How I Became a Senior Cloud Security Engineer

"How do I get started in cloud security?"

"How do I pivot into a cloud security engineer role?"

Those are some of the most common questions landing in my LinkedIn inbox. Instead of answering the same question over and over, I decided to write it out once.

Here's what worked for me.

There is no single path into cloud security. Mine started in IT audit, moved into information security, and eventually led me to securing cloud and AI systems at enterprise scale.

As someone who changed careers into cybersecurity, I always tell people, your "why" becomes your anchor. It keeps you grounded when everything feels overwhelming and it will feel overwhelming at times.

Before you pursue certifications, learn new tools, or dive into cloud platforms, get clear on what's driving you. That clarity shapes everything that comes after.

Where I Started

Before I ever began my cloud security journey, I had already built a foundation through two earlier roles.

My first role was as an IT Auditor in a local government internal audit department after completing a series of IT internships. From there, I moved into an Information Security Engineer role at the state government. That's where cloud computing first caught my attention.

In 2020, cloud were front and center. Organizations were rapidly enabling remote work, and cloud adoption was accelerating. I was watching these shifts through a traditional security lens and realized that if I wanted to stay relevant, I needed to understand cloud technology.

The Learning Phase

I started with AWS.

I earned the AWS Cloud Practitioner certification to build a foundational understanding of cloud computing concepts and core AWS services. Then, in early 2021, I pursued the CCSK (Certificate of Cloud Security Knowledge) from the Cloud Security Alliance to add a security perspective to that foundation.

At the time, I still wasn't working in cloud security full-time. I was serving as a Senior Security Engineer focused on application security and vulnerability assessments.

One thing that helped me during this period was documenting parts of my learning journey on LinkedIn. I wasn't positioning myself as an expert. I was simply sharing what I was learning. Over time, that visibility started attracting recruiter attention and expanding my professional network.

Interestingly, I turned down cloud security opportunities more than once.

I didn't feel ready, and I had recently been promoted into a senior role. Looking back, that feeling probably wasn't unusual. Many career transitions involve stepping into opportunities before you feel completely prepared.

Eventually, the opportunity felt too aligned with my goals to pass up.

My First Cloud Security Engineering Role

I joined Best Buy as a Cloud Security Engineer and spent nearly four years there.

During that time, I secured enterprise applications running in AWS, advised development teams on secure cloud architectures, and supported a large-scale migration from on-premises data centers to the cloud.

I also helped build cloud forensic automation and incident response workflows with my team.

As my responsibilities expanded, so did my technical skills.

I learned Infrastructure as Code, specifically Terraform, and later earned the HashiCorp Terraform Associate certification. I also earned the SANS GCLD (Cloud Security Essentials) certification and had the opportunity to deliver my first SANS presentation focused on AWS security.

To deepen my cloud expertise, I pursued the AWS Solutions Architect Associate and AWS Security Specialty certifications. Both helped strengthen my understanding of cloud architecture and security controls.

Recognizing that multi-cloud environments were becoming increasingly common, I also earned Microsoft's SC-900 certification to build foundational Azure knowledge.

I approached certifications strategically. Each one aligned with a specific learning objective and career goal rather than simply collecting credentials.

Looking back, certifications opened doors, but hands-on experience, relationship building, learning on the job as you navigate each problem and continuous learning were what sustained long term career growth.

What Cloud Security Engineers Actually Do

One thing I wish I understood earlier is what cloud security engineers actually do day to day.

Depending on the organization, cloud security engineers may:

Secure cloud infrastructure and workloads

Design and implement security guardrails

Review cloud architectures, yes!

Manage identity and access controls

Support cloud incident response and digital forensics

Build logging, monitoring, and detection capabilities

Work with Cloud Security Posture Management (CSPM) tools

Review Infrastructure-as-Code deployments

Partner with engineering teams to reduce risk

Cloud security requires understanding cloud architecture, automation, networking, identity, and how businesses use technology to achieve their goals.

Becoming a Senior Cloud Security Engineer

About a year ago, I made another intentional move and joined Mayo Clinic as a Senior Cloud Security Engineer.

Today, I help secure applications and data across multi-cloud environments. My work includes strengthening Azure environments through identity, network, and policy controls, building centralized logging and monitoring capabilities through Infrastructure-as-Code, and partnering closely with cloud engineering teams to remediate risks identified through Cloud Security Posture Management tools.

Because of my interest in emerging technologies and continuous learning, I've also had the opportunity to contribute to a cross-functional AI security initiative focused on implementing safeguards for generative AI systems aligned with governance and security frameworks.

It's some of the most important work in the field right now, and I'm grateful to contribute to it.

The Challenges Along the Way

One of the hardest parts of transitioning into cloud security was realizing how much there was to learn.

Cloud security sits at the intersection of security, networking, identity, architecture, automation, and engineering. There were many moments when I felt behind.

What helped was focusing on progress instead of mastery.

I stopped worrying about knowing everything and focused on learning the next concept, earning the next skill, and taking the next step.

Over time, those small investments compounded.

If I were beginning my cloud security journey today, my roadmap would look something like:

1. Know your WHY.

Why cloud security and not another area of cybersecurity? Your “why” will guide what you choose to learn and how you stay motivated.

2. Learn one cloud platform deeply.

AWS, Azure, GCP or Oracle… it doesn’t matter. If you master one, translating concepts becomes much easier.

I started learning cloud with AWS in late 2020 & earned

+ AWS CCP

+ CCSK

+ SANS GCLD

+ AWS Solutions Architect

+ AWS Security Specialty

+ Microsoft SC-900

+ Terraform Associate (IaC) + more

Goal is to build skill so build labs and portfolios.

Document your learning and projects.

3. Strengthen security fundamentals.

Networking, IAM, encryption, logging, monitoring etc.

4. Learn Infrastructure as Code (IaC).

Terraform, CloudFormation, etc.

In enterprise environments, no one is clicking around the console to deploy production resources. Well, unless in a sandbox for testing stuff.

5. Understand DevSecOps + version control.

Know GitHub, GitLab, Azure DevOps, pipelines, CI/CD, and where security fits into the workflow.

6. Learn a scripting language.

Python or Go both are great for automation, querying, & security tooling.

7. Stay ahead of change.

Cloud tech evolves fast. Stay updated on trends, tools, new services, & how attackers are adapting.

8. Don’t forget the essential skills.

Critical thinking, attention to detail, collaboration, communication, & problem-solving will set you apart.

9. Build your personal brand.

Share what you're learning. Post your wins, labs, challenges, & insights.

Opportunities come from being visible.

(And yes, I have two LinkedIn Learning courses that cover personal branding in cybersecurity and another one on Securing AWS migration.)

10. Learn on the job, always.

Cloud security gives you new problems daily, misconfigurations, IAM cleanup, automation, gap remediation, incident response, security hardening, being multi-cloud and let’s not forget the tools CSPM, DSPM, CWPP etc.

Stay curious & keep iterating.

Bonus: Review cloud security job postings every now and then to see which skills are in demand & adjust your learning roadmap.

You don't need to master everything before getting started.

Looking back, three things made the biggest difference in my journey:

Having a clear reason for why I wanted to make the transition.

Consistently building skills one step at a time.

Sharing my journey before I felt like an expert.

None of those required permission. They simply required starting.

Cybersecurity is a broad field, and cloud security is no exception. You don't need to know all of it before you begin. You just need to know enough to take the next step, stay curious, and continue learning.

The opportunities often find the people who are already in motion.

Hack-Proofing Childhood: Ensuring our children's online safety

Securely Migrating to AWS