This book is designed for security and risk assessment professionals, DevOps engineers, penetration testers, cloud security engineers, and cloud software developers who are interested in learning practical approaches to cloud security. It covers practical strategies for assessing the security and privacy of your cloud infrastructure and applications and shows how to make your cloud infrastructure secure to combat threats, attacks, and prevent data breaches. The chapters are designed with a granular framework, starting with the security concepts, followed by hand-on assessment techniques based on real-world studies, and concluding with recommendations including best practices.

There exist no shortcuts to cloud security because it is a continuous process and requires continuous improvements as the technology evolves.
Cloud protection requires a hybrid mechanism based on both Reactive and Proactive approaches to security and privacy.




Title: Empirical Cloud Security: Practical Intelligence to Evaluate Risks and Attacks
Author: Aditya K. Sood
Publisher: Mercury Learning and Information, 2021
ISBN: 9781683926856
Length: 450 pages
Subjects: Computers › Security › Network Security



Aditya K Sood (Ph.D.) is a cybersecurity advisor, practitioner, researcher, and consultant. With the experience of more than 13 years, he provides strategic leadership in the field of information security covering products and infrastructure. He is well experienced in propelling businesses by making security a salable business trait. Dr. Sood is well versed in designing algorithms by harnessing security intelligence and data science. During his career, he has worked with cross functional teams, management and customers thereby providing them with the best of the breed information security experience. Dr. Sood has research interests in cloud security, IoT security, malware automation and analysis, application security, and secure software design. He has worked on a number of projects pertaining to product/appliance security, networks, mobile, and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He has authored several papers for various magazines and journals including IEEE, Elsevier, Crosstalk, ISACA, Virus Bulletin, and Usenix. His work has been featured in several media outlets including Associated Press, Fox News, The Register, Guardian, Business Insider, CBC, and others. He has been an active speaker at industry conferences and presented at Blackhat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP, and many others. Dr. Sood obtained his Ph.D. from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks" a book published by Syngress.

He held positions such as Senior Director of Threat Research and Security Strategy, Head (Director) of Cloud Security, Chief Architect of Cloud Threat Labs, Lead Architect and Researcher, Senior Consultant, and others while working for companies such as F5 Networks, Symantec, Blue Coat, Elastica, IOActive, Coseinc, and KPMG.



I would like to thank my family, my wonderful wife and my son for providing continuous support to complete this book. I am also indebted to my parents, my brother, my sister, and my mentor.

I have deep respect for all the members of the cloud security and privacy community who work day and night to contribute to the cause for making cloud secure and enabling data privacy at scale. I’d like to thank all the technical reviewers who provided continuous and valuable feedback that helped nurture this book.

I would also like to appreciate all the efforts by Martin Johnson and Jeannie Warner for reviewing the content and providing suggestions.

Thanks to David Pallai, President of Mercury Learning and Information, for ensuring the smooth delivery of this project and publishing the book with great quality.