Google Professional Cloud Security Engineer 2025 EXAM

This course is designed to equip learners with the skills and knowledge required to design, implement, and manage secure workloads and infrastructure on Google Cloud. By combining theory, hands-on labs, and real-world use cases, participants will gain expertise in securing identities, networks, data, and operations — all while preparing for the Google Professional Cloud Security Engineer certification exam.

Course Objectives

By the end of this course, learners will be able to:

• Configure Identity and Access Management (IAM) and implement least-privilege access controls.

• Design network security boundaries with VPCs, firewalls, and private connectivity.

• Apply data protection strategies, including encryption, Sensitive Data Protection, and Confidential Computing.

• Automate security operations and implement continuous monitoring with Security Command Center.

• Map compliance requirements to Google Cloud security controls and enforce organizational policies.

Configure Identity and Access Management (IAM) and implement least-privilege access controls.

Design network security boundaries with VPCs, firewalls, and private connectivity.

Apply data protection strategies, including encryption, Sensitive Data Protection, and Confidential Computing.

Automate security operations and implement continuous monitoring with Security Command Center.

Map compliance requirements to Google Cloud security controls and enforce organizational policies.

Course Outline

Module 1: Introduction to Cloud Security on Google Cloud

• Shared Responsibility Model in Cloud Security

• Google Cloud Security Foundations

• Overview of Security Services (IAM, SCC, Cloud Armor, NGFW, CMEK, etc.)

Shared Responsibility Model in Cloud Security

Google Cloud Security Foundations

Overview of Security Services (IAM, SCC, Cloud Armor, NGFW, CMEK, etc.)

Module 2: Configuring Access Management

• Managing Cloud Identity and SSO

• Service Accounts and Workload Identity Federation

• Authentication and Multi-Factor Enforcement

• Authorization Models, IAM Roles, and Privileged Access Manager

• Resource Hierarchy and Policy Enforcement

Managing Cloud Identity and SSO

Service Accounts and Workload Identity Federation

Authentication and Multi-Factor Enforcement

Authorization Models, IAM Roles, and Privileged Access Manager

Resource Hierarchy and Policy Enforcement

Module 3: Securing Network Boundaries

• VPC Networks, Firewalls, and Cloud NGFW

• Network Segmentation with Shared VPC and VPC Service Controls

• Identity-Aware Proxy (IAP) and Cloud Armor

• Private Connectivity (VPN, Cloud Interconnect, NAT, Private Google Access)

VPC Networks, Firewalls, and Cloud NGFW

Network Segmentation with Shared VPC and VPC Service Controls

Identity-Aware Proxy (IAP) and Cloud Armor

Private Connectivity (VPN, Cloud Interconnect, NAT, Private Google Access)

Module 4: Data Protection and Encryption

• Sensitive Data Protection (PII Discovery, Redaction, Tokenization)

• Encryption at Rest, In Transit, and In Use

• Customer-Managed Encryption Keys (CMEK) and External Key Manager (EKM)

• Secret Manager and Key Lifecycle Management

• Securing AI/ML Workloads (Vertex AI Security Controls)

Sensitive Data Protection (PII Discovery, Redaction, Tokenization)

Encryption at Rest, In Transit, and In Use

Customer-Managed Encryption Keys (CMEK) and External Key Manager (EKM)

Secret Manager and Key Lifecycle Management

Securing AI/ML Workloads (Vertex AI Security Controls)

Module 5: Securing Operations

• Automating Security in CI/CD Pipelines

• Binary Authorization for GKE and Cloud Run

• VM and Container Hardening, Patch Management

• Logging, Monitoring, and Incident Response

• Security Command Center (SCC) and Threat Detection

Automating Security in CI/CD Pipelines

Binary Authorization for GKE and Cloud Run

VM and Container Hardening, Patch Management

Logging, Monitoring, and Incident Response

Security Command Center (SCC) and Threat Detection

Module 6: Compliance and Governance

• Understanding Regulatory Requirements (PCI DSS, HIPAA, GDPR, FedRAMP)

• Implementing Assured Workloads and Organizational Policies

• Access Transparency and Access Approval

• Data Sovereignty and Regionalization of Services

Understanding Regulatory Requirements (PCI DSS, HIPAA, GDPR, FedRAMP)

Implementing Assured Workloads and Organizational Policies

Access Transparency and Access Approval

Data Sovereignty and Regionalization of Services

Module 7: Exam Preparation & Hands-On Labs

• Practice Questions and Case Studies

• Real-World Security Scenarios on Google Cloud

• Hands-On Labs: IAM, VPC Security, CMEK, SCC Configuration

  
  

Practice Questions and Case Studies

Real-World Security Scenarios on Google Cloud

Hands-On Labs: IAM, VPC Security, CMEK, SCC Configuration

Who Should Enroll

• Cloud Security Engineers

• Cloud Architects and Administrators

• DevOps / Site Reliability Engineers (SREs)

• IT Professionals seeking Google Professional Cloud Security Engineer Certification

Cloud Security Engineers

Cloud Architects and Administrators

DevOps / Site Reliability Engineers (SREs)

IT Professionals seeking Google Professional Cloud Security Engineer Certification