Black Hat USA 2019 offers a packed and impressive lineup of

and hands-on

for the 19,000-plus security pros expected to attend this year's event.

The training sessions provide both offensive and defensive skills that security pros can use to tackle critical threats affecting applications, IoT systems, cloud services, and more. Meanwhile, the briefing sessions feature cutting-edge research on the latest infosec risks and trends. All sessions are led by expert trainers and researchers.

To help attendees decide which sessions to choose, we've selected ten that we think will be particularly relevant and valuable for Qualys customers, and we'll highlight one each week here on our blog. Here's our first recommendation: Advanced Cloud Security And Applied Devsecops.

This highly technical course delves deep into practical cloud security and applied DevSecOps for enterprise-scale cloud deployments, and focuses on IaaS and PaaS.

'Real-world cloud security is most definitely not business as usual. The fundamental abstraction and automation used to build cloud platforms upends much of how we implement security. The same principles may apply, but howthey apply is dramatically different, especially at enterprise scale,' reads the course abstract.

The instructor is Rich Mogull, CEO of infosec research and advisory firm Securosis. A former research vice president on Gartner's security team, Mogull has 20 years of experience in infosec, physical security, and risk management. He currently specializes in cloud and DevOps security.

The two-day course is intended for technical security professionals wanting to expand their hands-on knowledge of cloud and DevOps security at enterprise scale. These are the course's main takeaways:

Building enterprise-scale secure cloud architectures

Implementing and managing enterprise security at cloud scale

Leveraging DevSecOps and automation to build more secure applications and run security operations at the speed of cloud

Why we're recommending it

In pursuit of digital transformation benefits, organizations are aggressively moving workloads to public cloud platforms, such as Amazon's AWS, Google Cloud, and Microsoft's Azure. Teams tasked with securing these new environments quickly find out that a different approach is required to successfully protect them from cloud-specific threats.

For example, it can be difficult to adapt and map on-premises security controls and processes to public clouds. Organizations also may lack the know-how, processes and tools needed to secure public clouds. And yet they must protect their data and assets on these platforms.

Another challenge is when security teams are called upon to embed security tools and processes transparently into DevOps CI/CD (continuous integration and delivery) pipelines on their public clouds, so that security and compliance tasks are automated throughout the software lifecycle.

Consequently, getting up to speed on how to protect public cloud deployments and how to secure DevOps pipelines is becoming critical for enterprise security teams. That's why we believe this course would be a worthwhile one to attend.

