Skip to main content
HashnodeAsheesh Sharma โ€” Cloud Security JourneyAsheesh Sharma โ€” Cloud Security Journey

Command Palette

Search for a command to run...

How I Started My Cloud Security Journey โ€” Setup, Strategy, and First Lessons

Updated
โ€ข7 min read
How I Started My Cloud Security Journey โ€” Setup, Strategy, and First Lessons
A
Asheesh Sharma
Industry grade CLOUD SECURITY ENGINEER ........ LEARN .....IMPLEMENT.........AGAIN ......LEARN
Part of seriesCloud Security Journey โ€” Zero to Engineer

I am Asheesh Sharma, a 2nd year B.Tech student. Six months from now I want to be applying for cloud security engineer roles. Twelve months from now I want to be working in one. That is the goal.

๐Ÿ’ก
When most people think about cyber security they want to start with the interesting parts immediately. Kali Linux. Metasploit. Capturing WiFi passwords. I wanted that too. But I made a different decision. I spent the first week on setup and orientation only. No commands that looked exciting. No tools that sounded impressive. Just Ubuntu, Kali, Git, GitHub, VS Code, and understanding what cloud security actually is as a career.

  • Here is why that decision was correct.

Cloud security is not hacking. A cloud security engineer's daily work is IAM policies, misconfiguration detection, log analysis, incident response, and automation. To do that work you need Linux, Python, networking, and AWS fundamentals. Without those foundations every cloud security concept is just memorised words with no understanding behind them. So I built the foundation first. Volume 00 of my roadmap(Total 11 volumes ) is entirely setup and orientation. No shortcuts.

  • Why Cloud Security

When I started researching career paths in tech, I kept seeing the same pattern. The highest paying roles in cybersecurity were not the ones that required the most certifications. They were the ones that required the deepest understanding of how systems actually work โ€” and cloud security sits at the intersection of infrastructure, identity, automation, and threat detection.

The biggest breaches of the last five years were not caused by sophisticated nation-state malware. Capital One 2019 โ€” misconfigured IAM role. Uber 2022 โ€” exposed credentials in source code. LastPass 2022 โ€” insufficient access controls on a developer machine. These are cloud security failures. And companies are hiring people to prevent exactly these failures.

That is the job I want.

  • The Strategy โ€” Why No Random Courses, No Random Videos

Most people learning cybersecurity start their first few months on seeing random videos and courses which are not structured and waste their time . So I do some thing different

My roadmap has one rule: no random video. No random courses. Only structured learning ,terminal, documentation, and writing.

Every topic ends with commands run in the terminal. Every day ends with a GitHub commit. Every volume ends with a blog post. The output is the proof.

This forces a different kind of learning. When you cannot watch someone else do it, you have to figure it out yourself. That process of figuring it out โ€” getting an error, reading the error, understanding why it happened, fixing it โ€” is exactly what a security engineer does daily.

The roadmap has 11 volumes covering Linux, networking, Python, security foundations, blue team operations, cloud security, DevSecOps, projects, and career preparation. 80 percent of every volume is practical โ€” commands run in terminal, tools configured, real outputs documented. 20 percent is theory โ€” understanding the why before running the how. Volume 11 is a specialisation choice: cloud security architecture, detection engineering, or cloud penetration testing. The entire roadmap is documented in my GitHub repository.

  • My Setup โ€” Two Systems, One Purpose

My machine is an Acer Swift Go 14 with an Intel Core Ultra 5 125H processor and 16GB RAM.

I run Ubuntu 24.04 as my primary OS in dual boot with Windows. Inside Ubuntu I run a Kali Linux virtual machine for all lab work.

This separation is intentional. Ubuntu is where I write notes, manage Git commits, and use VS Code. Kali is where every command from the roadmap is run. If something breaks in Kali โ€” and things break regularly โ€” the primary system is unaffected. You do not run security tools on your production machine. You use an isolated environment.

  • GitHub From Day 1

Before writing a single line of notes I set up the GitHub repository and folder structure for all 11 volumes.

The reason for doing this on Day 1 is simple. A GitHub contribution graph with consistent daily commits help me build my image in front of recruiter that this person executes every day. That graph is visible on your profile before anyone opens a single file.

Every day I commit something. Notes, lab outputs, interview prep answers, screenshots. Even on difficult days the commit happens. The streak is the discipline made visible.

At the time of writing this post I have 29 commits and the streak is active.

  • AWS Free Tier Account โ€” Do This Immediately, Not Later

Volume 00 has one task I delayed by three days: creating an AWS Free Tier account.

My reasoning at the time was that I would not need AWS until Volume 7 which covers cloud security. That reasoning was wrong.

The AWS account takes 24 hours to fully activate. Some services take longer. If you create the account the day you need it, you lose a day waiting. More importantly, getting familiar with the AWS console early โ€” even just exploring it without doing anything โ€” means the interface is not foreign when you reach the cloud topics.

The lesson from this: in security, preparation happens before you need it. You do not build your incident response plan during an incident. Volume 00 taught me this not from a textbook but from making the mistake myself.

  • The One Thing Volume 00 Taught Me That Surprised Me

I expected Volume 00 to be the easiest part. It is just setup. How hard can it be? What I did not expect was how much time I spent understanding what cloud security actually is before touching any tool.

Most people define cybersecurity as stopping hackers. That is incomplete. Cloud security specifically is about three things: misconfiguration detection, identity and access management, and visibility through logging.

The biggest cloud breaches in history โ€” Capital One 2019, Uber 2022, LastPass 2022 โ€” were not caused by sophisticated zero-day exploits. They were caused by misconfigured IAM roles, exposed credentials, and insufficient logging.

That understanding changed how I approach every topic. I am not learning Linux because Linux is cool. I am learning Linux because every cloud server runs Linux and I need to know what normal looks like before I can detect what abnormal looks like. That mental shift happened in Volume 00. Before any command was run.

  • What Is Coming Next

Volume 01 covers computer and internet foundations โ€” how CPUs process data, what operating systems actually do, how the internet works at the packet level, and the basic principles of cybersecurity.

This is not beginner content for its own sake. Every topic connects directly to a real attack or a real security engineer task. Cache memory connects to Spectre. Binary connects to subnet masks and buffer overflows. DNS connects to DNS poisoning and phishing infrastructure.

I am currently on Day 06 of Volume 01 with a daily GitHub commit streak active.

All my work is public at https://github.com/Asheesh-01/cloud-security-journey

If you are also building in public or working in cloud security, connect with me. I am documenting everything.

"Volume 00 complete. Volume 01 in progress. The streak continues."

#cloudsecurity #linux #aws #beginners #cybersecurity #devops #cloudcomputing #ethicalhacking #networksecurity #100daysofcode

77 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Cloud Security Journey โ€” Zero to Engineer

Part 1 of 2

A complete documented journey from zero to Cloud Security Engineer. Every volume covers a new layer โ€” Linux, networking, Python, security foundations, blue team, AWS, DevSecOps, and projects. Every day has a GitHub commit. Every volume has a blog post. No courses. No videos. Only terminal and documentation.

Up next

Volume 01 โ€” Computer and Internet Foundations: What Happens Before You Even Type a Command

Part of series: Cloud Security Journey โ€” Zero to Engineer The moment that changed how I see computers happened inside a Windows 10 VM with Task Manager open. I was looking at four processes โ€” smss.ex

More from this blog

A

Asheesh Sharma โ€” Cloud Security Journey

2 posts