🏆SFEIR is the Google Cloud EMEA Training Partner of the Year 2025🤝New partnership: Official GitLab Training🤖New training: AI-Augmented Developer
🏆SFEIR is the Google Cloud EMEA Training Partner of the Year 2025🤝New partnership: Official GitLab Training🤖New training: AI-Augmented Developer
GCP300SEC

Security in Google Cloud

This training course gives you a broad study of security controls and techniques in Google Cloud. Through lectures, demonstrations, and labs, you explore and deploy the components of a secure Google Cloud solution. You use services including Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, and Cloud DNS.

Google Cloud
✓ Official training Google CloudLevel Intermediate⏱️ 3 days (21h)

What you will learn

  • Identify the foundations of Google Cloud security.
  • Manage administration identities with Google Cloud.
  • Implement user administration with Identity and Access Management (IAM).
  • Configure Virtual Private Clouds (VPCs) for isolation, security, and logging.
  • Apply techniques and best practices for securely managing Compute Engine.
  • Apply techniques and best practices for securely managing Google Cloud data.
  • Apply techniques and best practices for securing Google Cloud applications.
  • Apply techniques and best practices for securing Google Kubernetes Engine (GKE) resources.
  • Manage protection against distributed denial-of-service attacks (DDoS).
  • Manage content-related vulnerabilities.
  • Implement Google Cloud monitoring, logging, auditing, and scanning solutions.

Prerequisites

  • Prior completion of the Google Cloud Fundamentals: Core Infrastructure course or equivalent experience.
  • Prior completion of the Networking in Google Cloud course or equivalent experience.
  • Knowledge of foundational concepts in information security, through experience or online training such as SANS SEC301: Introduction to Cyber Security.
  • Basic proficiency with command-line tools and Linux operating system environments.
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment.
  • Reading comprehension of code in Python or Javascript.
  • Basic understanding of Kubernetes terminology (preferred but not required).

Target audience

  • Cloud information security analysts, architects, and engineers, Information security or cybersecurity specialists, Cloud infrastructure architects

Training Program

11 modules to master the fundamentals

Objectives
  • Explain the shared security responsibility model of Google Cloud.
  • Describe how Google Cloud approaches security.
  • Recognize threats mitigated by Google and Google Cloud.
  • Identify Google Cloud's commitments to regulatory compliance.
Topics covered
  • →The approach of Google Cloud to security
  • →The shared security responsibility model
  • →Threats mitigated by Google and Google Cloud
  • →Access transparency
Objectives
  • Describe what Cloud Identity is and what it does.
  • Explain how Google Cloud Directory Sync securely syncs users and permissions between your on-premises LDAP or AD server and the cloud.
  • Explore and apply best practices for managing groups, permissions, domains, and administrators with Cloud Identity.
Topics covered
  • →Cloud Identity
  • →Google Cloud Directory Sync
  • →Managed Microsoft AD
  • →Google authentication versus SAML-based SSO
  • →Identity Platform
  • →Authentication best practices
Activities

Demo: Defining Users with Cloud Identity Console

Objectives
  • Identify IAM roles and permissions that can be used to organize resources in Google Cloud.
  • Explain the management-related features of Google Cloud projects.
  • Define IAM policies, including organization policies.
  • Implement access control with IAM.
  • Provide access to Google Cloud resources by using predefined and custom IAM roles.
Topics covered
  • →Resource Manager
  • →IAM roles
  • →Service accounts
  • →IAM and Organization policies
  • →Workload identity federation
  • →Policy Intelligence
Activities

Lab: Configuring IAM

Objectives
  • Describe the function of VPC networks.
  • Recognize and implement best practices for configuring VPC firewalls (both ingress and egress rules).
  • Secure projects with VPC Service Controls.
  • Apply SSL policies to load balancers.
  • Enable VPC flow logging, and then use Cloud Logging to access logs.
  • Deploy Cloud IDS, and view threat details in the Google Cloud console.
Topics covered
  • →VPC firewalls
  • →Load balancing and SSL policies
  • →Cloud Interconnect
  • →VPC Network Peering
  • →VPC Service Controls
  • →Access Context Manager
  • →VPC Flow Logs
  • →Cloud IDS
Activities

Lab: Configuring VPC Firewalls

Lab: Configuring and Using VPC Flow Logs in Cloud Logging

Demo: Securing Projects with VPC Service Controls

Lab: Getting Started with Cloud IDS

Objectives
  • Create and manage service accounts for Compute Engine instances (default and customer-defined).
  • Detail IAM roles and scopes for VMs.
  • Explore and apply best practices for Compute Engine instances.
  • Explain the function of the Organization Policy Service.
Topics covered
  • →Service accounts, IAM roles, and API scopes
  • →Managing VM logins
  • →Organization policy controls
  • →Shielded VMs and Confidential VMs
  • →Certificate Authority Service
  • →Compute Engine best practices
Activities

Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes

Objectives
  • Use IAM permissions and roles to secure cloud resources.
  • Create and wrap encryption keys using the Compute Engine RSA public key certificate.
  • Encrypt and attach persistent disks to Compute Engine instances.
  • Manage keys and encrypted data by using Cloud Key Management Service (Cloud KMS) and Cloud HSM.
  • Create BigQuery authorized views.
  • Recognize and implement best practices for configuring storage options.
Topics covered
  • →Cloud Storage IAM permissions and ACLs
  • →Auditing cloud data
  • →Signed URLs and policy documents
  • →Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK)
  • →Cloud HSM
  • →BigQuery IAM roles and authorized views
  • →Storage best practices
Activities

Lab: Using Customer-Supplied Encryption Keys with Cloud Storage

Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS

Lab: Creating a BigQuery Authorized View

Objectives
  • Recall various types of application security vulnerabilities.
  • Detect vulnerabilities in App Engine applications by using Web Security Scanner.
  • Secure Compute Engine Applications by using BeyondCorp Enterprise.
  • Secure application credentials by using Secret Manager.
  • Identify the threats of OAuth and Identity Phishing.
Topics covered
  • →Types of application security vulnerabilities
  • →Web Security Scanner
  • →Threat: Identity and OAuth phishing
  • →Identity-Aware Proxy
  • →Secret Manager
Activities

Lab: Identify Application Vulnerabilities with Security Command Center

Lab: Securing Compute Engine Applications with BeyondCorp Enterprise

Lab: Configuring and Using Credentials with Secret Manager

Objectives
  • Explain the differences between Kubernetes service accounts and Google service accounts.
  • Recognize and implement best practices for securely configuring GKE.
  • Explain logging and monitoring options in Google Kubernetes Engine.
Topics covered
  • →Types of application security vulnerabilities
  • →Web Security Scanner
  • →Threat: Identity and OAuth phishing
  • →Identity-Aware Proxy
  • →Secret Manager
Objectives
  • Identify the four layers of DDoS Mitigation.
  • Identify methods Google Cloud uses to mitigate the risk of DDoS for its customers.
  • Use Google Cloud Armor to blocklist an IP address and restrict access to an HTTP Load Balancer.
Topics covered
  • →How DDoS attacks work
  • →Google Cloud mitigations
  • →Types of complementary partner products
Activities

Lab: Configuring Traffic Blocklisting with Google Cloud Armor

Objectives
  • Discuss the threat of ransomware.
  • Explain ransomware mitigations strategies (backups, IAM, Cloud Data Loss Prevention API).
  • Highlight common threats to content (data misuse; privacy violations; sensitive, restricted, or unacceptable content).
  • Identify solutions for threats to content (classification, scanning, and redacting).
  • Detect and redact sensitive data by using the Cloud DLP API.
Topics covered
  • →Threat: Ransomware
  • →Ransomware mitigations
  • →Threats: data misuse, privacy violations, sensitive content
  • →Content-related mitigation
  • →Redacting Sensitive Data with the DLP API
Activities

Lab: Redacting Sensitive Data with the DLP API

Objectives
  • Explain and use the Security Command Center.
  • Apply Cloud Monitoring and Cloud Logging to a project.
  • Apply Cloud Audit Logs to a project.
  • Identify methods for automating security in Google Cloud environments.
Topics covered
  • →Security Command Center
  • →Cloud Monitoring and Cloud Logging
  • →Cloud Audit Logs
  • →Cloud security automation
Activities

Lab: Configuring and Using Cloud Monitoring and Cloud Logging

Lab: Configuring and Viewing Cloud Audit Logs

Related Trainings

AWS

Security Engineering on AWS

Security is a concern for both customers in the cloud, and those considering cloud adoption. An increase in cyberattacks and data leaks remains top of mind for most industry personnel. The Security Engineering on AWS course addresses these concerns by helping you better understand how to interact and build with Amazon Web Services (AWS) in a secure way. In this course, you will learn about managing identities and roles, managing and provisioning accounts, and monitoring API activity for anomalies. You will also learn about how to protect data stored on AWS. The course explores how you can generate, collect, and monitor logs to help identify security incidents. Finally, you will review detecting and investigating security incidents with AWS services.

3 d
Intermediate
AWS

AWS Security Essentials

This course covers fundamental Amazon Web Services (AWS) security concepts, including AWS access control, data encryption methods, and how to secure network access to your AWS infrastructure. Based on the AWS Shared Responsibility Model, you learn your responsibilities related to implementing security in the AWS Cloud and which security-oriented services are available to you. You also learn why and how the security services help meet the security needs of your organization.

1 d
Fundamental
Google Cloud

Model Armor: Securing AI Deployments

This course explains how to use Model Armor to protect AI applications, specifically large language models (LLMs). The curriculum covers Model Armor's architecture and its role in mitigating threats like malicious URLs, prompt injection, jailbreaking, sensitive data leaks, and improper output handling. Practical skills include defining floor settings, configuring templates, and enabling various detection types. You'll also explore sample audit logs to find details about flagged violations.

0.5 d
Fundamental
View all trainings →

Upcoming sessions

April 1, 2026
Distanciel • Français
Register
May 20, 2026
Distanciel • Français
Register
July 1, 2026
Distanciel • Français
Register
August 4, 2026
Distanciel • Français
Register
October 5, 2026
Distanciel • Français
Register
November 23, 2026
Distanciel • Français
Register

Quality Process

SFEIR Institute's commitment: an excellence approach to ensure the quality and success of all our training programs. Learn more about our quality approach

Teaching Methods Used
  • Lectures / Theoretical Slides — Presentation of concepts using visual aids (PowerPoint, PDF).
  • Technical Demonstration (Demos) — The instructor performs a task or procedure while students observe.
  • Guided Labs — Guided practical exercises on software, hardware, or technical environments.
  • Quiz / MCQ — Quick knowledge check (paper-based or digital via tools like Kahoot/Klaxoon).
Evaluation and Monitoring System

The achievement of training objectives is evaluated at multiple levels to ensure quality:

  • Continuous Knowledge Assessment : Verification of knowledge throughout the training via participatory methods (quizzes, practical exercises, case studies) under instructor supervision.
  • Progress Measurement : Comparative self-assessment system including an initial diagnostic to determine the starting level, followed by a final evaluation to validate skills development.
  • Quality Evaluation : End-of-session satisfaction questionnaire to measure the relevance and effectiveness of the training as perceived by participants.

2,370€ excl. VAT

per learner

ReserveQuote