Welcome to the Train GRC Academy
If you're looking to learn about cloud security with a focus on governance, risk, and compliance; you have come to the right place.
I'm Wes Ladd, a co-founder and Lead Instructor at Train GRC. I've spent the last few years building, attacking, securing, and auditing cloud environments, including some of the largest and most heavily protected global enterprises.
What I came to realize is while the cloud enables innovation and technological capacities companies couldn't have dreamed of a decade ago, those technologies are not magic boxes that run themselves. The process of building and managing cloud technologies must be governed and processes assessed to ensure operational, cost, and security objectives are met.
Furthermore, even companies that use identical technologies may be using the technologies in very divergent ways. Therefore, the notion that tools are coming to "ensure" or "prove" security seem unlikely.
For these reasons, we teach cloud auditing from first principles, starting with an understanding of the capabilities and threats that are relevant to cloud environments. Using these principles as the foundation for our exploration, we help our GRC professionals gain hands-on, technical skills with the services used by engineering teams, culminating in the ability for our students to build their own automations to meet on-going or newly identified compliance obligations.