Cloud security learning paths for real enterprise decisions.

Intermediate LAB teaching scoped AI tool permissions, action classification, read-only vs mutating tool boundaries, approval gates, self-approval prevention, and evidence capture.

Track: ai-security-engineering

Intermediate LAB teaching how to engineer prompt boundaries by separating trusted instructions from untrusted user input, retrieved content, tool output, and model-generated recommendations.

Track: ai-security-engineering

Intermediate LAB teaching secure AI application architecture patterns across frontend, backend/API, model, retrieval, tool, policy, approval, evidence, observability, and runtime boundaries.

Track: ai-security-engineering

Intermediate LAB introducing secure AI system engineering, AI threat surfaces, control boundaries, prompt/model/retrieval/tool/policy/evidence layers, and the relationship between AI governance and AI security engineering.

Track: ai-security-engineering

Intermediate LAB teaching how to govern AI cost, token usage, runaway agent loops, repeated tool attempts, expensive retrieval calls, rate limits, budget thresholds, and operational evidence.

Track: ai-governance-command-center

Intermediate LAB teaching how to build audit-ready evidence trails for AI decisions, prompts, retrieved context, tool attempts, policy decisions, human approvals, blocked actions, and executive summaries.

Track: ai-governance-command-center

Intermediate LAB teaching how human approval gates prevent AI agents, tool-use, prompt injection, and retrieval risk from becoming ungoverned enterprise execution.

Track: ai-governance-command-center

Intermediate LAB teaching how RAG and retrieval systems create AI governance risk when trusted, untrusted, sensitive, stale, or poisoned context is retrieved and treated as authority.

Track: ai-governance-command-center

Intermediate LAB teaching how prompt injection can manipulate AI agent instructions, tool selection, policy bypass attempts, and approval-gated execution paths.

Track: ai-governance-command-center

Intermediate LAB teaching how AI agent tool-use becomes enterprise risk when recommendations, API calls, human approvals, and autonomous execution boundaries are not clearly governed.

Track: ai-governance-command-center

Learn how an enterprise AI governance command center connects intake, risk, policy, approvals, evidence, observability, and operational handoff.

Track: ai-governance-command-center

Learn how intake questions and risk tiers create consistent AI governance triage before a workflow reaches production.

Track: ai-governance-command-center

Learn how policy gates convert AI governance rules into deterministic allow, deny, or approval-required decisions.

Track: ai-governance-command-center

Learn how governed agent workflows separate recommendation, approval, and execution boundaries.

Track: ai-governance-command-center

Learn how traces, cost controls, guardrails, SOPs, and runbooks make AI workflows operable after demo or deployment.

Track: ai-governance-command-center

Learn how to present an AI governance command center to executives while preserving case-study, demo, and production boundaries.

Track: ai-governance-command-center

Foundational AWS IAM lab focusing on identity evaluation, least privilege, and interview-ready reasoning.

Intermediate LAB teaching AWS effective-permission reasoning across identity policies, resource policies, permission boundaries, session policies, SCPs, and explicit deny.

Intermediate LAB teaching how AWS permission boundaries constrain maximum principal authority without granting access by themselves.

Intermediate LAB teaching how AWS Service Control Policies define organization-level maximum permissions without granting access by themselves.

Intermediate LAB teaching how AWS resource-based policies participate in authorization decisions alongside identity policies, boundaries, SCPs, and explicit deny.

Applied L2 LAB teaching how S3 public access risk emerges from bucket policy, Block Public Access settings, ACL history, identity permissions, resource policies, and organization guardrails.

Intermediate LAB teaching how AWS KMS key policies, IAM permissions, grants, encryption context, and organization guardrails combine to control cryptographic access.

Intermediate LAB teaching how AWS Secrets Manager access depends on IAM permissions, resource policies, KMS decrypt authority, explicit deny, and organization guardrails.

Intermediate LAB teaching how Lambda execution roles create workload identity risk when function update authority, iam:PassRole, Secrets Manager access, KMS decrypt, and resource permissions combine.

Intermediate LAB teaching how CloudTrail evidence supports detection reasoning for iam:PassRole, sts:AssumeRole, Lambda updates, Secrets Manager access, KMS decrypt, and workload identity activity.

Principal LAB modeling deterministic AWS cross-account trust reachability through sts:AssumeRole, Shield finding linkage, and Aegis Runtime identity signal mapping.

Principal LAB modeling deterministic AWS privilege escalation through iam:PassRole combined with compute service creation or update capability.

Principal LAB modeling deterministic AWS privilege expansion through chained sts:AssumeRole paths across multiple IAM roles.

Starter lab introducing Azure Entra ID identity flow, Conditional Access, and RBAC concepts.

Starter lab covering Google Cloud IAM principals, policy bindings, and request-time authorization.