Molly Stewart is a cloud engineer from St. Louis, Missouri. Last year she reviewed CompTIA PenTest+, explaining why she took it and the value she sees. Today she’s back to talk about what a cloud engineer does, how she got to where she is and the difference between working on-premises vs. cloud.
What is a cloud engineer?
As a cloud engineer, I maintain a customer cloud infrastructure. I ensure that the data processing solutions are functional and that accesses and data are correctly processed. I also ensure we are following best practices, keeping costs down and keeping our solutions secure.
In the Amazon cloud environment, I maintain the EC2 instances (virtual machines), monitor incoming transaction queues, maintain s3 (storage) and create identity access management (IAM) roles and policies.
A typical day includes making the environment safer, finding ways to automate processes, finding optimizations for cost and performance, and responding to customer inquiries.
How did you become a cloud engineer?
I have bachelor’s degree, and I worked a little bit of everything in IT before moving to the cloud: from desktop support to Windows admin, Linux admin and VMWare admin to data center and cybersecurity.
I also have a lot of IT certifications:
- CompTIA A+
- CompTIA Network+
- CompTIA Security+
- CompTIA Linux+/LPIC-1
- CompTIA PenTest+
- Certified Ethical Hacker
- Systems Security Certified Practitioner (SSCP)
- Certified Information Systems Security Professional (CISSP)
- GIAC Penetration Tester (GPEN)
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- Amazon Solutions Architect Associate.
The certifications have helped open doors to me in different areas of technology, by meeting a requirement on a job application or by proving I have some baseline experience within certain fields. They also help me identify what I need to know, especially in emerging fields like cloud computing.
To gain hands-on skills, I like to tinker with new, interesting things, so I used a free trial account to get familiar with the cloud. Usually it helps to just jump in and try things out, learn from the mistakes.
What are some of the differences between working on-premises vs. cloud?
Making the transition from working an on-premises data center to the cloud was really fascinating for me. Working in the cloud environment is different from a regular data center because you can manage most of what you need to do from the console.
If I need to change dynamic host configuration protocol (DHCP) settings or modify subnets or access control lists (ACLs), it can all be done within the web interface or through the command line. In my previous positions, I’d have to pull up the management console for the specific services. I never did much with ACLs on network devices or routing before, but within a cloud environment, you get to learn all the facets in one spot.
Another large difference between on-premises data centers versus the cloud is that the cloud emphasizes infrastructure as code. Within the Amazon cloud, you can deploy cloud formation templates and essentially deploy your environment with YAML files. This makes it super easy to re-deploy things like a test environment, which usually skews from production, and can keep the configurations very close.
There are also slightly different security concerns in a cloud versus a standard data center. A lot of controls can be inherited from the cloud provider, and there are a handful of differences that make the older compliance rules not applicable.
The cloud provider also gets their services certified for use for specific compliance purposes. For example, Amazon has a list of services and what compliance they fall under: Federal Risk and Authorization Management Program (FedRAMP), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Service Organization Control (SOC) and more.
Another large difference within the cloud is having resources on demand. You can set up your servers to spin up more instances if there is a lot of consumption, like at peak times, and then just shut them off and not pay for them when they are not needed. Optimizing the use of those resources for cost is very specific to your cloud provider.
Where I worked before, we would have technical refreshes with on-premises data centers, finding the best cost of new hardware that will be most reliable until new funds were allocated. Here in the cloud, we are determining if our instances can run smaller, configuring autoscaling groups for more efficiencies or discerning which style of deployment or cloud-provided utility will best fit our system needs at the lowest cost. As most cloud providers keep incorporating new features and changing prices, this can be very interesting and keep you on your toes!
How do your past experiences play into the role you have now?
The cloud is a nice big mix of everything. I use networking, server administration, scripting and vulnerability and pen testing skills to help architect and support our system layouts. Almost everything I’ve learned or done at previous jobs help me manage our cloud environment in some way because the foundations have a lot of similarities.
What’s next on your learning agenda?
Currently, I’m getting ready to test for my GIAC Reverse Engineering Malware (GREM) certification and continuing studies on my master’s in computer science.
What advice would you have for someone who wants to work in cloud computing?
I would say not to be intimidated. A lot of the concepts are the same, just with a different interface. Seasoned on-premises engineers and administrators will not find it too difficult to pick up. Also, most cloud providers offer a free trial account so that you can use that to help study for certifications or get a handle on what it’s like.
Do you want to be a cloud engineer? Download the exam objectives for CompTIA Cloud+ to see what you need to know.