer.com