Prisma Certified Cloud Security Engineer

Course Summary

The Prisma Certified Cloud Security Engineer (PCCSE) course is designed to validate the knowledge and skills required to secure cloud environments using Palo Alto Networks’ Prisma Cloud platform. This course focuses on protecting cloud-native applications across the entire development lifecycle—from build to runtime—across AWS, Azure, GCP, and hybrid environments.

Participants will learn how to deploy, configure, and manage Prisma Cloud to enforce compliance, detect threats, and automate security across containers, serverless architectures, and cloud infrastructure.

This course prepares you for the PCCSE certification, a globally recognized credential for cloud security professionals.


Why Choose This Course

With cloud adoption on the rise, so is the complexity of securing multi-cloud environments. Organizations are increasingly looking for professionals who understand both cloud infrastructure and modern cloud-native security. Prisma Cloud is among the most widely used Cloud-Native Application Protection Platforms (CNAPPs).

This course offers:

  • Comprehensive coverage of real-world cloud security scenarios

  • Hands-on lab environments simulating multi-cloud threats and policies

  • Instructors with industry experience in cloud security and DevSecOps

  • Aligned with the official PCCSE exam objectives

  • Ideal for professionals from Linux, DevOps, Security, or Cloud Engineering backgrounds


Who Should Enroll

This course is perfect for:

  • Cloud Security Engineers and Architects

  • DevOps and Site Reliability Engineers (SREs)

  • Security Operations (SecOps) and Compliance Teams

  • Cloud Administrators (AWS, Azure, GCP)

  • Professionals preparing for the PCCSE certification

  • Linux and network professionals transitioning into cloud security


What You Will Learn

By the end of the course, you’ll be able to:

  • Understand Prisma Cloud architecture, deployment models, and capabilities

  • Protect cloud workloads across containers, Kubernetes, VMs, and serverless functions

  • Configure policy rules for compliance (CIS, GDPR, PCI-DSS, etc.)

  • Monitor and alert on misconfigurations, vulnerabilities, and runtime anomalies

  • Automate remediation using integrations with CI/CD pipelines and ticketing systems

  • Perform risk assessments and cloud asset inventory management

  • Use the Prisma Cloud Console, APIs, and CLI for operational efficiency

  • Investigate security incidents using logs, alerts, and audit trails


Skills You Will Gain

  • Cloud security architecture and governance

  • Cloud-native workload protection (CSPM + CWPP)

  • Compliance reporting and security policy management

  • CI/CD integration for DevSecOps workflows

  • Multi-cloud visibility and threat intelligence

  • Real-world cloud security operations and response


Career Benefits

By completing this course, you will be qualified to:

  • Work as a Cloud Security Engineer, Cloud Risk Analyst, or DevSecOps Specialist

  • Design and implement secure cloud environments in AWS, Azure, and GCP

  • Take and pass the PCCSE certification exam

  • Boost your resume with high-demand skills in cloud security

  • Prepare for advanced certifications like CISSP, CKA, or AWS Security Specialty

Take Charge of Cloud Security – Start Today

Get the skills, certification, and confidence you need to secure any cloud environment with Prisma Cloud. With hands-on labs, expert mentorship, and real-world scenarios, this course will set you apart in the cloud security space.

Seats are limited. Enroll today.

Course Syllabus

Modules

Cloud Security Posture Management (CSPM) - 21%

  • Identify assets in a Cloud account
  • - Inventory of resources in a cloud account
    - Resource configuration history
    - Asset configuration changes

  • Configure policies
  • - Custom policies
    - Policy types
    - Supported variables within configuration-run custom policies

  • Configure compliance standards
  • - Standards
    - Reports

  • Configure alerting and notifications
  • - Alert states
    - Alert rules
    - Alert notifications and reports
    - Alert workflow

  • Use third-party integrations
  • - Inbound and outbound notifications

  • Perform ad hoc investigations
  • - Resource configuration with RQL
    - User activity using RQL
    - Network activity using RQL
    - Anomalous user events
    - Asset details using RQL

  • Remediate alerts
  • - Auto-remediation
    - Manual versus automated remediation

  • Use SecOps Dashboard
  • - Internet-connected assets by source network traffic behavior
    - Components

    Cloud Workload Protection (CWP) - 21%

  • Monitor and defend against image vulnerabilities
  • - Options available in the Monitor section
    - Options available in the Policies section

  • Monitor and defend against host vulnerabilities
  • - Options available in the Monitor section
    - Options available in the Policies section

  • Monitor and enforce image/container compliance
  • - Options available in the Monitor section
    - Options available in the Policies section

  • Monitor and enforce host compliance
  • - Options available in the Monitor section
    - Options available in the Policies section

  • Monitor and defend containers and hosts during runtime
  • - Container models
    - Host observations
    - Runtime policies
    - Runtime audits
    - Incidents using Incident Explorer

  • Monitor and protect against serverless vulnerabilities
  • - Monitor
    - Policy
    - Auto-protect

  • Configure WAAS
  • - Application specifications
    - API methods
    - Rest API endpoints
    - DoS protection
    - Access control to Limit inbound sources
    - Network lists
    - Access control to enforce HTTP headers and file uploads
    - Bot protection
    - Rules
    - Audit logs

  • Monitor and protect registries
  • - Scanning
    - CI

    Install, Upgrade, and Backup / Prisma Cloud Administration - 19%

  • Deploy and manage Console for the Compute Edition
  • - Prisma Cloud release software
    - Console in Onebox configuration
    - Upgrade on Console
    - Business use case to determine Prisma Cloud version to use
    - Tenant versus Scale projects

  • Deploy and manage defenders
  • - Types
    - Networking for Defender-To-Console connectivity
    - Upgrade and Compatibility

  • Configure Agentless Security
  • - Agent versus Agentless
    - Cloud discovery

  • Backup and restore Console
  • - Backup management
    - Disaster recovery

  • Manage authentication
  • - Certificates
    - Secrets and credentials store

  • Onboard accounts
  • - Onboard cloud accounts
    - Account Groups

  • Configure access control
  • - Users, roles, and permission groups
    - Access control troubleshooting
    - Service accounts and access keys
    - Single Sign On
    - Role-based access control for Docker Engine (CWP)
    - Admission control with Open Policy Agent (CWP)
    - Resource lists and collections

  • Configure logging
  • - Audit logging
    - Defender logging

  • Manage enterprise settings
  • - Anomaly settings
    - Idle timeout
    - Auto-enable policies
    - Alert dismissal reason
    - User attribution
    - Licensing
    - Access key maximum validity

  • Configure third-party integrations
  • - Inbound and outbound notifications
    - Supported capabilities

  • Leverage Cloud and Compute APIs
  • - Authenticate with APIs
    - API documentation
    - Policies and custom queries by API
    - Alerts and Reports using APIs
    - Vulnerability results via API
    - Access keys
    - Data security and IAM APIs

  • Leverage Adoption Advisor and Alarm Center
  • - Notification rule
    - Adoption Advisor guidance

  • Access Knowledge Center and Help Center
  • - Knowledge Center
    - Help Center
    - Feature requests
    - PCCSE
    - Live Community
    - Product status updates
    - Docs, Prisma Cloud Privacy and Support options

    Cloud Network Security and Identity-Based Microsegmentation Enterprise Edition - 11%

  • Configure Cloud network analyzer
  • - Network exposure policy
    - RQL

  • Deploy and manage Enforcers
  • - Processing units
    - Namespaces
    - Tags and identity
    - Network rulesets
    - Application profiling

  • Manage local changes in a remote repository (dev-prod) Configuration
  • - Types
    - Networking for Enforcers-to-Console connectivity

  • Use NetSecOps dashboard
  • - Flows

    Prisma Cloud Code Security (PCCS) - 12%

  • Implement scanning for IAC templates
  • - Terraform and Cloudformation scanning configurations
    - OOTB IAC scanning integrations
    - API scanning
    - IAC scanning integration
    - Supply-chain security
    - Handling scanned issues
    - Repository scanning

  • Configure policies in Console for IAC scanning
  • - OOTB policies
    - Custom build policies
    - Types of config policies
    - Prisma configuration files

  • Configure CI policies for Compute scanning
  • - Default CI policies
    - Custom CI policies

  • Manage configuration settings
  • - Code reviews
    - Code repository settings
    - Notifications
    - Pull requests and tagging bots

    Identity and Access Management (IAM)/Prisma Cloud Data Security (PCDS) - 16%

  • Calculate net effective permissions
  • - AWS calculation
    - Azure calculation

  • Investigate incidents and create IAM policies
  • - RQL queries
    - IAM policies

  • Integrate IAM with IdP
  • - Azure active directory
    - Okta

  • Remediate alerts
  • - Manual versus automatic
    - AWS remediation
    - Azure remediation

  • Monitor Scan Results
  • - Monitor Scan Results
    - Data Inventory
    - Resource Explorer
    - Object Explorer
    - Exposure Evaluation

  • Assess Data Policies and Alerts
  • - Data policy vs data pattern
    - Alerts

  • Define data security scan settings
  • - Scan configuration
    - Data profile and pattern
    - File extensions
    - Snippet masking