Skip to content
>_
SecOps
Log
_
Home
Courses
Learning path
Resources
Topics
Blog
All courses
GCP security
Advanced
5 sections · 15 lessons · ~9h total · 60-question self-test
Start course
01
IAM & resource hierarchy
3 lessons
Test yourself
01
Resource hierarchy & org policy
Org → folders → projects, and inherited guardrails.
30 min
02
IAM, conditions & deny policies
Additive allows, conditions, and enforceable denies.
35 min
03
Service accounts & impersonation
Killing keys and scoping the escalation path.
35 min
02
Network & VPC Service Controls
3 lessons
Test yourself
01
VPC firewall & private access
SA-targeted rules, hierarchical policies, no public IPs.
30 min
02
Egress control & DNS
Default-deny outbound, Cloud NAT, DNS filtering.
30 min
03
VPC Service Controls
Perimeters that stop credentialed data exfiltration.
35 min
03
Encryption, keys & secrets
3 lessons
Test yourself
01
Cloud KMS & CMEK
Envelope encryption, key IAM, rotation, kill switch.
35 min
02
HSM, EKM & key custody
FIPS hardware and keys Google cannot read.
30 min
03
Secret Manager & rotation
Per-secret IAM, runtime fetch, overlap rotation.
30 min
04
Detection & Security Command Center
3 lessons
Test yourself
01
Audit logs & immutable trails
Aggregated sinks to a locked logging project.
30 min
02
Security Command Center
CSPM plus threat detection, org-wide.
30 min
03
Detection as code & response
Log metrics, Pub/Sub pipelines, auto-response.
35 min
05
Workload identity & IR
3 lessons
Test yourself
01
Workload Identity Federation
Keyless CI and per-pod GKE identity.
35 min
02
Org policy & landing zones
Preventive constraints and secure-by-default projects.
30 min
03
Incident response & forensics
Contain, snapshot, revoke, hunt persistence.
35 min
Final exam
Test yourself on everything
60 questions drawn from all 5 sections — every answer explained as you pick.
Start final exam