OCI Security Specialist
Implement security controls, manage identities, and protect workloads on Oracle Cloud Infrastructure
Master security on Oracle Cloud Infrastructure with this advanced course. You'll learn to implement comprehensive security controls, manage identities, protect workloads, and meet compliance requirements using OCI's security services.
Course Overview
This 35-hour course provides deep expertise in OCI security architecture and implementation. From identity management to threat detection, you'll learn to design and implement security solutions that protect enterprise workloads while meeting regulatory requirements.
What You'll Learn
- Implement comprehensive IAM policies and federation
- Configure Cloud Guard for automated threat detection
- Deploy Security Zones for workload protection
- Manage secrets and encryption with OCI Vault
- Implement network security controls and WAF
- Use Data Safe for database security
- Meet compliance requirements for regulated industries
Who Should Attend
- Security engineers responsible for OCI environments
- Cloud architects designing secure solutions
- Compliance officers managing cloud security
- DevSecOps engineers implementing security automation
- Professionals preparing for OCI Security Specialist certification
Prerequisites
This is an advanced course. Security fundamentals and OCI experience are essential.
- OCI Architect Associate certification or equivalent
- Understanding of security fundamentals
- 1+ years experience with cloud security
- Familiarity with compliance frameworks (PCI DSS, HIPAA, SOC 2)
- Basic networking and identity management knowledge
Curriculum
Module 1: OCI Security Fundamentals
Understand OCI's security model and shared responsibility.
Topics covered:
- OCI security architecture overview
- Shared responsibility model
- Security principles and best practices
- OCI security certifications and compliance
- Security governance on OCI
Duration: 3 hours
Module 2: Identity and Access Management
Implement comprehensive IAM for OCI tenancies.
Topics covered:
- IAM policy language deep dive
- Policy conditions and advanced patterns
- Dynamic groups and instance principals
- Compartment hierarchies and policy inheritance
- Service policies and cross-tenancy access
- Tag-based access control
- IAM limits and quotas
Duration: 5 hours
Module 3: Identity Federation and SSO
Configure identity federation with external providers.
Topics covered:
- SAML 2.0 federation configuration
- Identity domains and default domains
- Active Directory integration
- SCIM provisioning
- MFA configuration options
- Conditional access policies
- Identity lifecycle management
Duration: 4 hours
Module 4: Cloud Guard and Security Zones
Implement automated security monitoring and enforcement.
Topics covered:
- Cloud Guard architecture and concepts
- Detector recipes and configuration
- Responder recipes and automation
- Security Zones implementation
- Security Zone recipes
- Problem prioritization and remediation
- Integration with SIEM systems
Duration: 5 hours
Module 5: Data Protection and Encryption
Protect data with encryption and key management.
Topics covered:
- OCI Vault service architecture
- Key management and rotation
- Customer-managed keys implementation
- Secrets management
- Data encryption at rest and in transit
- Dedicated KMS (HSM)
- Key import and external key management
Duration: 4 hours
Module 6: Network Security
Implement network security controls for OCI workloads.
Topics covered:
- Security lists vs. network security groups
- Network Firewall deployment
- Web Application Firewall configuration
- DDoS protection
- Bastion service for secure access
- VCN flow logs and analysis
- Network security monitoring
Duration: 4 hours
Module 7: Database Security with Data Safe
Implement comprehensive database security.
Topics covered:
- Data Safe service overview
- Security assessments and recommendations
- User assessments and risk analysis
- Activity auditing configuration
- Data masking for non-production
- Data discovery and classification
- Alerts and reporting
Duration: 4 hours
Module 8: Vulnerability Management
Identify and remediate vulnerabilities across OCI resources.
Topics covered:
- Vulnerability Scanning Service
- Host and container scanning
- Agent-based vs. agentless scanning
- Scan scheduling and automation
- Risk prioritization
- Remediation workflows
- Integration with patch management
Duration: 3 hours
Module 9: Security Monitoring and Incident Response
Monitor security events and respond to incidents.
Topics covered:
- Audit log analysis
- Logging Analytics for security
- Threat intelligence integration
- Security incident workflows
- Forensics and investigation
- Automated remediation
- Security dashboards and reporting
Duration: 3 hours
Module 10: Compliance and Exam Preparation
Implement compliance controls and prepare for certification.
Topics covered:
- Compliance frameworks on OCI
- CIS Benchmark implementation
- Compliance reporting
- Exam format and objectives
- Practice scenarios and questions
Duration: 2 hours (+ practice time)
Hands-On Labs
Labs are conducted in isolated environments to safely practice security configurations without affecting production workloads.
Lab 1: Advanced IAM Implementation
Configure comprehensive IAM policies for enterprise tenancy.
Objectives:
- Design compartment hierarchy for security
- Create IAM policies using conditions
- Configure dynamic groups for automation
- Implement tag-based access control
- Set up service policies
Lab 2: Identity Federation
Configure SAML federation with an identity provider.
Objectives:
- Set up identity domain
- Configure SAML federation
- Map groups to OCI policies
- Implement MFA requirements
- Test federated authentication
Lab 3: Cloud Guard Configuration
Deploy and configure Cloud Guard for threat detection.
Objectives:
- Enable Cloud Guard in tenancy
- Configure detector recipes
- Set up responder automation
- Create custom detector rules
- Investigate and remediate problems
Lab 4: Security Zones Implementation
Implement Security Zones for sensitive workloads.
Objectives:
- Create Security Zone compartment
- Apply security zone recipes
- Deploy compliant resources
- Test zone enforcement
- Configure exception handling
Lab 5: Vault and Key Management
Implement encryption key management with OCI Vault.
Objectives:
- Create vault and master encryption keys
- Configure customer-managed encryption
- Implement secrets management
- Set up key rotation policies
- Integrate with OCI services
Lab 6: Network Security Implementation
Configure comprehensive network security controls.
Objectives:
- Deploy Network Firewall
- Configure WAF policies
- Set up Bastion service
- Implement VCN flow logs
- Create network security monitoring
Lab 7: Data Safe Configuration
Implement database security with Data Safe.
Objectives:
- Register databases with Data Safe
- Run security assessments
- Configure activity auditing
- Create data masking policies
- Set up alerts and reports
Certification Preparation
This course prepares you for the Oracle Cloud Infrastructure Security Specialist certification.
Exam Details
| Attribute | Details |
|---|---|
| Exam Code | 1Z0-1104 |
| Format | Multiple choice and multiple select |
| Number of Questions | 55 |
| Passing Score | 65% |
| Duration | 105 minutes |
| Cost | Free |
Oracle offers this certification exam for free. Validate your OCI security expertise without exam fees.
Exam Topics
The exam covers the following domains:
- Identity and Access Management (20-25%)
- Cloud Guard and Security Zones (15-20%)
- Data Protection and Encryption (15-20%)
- Network Security (15-20%)
- Database Security (10-15%)
- Security Monitoring and Compliance (10-15%)
Training Options
| Format | Duration | Features | Price |
|---|---|---|---|
| Self-Paced Online | 35 hours | On-demand videos, lifetime access | $799 |
| Live Virtual | 4 days | Interactive sessions, security experts | $1,599 |
| Corporate On-Site | 4 days | Customized content, team training | Contact us |
| Bootcamp Intensive | 4 days | Immersive, hands-on focus | $1,799 |
What's Included
- Comprehensive video lessons with demos
- 7 hands-on security labs
- Security policy templates and examples
- Compliance checklists
- Practice exam questions (175+ questions)
- Certificate of completion
- 60-day instructor support
- Access to security community forums
Next Steps
Ready to master OCI security? [Contact us](/contact-sales) to discuss enrollment options.
Complement your security skills with:
- [OCI Architect Professional](/docs/trainings/oracle-cloud/architect-professional) - Security architecture patterns
- [OCI Database Specialist](/docs/trainings/oracle-cloud/database-specialist) - Database security deep dive
- [OCI DevOps Professional](/docs/trainings/oracle-cloud/devops-professional) - DevSecOps implementation
Browse all [Oracle Cloud training programs](/docs/trainings/oracle-cloud) or explore our complete [training catalog](/docs/trainings).
Prerequisites
- OCI Architect Associate certification or equivalent
- 1+ years OCI experience
- Understanding of cloud security concepts
Ready to get started?
Request a training quote for your team — in-person, live-online, or hybrid.