Certified: SANS GIAC GSEC Audio Course

This episode focuses on cloud IAM as the primary security control plane, which is directly relevant to GSEC because many cloud scenarios reduce to “who can do what” and whether permissions match intent. You’ll define identities, roles, policies, and service principals in practical terms, then connect long-lived keys and access tokens to the risk of silent compromise when secrets leak through code repositories, build pipelines, or mismanaged endpoints. We’ll examine permissions drift, where roles accumulate privileges over time, and show how it creates privilege escalation pathways and weakens separation of duties. Scenarios include a developer with wildcard permissions for convenience, a leaked access key used to create new resources, and a service account that becomes an unowned high-privilege identity after a team reorg. Best practices include least privilege policy design, short-lived credentials where possible, strong MFA for human accounts, periodic access reviews, and alerting on high-risk actions like policy changes, new keys, and role assumption anomalies. Troubleshooting includes resolving “access denied” safely without granting broad permissions and validating that identity logs are enabled and retained so actions can be attributed during investigations. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.