OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.

Infrastructure-as-Code Security

Why, What, and How

DevSecCon

In this talk, you'll learn about common IaC risks and best practices for securing infrastructure at scale using policy-as-code in both in build-time and run-time.

Planning, provisioning, and changing infrastructure are vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and helps prevent bad configurations upstream. It also presents another layer of risk. In this talk, you'll learn about common IaC risks and best practices for securing infrastructure at scale using policy-as-code in both in build-time and run-time.

This course is no longer available. Find something similar by browsing:
Infrastructure-as-Code Security Policy-as-Code IaC Cloud

What's inside

Syllabus

Infrastructure-as-Code Security: Why, What, and How

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Develops secure infrastructure practices at scale using policy-as-code, an industry standard
Teaches IaC security best practices for both build-time and run-time, ensuring infrastructure is secure throughout its lifecycle
Taught by DevSecCon, security experts recognized for their work in the field
Suitable for learners interested in building and securing cloud infrastructure
Covers common IaC risks and best practices, providing a strong foundation for secure infrastructure
May require familiarity with IaC and cloud infrastructure concepts

Save this course

Save Infrastructure-as-Code Security: Why, What, and How to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Infrastructure-as-Code Security: Why, What, and How with these activities:
Explore Infrastructure-as-Code Security Best Practices
Gain practical insights into proven methodologies for securing your infrastructure by implementing IaC security best practices.
Browse courses on Infrastructure Security
Show steps
  • Review vendor documentation on IaC security best practices.
  • Identify common IaC risks and vulnerabilities.
Develop an IaC Security Policy
Apply your knowledge to create a comprehensive IaC security policy to enhance the protection of your infrastructure.
Browse courses on Cloud Security
Show steps
  • Define security requirements and guidelines for IaC.
  • Establish automated policy checking mechanisms.
  • Integrate security tools and frameworks.
IaC Security Audit Project
Enhance your hands-on skills by conducting an in-depth security audit of your IaC configuration, identifying vulnerabilities and proposing mitigation strategies.
Browse courses on Cloud Security
Show steps
  • Identify the scope of the audit.
  • Use IaC scanning tools to identify security issues.
  • Analyze findings and prioritize remediation actions.
Show all three activities

Career center

Learners who complete Infrastructure-as-Code Security: Why, What, and How will develop knowledge and skills that may be useful to these careers:
Security Engineer
Security Engineers design and implement security measures to protect organizations from cyberattacks. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Security Engineers identify and mitigate vulnerabilities in their systems.
See salaries and explore the career path for Security Engineer
Penetration Tester
Penetration Testers identify and exploit vulnerabilities in computer systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Penetration Testers identify and mitigate vulnerabilities in their systems.
See salaries and explore the career path for Penetration Tester
Cloud Security Architect
Cloud Security Architects design and implement security measures to protect cloud computing systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Cloud Security Architects protect their systems from vulnerabilities and attacks.
See salaries and explore the career path for Cloud Security Architect
Security Auditor
Security Auditors assess the security of organizations' computer systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Security Auditors identify and mitigate vulnerabilities in their systems.
See salaries and explore the career path for Security Auditor
Cybersecurity Analyst
Cybersecurity Analysts identify and mitigate vulnerabilities in computer systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Cybersecurity Analysts identify and mitigate vulnerabilities in their systems.
See salaries and explore the career path for Cybersecurity Analyst
Security Consultant
Security Consultants help organizations to improve their security posture. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Security Consultants identify and mitigate risks to their clients' organizations.
See salaries and explore the career path for Security Consultant
Site Reliability Engineer
Site Reliability Engineers ensure that software applications are reliable and scalable. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help Site Reliability Engineers automate the provisioning and management of infrastructure, which can save time and reduce errors.
See salaries and explore the career path for Site Reliability Engineer
Software Architect
Software Architects design and develop software applications. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help Software Architects create more secure and reliable applications.
See salaries and explore the career path for Software Architect
Data Scientist
Data Scientists use data to solve business problems. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help Data Scientists automate the provisioning and management of infrastructure, which can save time and reduce errors.
See salaries and explore the career path for Data Scientist
DevOps Engineer
DevOps Engineers work to bridge the gap between development and operations teams. They help to ensure that software is deployed and managed efficiently and securely. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help DevOps Engineers automate the provisioning and management of infrastructure, which can save time and reduce errors.
See salaries and explore the career path for DevOps Engineer
Software Engineer
Software Engineers design, develop, and maintain software applications. This course may be useful because it teaches how to incorporate infrastructure-as-code into software development. This knowledge can help Software Engineers create more secure and reliable applications.
See salaries and explore the career path for Software Engineer
Systems Administrator
Systems Administrators manage and maintain computer systems. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Systems Administrators protect their systems from vulnerabilities and attacks.
See salaries and explore the career path for Systems Administrator
Network Engineer
Network Engineers design, install, and maintain computer networks. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Network Engineers protect their networks from vulnerabilities and attacks.
See salaries and explore the career path for Network Engineer
Risk Manager
Risk Managers identify and mitigate risks to organizations. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Risk Managers identify and mitigate risks to their organizations.
See salaries and explore the career path for Risk Manager
Cloud Architect
Cloud Architects design and manage cloud computing systems. They ensure that these systems are secure, scalable, and reliable. This course may be useful because it teaches how to secure infrastructure at scale using policy-as-code. This knowledge can help Cloud Architects protect their systems from vulnerabilities and attacks.
See salaries and explore the career path for Cloud Architect

Reading list

We've selected ten books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Infrastructure-as-Code Security: Why, What, and How.
Cover image
Cloud Security and Privacy
Save
Comprehensive guide to cloud security, including infrastructure as code security.
Cloud Security and Privacy: An Enterprise...
Paperback
$$
Cloud Security and Privacy: An Enterprise...
Kindle Edition
$$
Cover image
The DevOps 2.4 Toolkit
Save
Provides a comprehensive overview of DevOps security practices, including IaC security best practices and tools.
The DevOps 2.4 Toolkit
Paperback
$$
Cover image
Terraform: Up and Running
Save
Provides practical experience with Terraform, an IaC tool, and its security features.
Terraform: Up and Running
Paperback
Check
Terraform: Up and Running
Kindle Edition
Check
Cover image
The IoT Architect's Guide to Attainable Security...
Save
Covers full stack security, including infrastructure as code security.
The IoT Architect's Guide to Attainable Security...
Paperback
Check
The IoT Architect's Guide to Attainable Security...
Kindle Edition
Check
Cover image
The DevOps Handbook
Save
A widely-used industry guide to DevOps practices, including IaC security considerations.
The DevOps Handbook: How to Create World-Class...
Paperback
$$
The DevOps Handbook: How to Create World-Class...
Kindle Edition
$$
Security Engineering and Tobias on Locks Two-Book...
Save
Provides a solid foundation in security principles and practices, including IaC security considerations.
Security Engineering and Tobias on Locks Two-Book...
Hardcover
$$$$
Cover image
Designing Data-Intensive Applications
Save
Provides insights into designing and building reliable and scalable data-intensive systems, including IaC considerations.
Designing Data-Intensive Applications: The Big...
Paperback
$$
Designing Data-Intensive Applications: The Big...
Kindle Edition
$$
Cover image
Site Reliability Engineering
Save
Offers insights into Google's Site Reliability Engineering (SRE) practices, including IaC security considerations.
Site Reliability Engineering: How Google Runs...
Kindle Edition
$$
Cover image
Terraform: Up & Running
Save
Provides a hands-on guide to using Terraform for IaC, including security considerations.
Terraform: Up and Running: Writing Infrastructure...
Paperback
$$
Terraform: Up & Running: Writing Infrastructure as...
Paperback
$$$
Terraform: Up and Running: Writing Infrastructure...
Paperback
$$
Terraform: Up and Running
Kindle Edition
$$
Cover image
Threats
Save
Provides a structured approach to threat modeling, which can help identify and mitigate IaC security risks.
Threat Modeling: Designing for Security
Paperback
$$
Threats: What Every Engineer Should Learn From Star...
Kindle Edition
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Time
11 hours
Level
Intermediate
Via
Pluralsight
Instructor
DevSecCon
Language
English
Good to know
Develops secure infrastructure practices at scale using policy-as-code, an industry standard
Teaches IaC security best practices for both build-time and run-time, ensuring infrastructure is secure throughout its lifecycle
Taught by DevSecCon, security experts recognized for their work in the field
Suitable for learners interested in building and securing cloud infrastructure
Covers common IaC risks and best practices, providing a strong foundation for secure infrastructure
May require familiarity with IaC and cloud infrastructure concepts
Share and help others discover this course.
Facebook LinkedIn X Reddit Link Email
Don't miss out
Enroll today to gain access to this course
Enroll in this course
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser