Introductions
In 2025, one of the fastest-growing and most in-demand roles in cybersecurity is Cloud Security Engineering.
But how do you actually become one, especially if you're starting from scratch?
In this newsletter, I'll provide you with a step-by-step roadmap to become a Cloud Security Engineer, without requiring a college degree or prior technical experience.
About Me
If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.
Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.
I've worked my way up from SOC analyst roles, investigating everything from endpoint threats to cloud-based abuse, so I know exactly what it takes to break into this field.
I started, just like many of you, learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.
I personally was able to break into cybersecurity as early as my freshman year of college. I’ve secured several jobs and interviews prior to earning my college degree, and I’ve helped thousands of people achieve the same success on my various content channels and in my Discord Community.
Join a vibrant cybersecurity community of over 6,000 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.
What Cloud Security Engineers Actually Do
Let's start with the most essential question: What is cloud security engineering?
Many people imagine it's just monitoring dashboards, reviewing alerts, and adjusting IAM permissions. But the reality is far more complex and deeply technical.
A cloud security engineer builds and protects the systems, identities, data, and infrastructure that power cloud environments, such as AWS, Azure, and GCP.
The role involves designing secure cloud architectures, detecting cloud service abuse, automating responses to cloud misconfigurations, and investigating breaches through cloud log analysis, among other tasks.
This position uniquely blends software engineering, DevOps, and cybersecurity skills.
Unlike a SOC Analyst who mainly analyzes threats, as a Cloud Security Engineer, you'll build security guardrails, write scripts, deploy infrastructure, and prevent security incidents by fixing cloud misconfigurations—one of the leading causes of cloud attacks.
If you're expecting a simple checklist job, think again. Cloud security engineering requires critical thinking, curiosity, and a genuine engineering mindset.
Understanding the Cloud Comes First
Before diving into tools or certifications, it is essential to understand how cloud systems work.
You can't secure what you don't understand—and cloud infrastructure is truly a world of its own.
This means learning and understanding how identity works in cloud platforms—how users, services, and roles authenticate and what they can access.
You need to understand how resources, such as virtual machines, storage buckets, and containers, are deployed and managed.
You must also grasp how cloud networks are segmented, how logs are generated, and what telemetry is available for detecting suspicious behavior across different cloud planes—specifically the control plane (or management plane) and the data plane.
This goes beyond memorizing terminology. It's about developing a deep understanding of how cloud environments are built and how data flows through them. When something breaks—or worse, when someone breaks in—you need to recognize the signs and distinguish between normal, risky, and malicious behavior.
Starting with AWS, Azure, or Google Cloud doesn't matter at first. What's important is choosing one platform and committing to learn it from the ground up.
A previous video on how to become a Cloud Security Engineer:
Mastering Networking Fundamentals
After you've started to understand how cloud services are structured, the next piece of the puzzle is networking.
This is one of the skills I strongly advocate cybersecurity professionals learn early on—and while many people tend to skip ahead or zone out here, trust me, you won't want to ignore this.
Networking is the lifeblood of everything in security, especially in the cloud. Without it, you'll be flying blind.
You need to understand how devices communicate with each other over the internet.
This includes concepts like IP addressing, subnets, and Network Address Translation (NAT).
You'll want to become familiar with how public and private networks function in a cloud context, as well as how traffic is routed between services and across regions.
You'll also need to understand protocols because when an attacker probes your cloud environment, they often use protocols like HTTP, SSH, or DNS in abnormal ways.
If you can't recognize what "normal" looks like, you'll never be able to spot the subtle signs of an intrusion or ongoing attack.
But beyond detection and investigation, networking also helps you build better cloud architecture.
It helps you segment services to reduce your blast radius and design environments that are harder to exploit and move through laterally.
So don't rush this step. It will pay off over and over again in your career.
How To Learn Computer Networking:
Computer Networking Mini-Course
Understand the System Before You Secure It
Once you've started to grasp cloud infrastructure and networking, you might be tempted to jump right into learning tools like SIEMs or EDRs.
While these tools are essential, they are not where you should start.
Why? Because every security tool relies on the underlying telemetry and behavior of the system it monitors.
Without understanding how a system works, knowing which buttons to click won't be of much help.
You won't recognize architectural problems, spot anomalies, or even build meaningful detections.
When I started working on cloud detections professionally, I encountered a cloud provider with which I had no prior experience.
Within a few months, I transformed from a novice in this cloud platform to writing multiple detections, supporting customers during a large-scale cloud incident, and presenting my research on company blogs and at major cybersecurity conferences.
The takeaway is simple: master the system first. Always. Once you do, every tool you learn afterward will click into place.
My Research on Google Cloud Threat Detection.
My fwd:cloudsec talk on Google Cloud Threat Detection:
Learn Cloud Security Tooling Intentionally, Not Impulsively
Now that you’ve built a strong foundation in how cloud systems and networks operate, you’re ready to start exploring the tools that cloud security engineers use on the job.
However, I want you to approach this with intention, rather than impulse or guesswork.
Security tools are designed to enhance your understanding, not replace it.
Whether it’s a log analysis platform, a threat detection engine, or a cloud-native monitoring service, these tools help you find, investigate, and respond to threats.
But they’re only as powerful as your understanding of what you’re looking at.
Instead of trying to learn every tool out there, focus on learning how to think like a cloud defender. Understand what telemetry is available.
Learn how to follow the trail of an attacker moving through a cloud account. Practice reading logs, correlating events, and writing detection logic that isn’t just copy-pasted from a playbook.
Tools are essential, but they're only effective when paired with a cloud security engineering mindset, deep contextual understanding, strong problem-solving skills, and sharp analytical reasoning.
TRYHACKME DEFENDING AZURE LEARNING PATH
Rather than just covering surface-level cloud concepts, gain foundational knowledge through hands-on experience in real Azure cloud environments, including key Azure security tools such as Microsoft Sentinel, KQL, and Defender, with TryHackMe's Defending Azure Learning Path.
Real-World Practice Is What Separates Theory From Skill
Reading articles and watching videos like this can provide knowledge, but knowledge alone doesn't build confidence.
That's why hands-on experience is essential if you want to become a cloud security engineer.
You need to simulate real-world scenarios.
This may involve setting up a mock cloud environment, deliberately misconfiguring it, and then identifying and resolving those issues.
Or it could mean working through labs where you analyze logs, triage alerts, and respond to simulated attacks.
Again, TryHackMe’s learning platform is perfect for precisely this kind of progression.
The defending Azure learning path will walk you through deploying, breaking, and defending systems in a safe environment.
The key is not just to study cloud security. Do cloud security and get your hands dirty.
Learning to Automate with Code
In the cloud, things move fast. And if you try to secure everything manually, you will fall behind.
That’s why automation isn’t just a nice-to-have skill—it’s a requirement.
If you want to scale your impact, reduce noise, and respond to threats efficiently, you need to learn how to write code.
Python is a fantastic starting point. It’s easy to learn, widely used in security, and perfect for tasks like:
Parsing logs
Querying APIs
Automating responses
Writing detection logic
Once you’ve built a foundation in Python, you can expand into scripting languages like Bash or PowerShell, depending on your environment.
However, the most important thing is to begin writing code that solves real-world problems.
That could be anything from a cloud function to a remediation workflow that disables misconfigured users, or a bash script on a virtual machine to install specific tooling on deployment.
Remember—you’re not trying to be a software developer. You’re building tools that make you a more effective security engineer.
This also ties closely to Infrastructure as Code.
Learning Infrastructure-as-Code
One of the most significant shifts in modern cloud environments is the transition to Infrastructure-as-Code.
Instead of clicking buttons in a web console, engineers are deploying resources using declarative templates and scripts. This has significant implications for security.
If you understand how Infrastructure as Code works, you can detect misconfigurations before they go live.
You can review changes in source control. You can build security guardrails into development workflows.
And you can make sure that security isn’t just something that happens after deployment—it’s baked in from the start.
You don’t need to master every IaC tool out there, but you should be comfortable reading, reviewing, and writing templates for the cloud environments you work with.
Build Projects That Showcase Your Skills
All of this learning—cloud, networking, systems, scripting—needs to be tangible.
That’s why projects are so important.
If you can build a small cloud environment, configure it securely, simulate an attack, and then detect and respond to that attack, you are almost job-ready.
If you can automate policy enforcement or build dashboards highlighting risky behavior, you are also almost job-ready.
Your projects don’t need to be flashy. They need to be real.
They need to demonstrate that you understand how to think, investigate, and solve cloud security problems.
And they need to be documented—on your GitHub, in your portfolio, or on your resume.
When you start applying for jobs, those projects are what set you apart from everyone else with a certificate and a list of buzzwords.
Staying Current and Never Stopping
Cloud security is not a static field; it is constantly evolving. It changes every single day.
New services launch. Old ones get deprecated. Attackers find new weaknesses. Teams build new defenses.
It’s just simply evolving.
Therefore, your role as a cloud security engineer is to evolve with the industry.
That means reading blogs or newsletters, reviewing vendor changelogs, joining security communities, and practicing regularly.
Not out of fear, but out of a commitment to being excellent at your craft.
This is a career, not just a class. And the more you treat it like a long-term journey, the more you’ll get out of it.
Cyberwox Resources
Resources for your career
🔹Join the Cyberwox Academy Discord!!
🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform
🔹Cyberwox Cybersecurity Notion Templates for planning your career
🔹Cyberwox Best Entry-Level Cybersecurity Resume Template
🔹Learn AWS Threat Detection with my LinkedIn Learning Course
Recent Content
A few publications I’ve released recently.
Cybersec Café #59 - 03/18/25
This was a great conversation I had with Ryan Cox from The Cyber Cafe. Ryan and I sat down this past month and dove into my journey in cybersecurity, my path from beginner to established professional, how I’ve built my online business, and more. Since we’ve both specialized in Detection and Incident Response, it was great to see how our experiences compared and share my perspective on the industry.
Community College to Microsoft Cybersecurity Internship with Carl David | Cyber Stories Podcast EP 25
A conversation with Carl David, a rising cybersecurity professional who started as an Incident Response Intern with Microsoft’s world-renowned DART team. Carl, originally from Rwanda, shares how he broke into the field after studying at Collin College, where I also began my journey.
He’s now making waves as an Intelligence Analyst Intern at Semperis and will be joining USAA as a Cybersecurity Intern in Summer 2025. We explore Carl's journey of landing his first internship at Microsoft, which subsequently opened doors to two more offers, various certifications, clear college pathways, and career insights.
We also discuss the significance of deliberate networking and developing cybersecurity projects. Additionally, we address the hardships that come with immigration and the obstacles faced by international students, along with strategies for overcoming them.
Carl’s journey serves as a blueprint for aspiring cyber professionals, particularly those starting from humble beginnings.
Fastest Way To Become a Cloud Security Engineer in 2025
The YouTube version of this post!
Closing
Once again, you made it this far :)
Feel free to reply, share your thoughts, or pass this on to someone who needs it.
Thanks for reading. If you'd like, you can subscribe and restack - it helps spread the word and encourages me to continue writing content. If not, I’ll see you around…somewhere on the internet!
Share this post