How to become a cloud security engineer: Job opportunities, skills and more

It’s no secret that cloud computing is the future. Today, nearly 94% of enterprises use cloud services, and IDC predicts that public cloud services revenue will grow from $800 billion in 2024 to $1.6 trillion in 2028.

For aspiring cyber pros, pursuing a career in cloud security is a pretty safe choice. In fact, "cloud computing" has been the largest hard skills gap among cybersecurity professionals for the past two years, according to the ISACA State of Cybersecurity Report.

Learn why the cloud is still vulnerable, how it can be secured and what skills you need to become a cloud security engineer or cloud security architect.

In this episode of the Cyber Work Podcast, instructor Joseph South breaks down how to become a cloud security engineer and what to expect from the role.

Overcoming the cloud knowledge gap

For public clouds hosted by third parties like Amazon and Google, the threat of an attack is not only probable, but inevitable. “Attackers are constantly attacking organizations,” says Menachem Shafran, VP of product at XM Cyber. “It’s part of life.”

While the cloud is now considered a ubiquitous service, Shafran explains how it’s still relatively new — and still misunderstood. “The first problem with securing the cloud is a knowledge gap,” he says. “For many people, it’s so new. They don’t understand how it actually works.”

As the majority of organizations go fully digital, those who have not yet migrated feel extra pressure to do so, resulting in a haphazard job that prioritizes speed over safety.

ChatGPT: Self-paced technical training

Take our introductory training to teach you how to securely use ChatGPT to investigate SOC & Incident response issues. Book a meeting with our team to learn more.

Meet with Us

In their haste to migrate, Shafran says these leaders are making one critical mistake: granting too many permissions. “People want to do a ‘lift and shift,’” Shafran says. “Then, they’re giving excessive permissions. If you give the cloud permission to do pretty much everything, then the risk from that machine is also escalating.”

Granting unlimited access gives hackers a VIP pass to your cloud environment, which is why so many CISOs have experienced breaches. 

How to improve security in cloud computing

Instead of treating digital transformation like an arms race, Shafran suggests a slow and strategic approach. And that starts with restructuring the flow.

Instead of allowing the R&D team to lead, Shafran says an organization's cyber pros should be trained in cloud security and be in charge of the migration. Once they’re effectively SMEs, these cloud security engineers can create the proper procedures to ensure migration goes smoothly.

After the guidelines are in place, data should be moved over slowly to ensure no mistakes are made — and to keep systems running without interruption. These SMEs should also determine what data needs to be protected and prioritized. That way, sensitive information isn’t accidentally shared with the wrong audience.

Once migration is completed successfully, Shafran suggests a meeting with the C-suite to help them understand the potential risks and priorities. With their buy-in, the cloud security team can then make changes and close the gaps to ensure everything is secure.

Staying vigilant and limiting admin access to the cloud, Shafran suggests, is what will help secure your data initially — and over time.

Needed cloud security training and skills

As with many cybersecurity roles, technical proficiency is priority number one, especially in ever-changing environments like the cloud.

In this clip from the Cyber Work Podcast, XM Cyber's Menachem Shafran discusses ways to break into a cloud security career.

Obtaining cloud certifications like the CCSP can help you master design, management and security best practices, while the CCPT  will show you how hackers exploit vulnerabilities. With this comprehensive knowledge, you can reverse engineer any issue, giving you a complete understanding of how an attack happened — and how you can prevent it.

In addition to technical skills, Shafran also seeks candidates who are passionate, flexible and, above all, adept at storytelling, or the ability to communicate in a way that resonates. "You might be the most educated person about cybersecurity, but it’s going to be hard if you don’t understand how to work with people,” he says.

Instead of “delivering data and demanding change,” Shafran stresses the importance of explaining the risks in a language that makes sense. Without these critical soft skills, employees and C-suite execs might pass off an initiative as unimportant or too complicated, perpetuating the cycle of human error.

ChatGPT: Self-paced technical training

Take our introductory training to teach you how to securely use ChatGPT to investigate SOC & Incident response issues. Book a meeting with our team to learn more.

Meet with Us

And as the industry continues to evolve, Shafran urges aspiring cloud security engineers to stay informed. “Part of what I do all the time is making sure that I’m keeping up to date and learning more,” says Shafran. In addition to reading blogs about attack techniques and new vulnerabilities, he also suggests staying informed on what solutions are in the market. That way, you never, ever fall behind.

To learn more about how you can kickstart your career in cloud computing, download our Emerging trend checklist: Which certifications cover which new skills?