Cybersecurity engineer

How to become a cloud security engineer: Job opportunities, skills and more

Ali Hadley
February 3, 2022 by
Ali Hadley

It’s no secret that cloud computing is the future. Today, nearly 94% of enterprises use cloud services, which values the global market at nearly $372 billion. And that’s only the beginning.

By 2025, experts predict that nearly 100 zettabytes of data — or one billion terabytes —  will be stored in the cloud, raising the value of the global market to a staggering $832 billion.

For aspiring cyber pros, that means pursuing a career in cloud security is a pretty safe choice. But it also indicates a growing demand for standardized security processes. Especially as more data is uploaded — and as more hackers gain access.

ChatGPT: Self-paced technical training

ChatGPT: Self-paced technical training

Take our introductory training to teach you how to securely use ChatGPT to investigate SOC & Incident response issues. Book a meeting with our team to learn more.

Learn why the cloud is still vulnerable, how it can be secured and what skills you need to become a cloud security engineer or cloud security architect.


Overcoming the cloud knowledge gap


For public clouds hosted by third parties like Amazon and Google, the threat of an attack is not only probable, but inevitable. “Attackers are constantly attacking organizations,” says Menachem Shafran, VP of product at XM Cyber. “It’s part of life.”

In 2021 alone, 98% of CISOs using public clouds reported a non-critical data breach. So, why the mad dash to migrate if an attack is imminent? The number one threat to cloud safety isn’t risky or faulty technology; it’s human error.

While the cloud is now considered a ubiquitous service, Shafran explains how it’s still relatively new — and still misunderstood. “The first problem with securing the cloud is a knowledge gap,” he says. “For many people, it’s so new. They don’t understand how it actually works.”

As the majority of organizations go fully digital, those who have not yet migrated feel extra pressure to do so, resulting in a haphazard job that prioritizes speed over safety.

In their haste to migrate, Shafran says these leaders are making one critical mistake: granting too many permissions. “People want to do a ‘lift and shift,’” Shafran says. “Then, they’re giving excessive permissions. ... If you give the cloud permission to do pretty much everything, then the risk from that machine is also escalating.”

Granting unlimited access gives hackers a VIP pass to your cloud environment, which is why so many CISOs experienced breaches. Most of those are non-critical. However, this primary foothold can be sold to malicious predators who intend to cause much more damage.


How to improve security in cloud computing


Instead of treating digital transformation like an arms race, Shafran suggests a slow and strategic approach. And that starts with restructuring the flow.

Instead of allowing the R&D team to lead, Shafran says an organization's cyber pros should be trained in cloud security and be in charge of the migration. Once they’re effectively SMEs, these cloud security engineers can create the proper procedures to ensure migration goes smoothly.

After the guidelines are in place, data should be moved over slowly to make sure no mistakes are made — and to keep systems running without interruption. These SMEs should also determine what data needs to be protected and prioritized. That way, sensitive information doesn’t accidentally get shared with the wrong audience.

Once migration is completed successfully, Shafran suggests a meeting with the C-suite to help them understand the potential risks and priorities. With their buy-in, the cloud security team can then make changes and close the gaps to ensure everything is secure.

Staying vigilant and limiting admin access to the cloud, Shafran suggests, is what will help secure your data initially — and over time.


Needed cloud security training and skills


As with any cybersecurity role, priority number one is technical proficiency. Especially when it comes to ever-changing environments like the cloud.

Obtaining certifications like the CCSP can help you master design, management and security best practices, while the CCPT  will show you how hackers exploit vulnerabilities. With this comprehensive knowledge, you can reverse engineer any issue, giving you a complete understanding of how an attack happened — and how you can prevent it.

In addition to technical skills, Shafran also seeks candidates who are passionate, flexible and, above all, adept at storytelling, or the ability to communicate in a way that resonates. "You might be the most educated person about cybersecurity, but it’s going to be hard if you don’t understand how to work with people,” he says.

Instead of “delivering data and demanding change,” Shafran stresses the importance of explaining the risks in a language that makes sense. Without these critical soft skills, employees and C-suite execs might pass off an initiative as unimportant or too complicated, perpetuating the cycle of human error.

And as the industry continues to evolve, Shafran urges aspiring cloud security engineers to stay informed. “Part of what I do all the time is making sure that I’m keeping up to date and learning more,” says Shafran. In addition to reading blogs about attack techniques and new vulnerabilities, he also suggests staying informed on what solutions are in the market. That way, you never, ever fall behind.

ChatGPT: Self-paced technical training

ChatGPT: Self-paced technical training

Take our introductory training to teach you how to securely use ChatGPT to investigate SOC & Incident response issues. Book a meeting with our team to learn more.

To learn more about how you can kickstart your career in cloud computing, tune into our Cyber Work Podcast, How to work in cloud security, with Menachem Shafran.




Ali Hadley
Ali Hadley

Ali is a lifelong lover of words and storytelling. As a full-time and freelance copywriter, she creates compelling content for digital platforms and print materials, focusing on the catchy, the unexpected and the evocative.