HomeTrainingDevOps — Google Cloud Track
Cloud & DevOps Series · Google Cloud Platform · 4–5 Week Core + 6 Advanced Tracks

DevOps Training
Google Cloud Track
— Islamabad 2026

Google invented Kubernetes, pioneered serverless containers with Cloud Run, and built the data and AI platform the world's largest companies depend on. This program builds the complete GCP DevOps foundation in 4–5 weeks — Cloud Build, Cloud Deploy, Terraform, GKE, Cloud Run, Managed Prometheus, Binary Authorization — plus six specialist add-on tracks including GKE, security, serverless, data engineering, and SRE with Google-origin tooling.

Core Duration
4–5 Weeks
👥
Seats / Batch
5 Maximum
☁️
Platform
Google Cloud Platform
📍
Location
Islamabad + Online
🎓
Cert Aligned
ACE + Prof DevOps + Architect
📲 Book via WhatsApp View Full Curriculum ↓
Core Stack 🟢 GCP 🏗️ Cloud Build 🚀 Cloud Deploy 🐋 Artifact Registry 🏗️ Terraform 🔐 Workload Identity ☸️ GKE (Track 1) 🏃 Cloud Run 📊 Cloud Monitoring 🧠 Vertex AI (Track 5) 🔏 Binary Auth

🎓 Program Overview

Google Cloud Platform is where the internet runs at scale. Gmail, YouTube, Google Search, and Google Maps all run on the same infrastructure you will learn to operate in this course. GCP holds the third-largest cloud market share globally and is growing fastest in data engineering, AI/ML workloads, and developer-friendly serverless deployments — precisely the areas where Pakistan's engineering talent is increasingly competitive.

The core program builds the GCP DevOps foundation in 4–5 weeks. Six specialist advanced tracks — each 2–3 additional weeks — allow deep specialisation in GKE, security, serverless, platform engineering, data/ML infrastructure, or SRE with the observability and reliability tooling Google itself invented.

🌐 Google Cloud — Where Modern DevOps Tooling Was Born
☸️ Kubernetes
Google invented Kubernetes and contributes more to its development than any other company. GKE is the reference managed Kubernetes implementation all others are measured against.
🏃 Cloud Run
The industry's cleanest serverless container platform — deploy any container, pay per request, scale to zero, get HTTPS automatically. The fastest path from Docker image to production URL.
📦 Distroless Images
Google's own production-hardened minimal base images — Distroless — eliminate entire attack surfaces by removing shells, package managers, and debug tools from production containers.
🔏 SLSA & Binary Auth
Google created the SLSA (Supply chain Levels for Software Artifacts) security framework and Binary Authorization — the most rigorous container supply chain security system in the industry.
📈 SRE Heritage
Site Reliability Engineering was invented at Google. GCP's SLO API, Managed Prometheus, Cloud Profiler, and Cloud Trace are built by the engineers who wrote the SRE book.
🧠 Vertex AI + BigQuery
GCP's data and AI platform powers more Fortune 500 companies than any competing platform. BigQuery, Vertex AI, Dataflow, and Pub/Sub form the most integrated data infrastructure in any cloud.
📐 Program Structure — Core + Choose Your GCP Specialisation
Core (4–5 wks)
Linux, gcloud CLI, Docker, Artifact Registry, GCP services, Terraform (google provider), Cloud Build, Cloud Deploy, GitHub Actions (OIDC to GCP), Cloud Run, Cloud Monitoring, Security Command Center, Cost Management · Aligned with Google Cloud ACE
Track 1
Kubernetes & GKE — 3 weeks · Standard vs Autopilot, Workload Identity, Config Sync, Cloud Deploy, Anthos Service Mesh, Fleet multi-cluster · Aligned with CKA + Prof Cloud Developer
Track 2
GCP Security & Compliance Engineering — 2 weeks · SCC Premium, Chronicle, Binary Authorization, SLSA, Cloud DLP, Assured Workloads · Aligned with Prof Cloud Security Engineer
Track 3
Serverless & Event-Driven Architecture — 2 weeks · Cloud Run deep dive, Cloud Functions 2nd gen, Eventarc, Pub/Sub, Cloud Workflows, Firebase · Aligned with Prof Cloud Developer
Track 4
Platform Engineering & Advanced IaC — 2 weeks · Fabric FAST, project factory, Config Connector, Backstage, Organisation Policy · Aligned with Prof DevOps Engineer + Prof Cloud Architect
Track 5
Data Engineering & ML Infrastructure — 2 weeks · BigQuery, Dataflow, Pub/Sub, Dataproc, Cloud Composer, Vertex AI, MLOps · Aligned with Prof Data Engineer + Prof ML Engineer
Track 6
SRE & Advanced Observability — 2 weeks · Managed Prometheus, Grafana, Cloud Trace, Profiler, SLO API, chaos engineering, toil automation · Aligned with Prof DevOps Engineer

💡 Why Google Cloud DevOps in 2026

Google invented Kubernetes and contributes more to its development than any other company — GKE is the most mature managed Kubernetes offering and the reference other clouds are measured against
Cloud Run is the cleanest serverless container platform in the industry — deploy any container, pay per request, scale to zero, get HTTPS automatically — the fastest path from Docker image to production URL
GCP's data and AI platform (BigQuery, Vertex AI, Dataflow, Pub/Sub, Looker) powers the data infrastructure of more Fortune 500 companies than any competing platform — creating massive demand for GCP data and ML infrastructure engineers
GCP's developer experience is consistently rated best of the three major clouds — the gcloud CLI, Cloud Shell, and Artifact Registry are among the most polished infrastructure tools available
Google's open-source commitment means GCP engineers spend more time on transferable skills — Kubernetes, Terraform, Prometheus, Grafana, and OpenTelemetry are all deeply integrated with GCP
The Professional Cloud DevOps Engineer and Professional Cloud Architect certifications are among the most rigorous and respected in the industry — this program aligns directly with both
Remote opportunities: GCP skills are increasingly requested by international companies building data-heavy and AI-native products — the fastest-growing segment of Pakistan's IT export market

📚 Core Program — 4 to 5 Weeks

W1
Week 1
Linux, Networking, gcloud CLI & Shell Automation
12 topics · The OS and CLI layer everything GCP sits on

Every GCP Compute Engine VM, every GKE node, every Cloud Run instance, and every Cloud Build worker runs on Linux. This week builds the OS and networking foundations plus gcloud CLI fluency from day one.

  1. Linux fundamentals: process management, systemd, file permissions, user management, and /proc + /sys virtual filesystems
  2. Shell scripting in Bash: variables, conditionals, loops, functions, error handling with set -euo pipefail — production-grade GCP automation scripts
  3. Text processing: grep, awk, sed, jq for JSON (essential for gcloud CLI output), and yq for YAML — the DevOps data transformation toolkit
  4. Networking fundamentals: TCP/IP, CIDR notation, routing tables, DNS, NAT, and packet flow through a Google Cloud VPC
  5. TLS/SSL: certificate chain, inspecting with openssl — essential for Cloud Load Balancing and Cloud Run managed certificates
  6. SSH: key generation, SSH config files, OS Login for GCP VMs, and Identity-Aware Proxy (IAP) tunnel-based SSH without public IP addresses
  7. Google Cloud CLI (gcloud): installing, authenticating with service accounts and Application Default Credentials, scripting resource operations, and querying with --format json and jq
  8. Cloud Shell: the browser-based Linux environment with gcloud, kubectl, Terraform, and Docker pre-installed — zero-setup development environment
  9. Git advanced workflows: rebasing, cherry-picking, reflog — working with Cloud Source Repositories and GitHub
  10. Python for GCP automation: google-cloud Python client libraries, the GCP REST API, and argparse for complex infrastructure automation
  11. Linux networking tools: ip, ss, curl, dig, nslookup, tcpdump, and nc — debugging connectivity in GCP VPC environments
  12. Attaching Google Persistent Disks to Linux VMs, LVM, and disk usage analysis
W2
Week 2
Docker & Containers — Google Distroless, Artifact Registry & Cloud Build
13 topics · GCP's container-native ecosystem
+

GCP is the most container-native cloud platform — Cloud Run, GKE, Cloud Build, and Artifact Registry all treat containers as first-class citizens. Includes Google's own Distroless base images and Cloud Build for rootless container builds.

  1. Container fundamentals: Linux namespaces, cgroups, and the kernel features that make containers possible — what Cloud Run and GKE actually execute
  2. Docker architecture: Docker daemon, containerd, runc, image layers, and the OverlayFS union filesystem
  3. Writing production Dockerfiles: multi-stage builds, minimal base images (distroless, alpine, scratch), non-root users, and build cache optimisation
  4. Google Distroless images: Google's production-hardened base images — the recommended base for GCP deployments, used for Go, Java, Python, and Node.js
  5. Docker image security: scanning with Trivy and Google Artifact Analysis — continuous vulnerability scanning integrated into Artifact Registry
  6. Docker Compose: multi-container local development stacks for GCP-mirrored environments
  7. Google Artifact Registry: creating repositories (Docker, npm, Python, Maven, Go), pushing/pulling, regional vs multi-regional, and IAM permissions
  8. Artifact Registry vulnerability scanning: Google Artifact Analysis — Container Scanning API for OS and language package CVEs
  9. Cloud Build for Docker: building images without a local Docker daemon — Dockerfile builds, kaniko for rootless builds, and layer caching with Cloud Storage
  10. Container image tagging: semver, Git SHA immutable tags, and GCP's recommended conventions for Cloud Deploy promotion
  11. Multi-platform builds: ARM64 + AMD64 images for GKE's T2A Arm-based node pools using Docker buildx
  12. Cloud Build triggers: push, PR, tag push, manual, and Pub/Sub-triggered builds from external events
  13. Cloud Build security: hermetic builds, no inbound network, and using Secret Manager for sensitive build-time variables
W3
Week 3
Google Cloud Core Services & Terraform Infrastructure as Code
22 topics · GCP provisioned as code from day one
+

GCP from a DevOps engineer's perspective — provisioning everything as code with Terraform, designing VPC topology correctly, and managing identity with Google Cloud's IAM model and Workload Identity Federation.

GCP Fundamentals for DevOps
  1. GCP resource hierarchy: organisation, folders, projects, and resources — IAM policy inheritance and project-level isolation
  2. Google Cloud VPC: global VPC with regional subnets, VPC peering, Shared VPC, Private Google Access, Cloud NAT, and VPC Flow Logs
  3. Firewall rules and hierarchical firewall policies: ingress/egress rules, target tags vs service accounts, and org/folder-level policies
  4. Compute Engine: machine types (N2, C3, T2D Arm), Spot VMs, managed instance groups (MIGs), and startup scripts via metadata
  5. Cloud Load Balancing: Global HTTP(S) LB, Regional LB, TCP/UDP LB, and Internal LB — health checks and SSL certificates
  6. Cloud Storage: storage classes (Standard, Nearline, Coldline, Archive), IAM vs ACL, signed URLs, lifecycle rules, and Pub/Sub notifications
  7. Cloud SQL: managed PostgreSQL and MySQL — read replicas, HA with regional persistent disk, Private Service Connection, and point-in-time recovery
  8. Cloud Memorystore: managed Redis and Valkey — in-transit encryption and Private Service Access
  9. Google Cloud IAM: service accounts, IAM roles (primitive, predefined, custom), Workload Identity Federation for GitHub Actions and AWS, and IAM Recommender
  10. Service account best practices: one per workload, impersonation, Workload Identity for GKE, and avoiding service account keys
  11. Secret Manager: storing and rotating secrets — IAM-based access and event-driven rotation with Cloud Functions
  12. Cloud DNS: managed zones, record sets, private zones for internal VPC resolution, and DNS peering
Terraform for GCP
  1. Terraform with the Google provider: the google and google-beta providers — credentials and project/region defaults
  2. Terraform state on GCP: Cloud Storage backend with object versioning and state locking
  3. Google Cloud Foundation Toolkit (CFT): Google's opinionated Terraform modules for VPC, GKE, Cloud SQL, IAM, and project creation
  4. Terraform modules for GCP: reusable VPC, GKE, and Cloud Run modules — the terraform-google-modules GitHub organisation
  5. Workspaces and environment promotion: dev → staging → production with separate state files
  6. Provisioning a complete GCP environment: folder hierarchy, project creation, Shared VPC, GKE cluster, Cloud SQL, Cloud Storage, and IAM bindings
  7. Atlantis on GCP: team-based IaC with plan-on-PR and apply-on-merge — running on Cloud Run or GKE
  8. Checkov and tfsec for GCP: static analysis of Terraform code for GCP security misconfigurations
  9. Policy Controller (OPA-based): enforcing organisational policies on GCP resources at project and folder level
  10. Config Connector: the Kubernetes-native alternative to Terraform for GCP — awareness-level coverage
W4
Week 4
CI/CD — Cloud Build, Cloud Deploy & GitHub Actions
20 topics · Google's native delivery tooling + GitHub Actions
+

From code push to production on Cloud Run and GKE — automated, secure, and progressively delivered. Google's Cloud Build and Cloud Deploy are covered alongside GitHub Actions with OIDC-based keyless GCP authentication.

Cloud Build in Depth
  1. Cloud Build architecture: build triggers, cloudbuild.yaml configs, build steps, build workers, and the build lifecycle
  2. Build steps: community builder images (gcr.io/cloud-builders/*), custom builders, and parallel step execution with waitFor
  3. Cloud Build substitutions: built-in variables (COMMIT_SHA, BRANCH_NAME, BUILD_ID) and user-defined substitutions for parameterised pipelines
  4. Private pools: dedicated build workers in a Customer VPC — builds with access to private Cloud SQL and internal services
  5. Build caching: Cloud Storage-backed layer caching for Docker builds — dramatically reducing build times
  6. Cloud Build IAM: the build service account, least-privilege access to Artifact Registry, Secret Manager, and GKE
Cloud Deploy — Continuous Delivery
  1. Cloud Deploy architecture: delivery pipelines, targets (GKE, Cloud Run), releases, and rollouts
  2. Promotion workflow: promoting a release through dev → staging → production with manual approval gates
  3. Cloud Deploy with Cloud Run: creating releases, deploying to Cloud Run services, and progressive traffic splitting
  4. Cloud Deploy with GKE: Skaffold-based rendering, Helm and Kustomize manifest support, and rollout verification
  5. Canary deployments with Cloud Deploy: phased rollout with traffic percentage targets and automated verification
  6. Rollback in Cloud Deploy: automatic on failed verification and manual rollback to previous releases
GitHub Actions for GCP
  1. Workload Identity Federation from GitHub Actions to GCP: keyless authentication — no service account keys stored in GitHub secrets
  2. GCP-specific GitHub Actions: google-github-actions/auth, setup-gcloud, deploy-cloudrun, and get-gke-credentials
  3. Complete CI/CD pipeline: push → Trivy scan → Cloud Build trigger → Artifact Registry push → Terraform plan → Cloud Deploy release → smoke test → Slack notify
  4. Reusable workflows for GCP: shared GitHub Actions library for Cloud Run and GKE deployments
  5. Self-hosted GitHub Actions runners on GCP: Compute Engine VMs or GKE-based runners with Workload Identity
  6. Cloud Run deployment targets: traffic splitting between revisions, blue/green with 100% traffic cut, and rollback by revision ID
  7. App Engine deployments with Cloud Deploy: managing progressive traffic migration for standard runtimes
  8. Complete pipeline security: OIDC federation, Secret Manager integration, Binary Authorization enforcement in deploy step
W5
Week 5
Cloud Operations Suite, GCP Security & Cost Management
29 topics · Observability, zero-trust security, and cloud bill governance
+

The three disciplines that define a working GCP DevOps engineer's day: understanding system behaviour with Cloud Operations Suite, keeping workloads secure with Google's zero-trust tooling, and governing a cloud bill that can surprise you.

Observability with Cloud Operations Suite
  1. Cloud Operations Suite overview: Cloud Monitoring, Cloud Logging, Cloud Trace, Cloud Profiler, and Error Reporting — the integrated observability platform
  2. Cloud Logging: log sinks, log buckets, log-based metrics, log exclusions, and the Logs Explorer — querying with the Logging Query Language
  3. Cloud Monitoring: workspace setup, metrics explorer, 6,000+ built-in GCP service metrics, and custom metrics
  4. Cloud Monitoring dashboards: building operational dashboards with metrics, log panels, and SLO widgets
  5. Alerting policies: metric threshold alerts, log-based alerts, uptime checks, and notification channels (email, PagerDuty, Slack via Pub/Sub webhook)
  6. Cloud Trace: distributed tracing for Cloud Run, GKE, and App Engine — trace waterfall analysis and latency percentiles
  7. Error Reporting: automatic grouping of application errors — alerting on new error classes and spike detection
  8. Cloud Profiler: continuous CPU and memory profiling in production — flame graph analysis without performance overhead
  9. OpenTelemetry with GCP: the Google Cloud OTel exporter — sending traces, metrics, and logs to Cloud Monitoring and Cloud Trace
  10. Structured logging: JSON with severity, trace, spanId, and httpRequest fields for automatic GCP log enrichment
GCP Security Fundamentals
  1. Secret Manager in production: rotation with Cloud Functions, automatic expiry, and audit logging in Cloud Audit Logs
  2. Workload Identity Federation: eliminating service account keys for GitHub Actions, GitLab CI, AWS Lambda, and Azure workloads
  3. VPC Service Controls: service perimeters around GCP APIs to prevent data exfiltration — protecting BigQuery, Cloud Storage, and Secret Manager
  4. Binary Authorization: enforcing only signed, approved container images are deployed to GKE and Cloud Run
  5. Security Command Center (SCC): centralised security and risk platform — misconfigurations, vulnerabilities, and threats across the GCP organisation
  6. Cloud Audit Logs: Admin Activity, Data Access, System Event, and Policy Denied logs — retention and export to Cloud Storage and BigQuery
  7. Identity-Aware Proxy (IAP): zero-trust access to Cloud Run, GKE, and Compute Engine — enforcing Google Identity without a VPN
  8. Google Cloud Armor: WAF for Cloud Load Balancing — OWASP managed rule groups, rate limiting, and geo-based blocking
  9. Shift-left security: Trivy (containers), Checkov (Terraform), Semgrep (SAST), and Google Cloud container scanning integration
GCP Cost Management
  1. Cloud Billing: billing accounts, billing exports to BigQuery, and the Google Cloud Pricing Calculator
  2. Labels and tags for cost allocation: mandatory label policies enforced via Organisation Policy — environment, team, project, cost-centre
  3. Budget alerts: spend budgets with thresholds and Pub/Sub notifications for automated cost control actions
  4. Recommender and Active Assist: idle VM recommendations, right-sizing suggestions, and IAM role recommendations
  5. Committed Use Discounts (CUDs): 1-year and 3-year resource commitments for Compute Engine and Cloud SQL — 37–55% savings
  6. Spot VMs: preemptible/Spot instances for CI/CD builds and batch jobs — 60–91% savings with proper interruption handling
  7. Cloud Run scale-to-zero: eliminating idle costs for non-production environments
  8. Cloud Storage cost optimisation: lifecycle rules for automatic tier transitions — Standard → Nearline → Coldline → Archive
  9. Network egress pricing: inter-region, inter-zone, and internet egress — the most consistently underestimated GCP bill item
  10. BigQuery cost control: on-demand vs capacity pricing, slot reservations, query cost dry run, and partitioned/clustered tables

🚀 Advanced Add-On Tracks

Six specialist tracks, each 2–3 additional weeks. Take any track after completing the core. Each aligned with a specific Google Cloud or industry certification.

T1
3 weeks · Add-On · Additional Fee
Kubernetes & GKE — Fundamentals, Autopilot, Fleet & GitOps
Aligned with: CKA + Google Cloud Professional Cloud Developer
+

GKE is where Kubernetes was born and where it is most mature. Three weeks covering it properly — from Kubernetes fundamentals through GKE-specific operations (including Autopilot) to the GitOps delivery layer.

Week 1 — Kubernetes Fundamentals
  1. Architecture: control plane (API server, etcd, scheduler, controller manager) and data plane (kubelet, kube-proxy) — GKE manages the control plane
  2. Core workload objects: Pods, ReplicaSets, Deployments, StatefulSets, DaemonSets, Jobs, CronJobs — when each is appropriate
  3. Services: ClusterIP, NodePort, LoadBalancer (backed by Google Cloud LB), ExternalName — DNS-based discovery with CoreDNS
  4. Ingress: GKE Ingress (Google Cloud HTTP(S) LB), NGINX Ingress, and Gateway API — TLS with Google-managed certificates
  5. Persistent Volumes: Compute Engine Persistent Disk CSI driver and Filestore CSI driver for RWX workloads
  6. Namespaces, RBAC, and binding Google identities to Kubernetes roles via GKE RBAC
  7. Resource requests, limits, LimitRanges, ResourceQuotas, and QoS classes
  8. Health checks: liveness, readiness, startup probes that work reliably with Cloud Load Balancing health checks
  9. Pod scheduling: affinity/anti-affinity, topology spread constraints, taints, tolerations, PodDisruptionBudgets
Week 2 — GKE in Production
  1. GKE cluster modes: Standard vs Autopilot — when each is appropriate, cost model differences, and Autopilot workload constraints
  2. GKE Autopilot: fully managed Kubernetes mode — no node management, pod-based billing, and built-in security hardening
  3. GKE provisioning with Terraform: google_container_cluster, node pool configuration, and the GKE Terraform module
  4. GKE networking: VPC-native clusters, alias IP ranges, GKE Dataplane V2 (eBPF-based), and Network Policy enforcement
  5. Workload Identity for GKE: binding Kubernetes ServiceAccounts to Google service accounts — replacing service account key files
  6. GKE node pools: standard, Spot, Arm (T2A), and GPU node pools — when to use each
  7. GKE cluster autoscaling: Cluster Autoscaler and Node Auto-Provisioning (NAP)
  8. Secret Manager CSI driver for GKE: mounting secrets as files or environment variables — no Kubernetes Secrets needed
  9. GKE observability: Google Managed Prometheus, Cloud Monitoring Container Insights, and Workload metrics
  10. GKE security hardening: Shielded GKE nodes, Binary Authorization admission control, and Workload Identity enforcement
  11. GKE cluster upgrades: release channels (Rapid/Regular/Stable), auto-upgrade, maintenance windows, and blue/green node pool upgrades
Week 3 — GitOps & Advanced Delivery on GKE
  1. Helm: packaging applications — charts, values files, hooks, and Helm with Cloud Deploy
  2. Kustomize: environment-specific overlays — base + overlays for dev/staging/prod GKE clusters
  3. Config Sync (Flux-based): the GKE Enterprise GitOps operator — syncing from Git, OCI registries, and Cloud Storage
  4. ArgoCD on GKE: Applications, ApplicationSets, App of Apps, and multi-cluster deployments
  5. Cloud Deploy with GKE: Skaffold rendering, release promotion, and GKE rollout verification with custom metrics
  6. Argo Rollouts on GKE: canary and blue/green with Cloud Monitoring-backed automated analysis
  7. Anthos Service Mesh (ASM): managed Istio for GKE — mTLS, traffic management, Kiali observability, and cross-cluster mesh
  8. Multi-cluster GKE: GKE Fleet management, multi-cluster Ingress, and multi-cluster Services for global load balancing
  9. Config Controller: hosted Config Connector and Policy Controller — managing GCP resources and enforcing policies from Git
T2
2 weeks · Add-On · Additional Fee
GCP Security & Compliance Engineering — SCC, Chronicle & SLSA
Aligned with: Google Cloud Professional Cloud Security Engineer
+

Google Cloud has one of the most sophisticated security models of any cloud — built on BeyondProd zero-trust principles. SLSA, Binary Authorization, and VPC Service Controls are Google inventions.

Week 1 — GCP Security Services in Depth
  1. Security Command Center Premium: security findings, compliance dashboards (CIS, PCI-DSS, NIST), threat detection, and automated Pub/Sub export for SIEM integration
  2. Chronicle SIEM: Google's cloud-native security operations platform — GCP log ingestion, YARA-L detection rules, and SOAR playbooks
  3. VPC Service Controls in depth: service perimeters, access levels, access policies, and bridging perimeters for controlled data sharing
  4. Cloud KMS: CMEK for Cloud Storage, BigQuery, GKE, Cloud SQL, and Secret Manager — key rings, versions, rotation, and Cloud HSM
  5. Cloud Armor Advanced: custom WAF rules with CEL expressions, adaptive protection (ML-based DDoS), and named IP lists
  6. Cloud IDS (Intrusion Detection System): network threat detection using Palo Alto Networks signatures
  7. Assured Workloads: compliance boundaries for FedRAMP, ITAR, IL4 — data residency controls and organisation policy constraints
  8. Organisation Policy Service: restricting public IPs, disabling service account key creation, requiring OS Login, and enforcing uniform bucket-level access
Week 2 — DevSecOps Pipeline & Compliance
  1. Shift-left: Trivy (containers), Checkov (Terraform), Semgrep (SAST), OSV-Scanner (Google's open source vulnerability tool), and licence compliance scanning
  2. SBOM: generating with Syft and attesting in Artifact Registry using Google Cloud's attestation framework
  3. Binary Authorization in depth: attestors, attestation authorities, Cloud KMS-signed attestations, and enforcing signing in Cloud Deploy and GKE
  4. SLSA framework: Google's supply chain security standard — SLSA provenance from Cloud Build, verifying provenance in Binary Authorization
  5. Container Analysis and Artifact Registry scanning: on-push and continuous scanning APIs — Pub/Sub-triggered remediation for newly discovered CVEs
  6. GCP compliance frameworks: CIS Google Cloud Foundations Benchmark, PCI-DSS, ISO 27001, and SOC 2 with SCC dashboards
  7. Cloud DLP: discovering and redacting PII, credentials, and PHI in Cloud Storage, BigQuery, and Datastore
  8. Incident response on GCP: isolating compromised resources, forensic investigation with Cloud Audit Logs and SCC findings, and automated runbooks with Cloud Functions
T3
2 weeks · Add-On · Additional Fee
Serverless & Event-Driven Architecture on GCP
Aligned with: Google Cloud Professional Cloud Developer
+

GCP has the most elegant serverless ecosystem of any major cloud — Cloud Run is the industry's best serverless container platform, and Pub/Sub powers event-driven architectures at YouTube scale.

  1. Cloud Run deep dive: execution model, concurrency (up to 1,000 concurrent requests per instance), CPU allocation options, and min/max instance configuration
  2. Cloud Run revisions and traffic splitting: canary releases, blue/green, and rollback — managed without Kubernetes
  3. Cloud Run jobs: batch and scheduled workloads — task parallelism, index-based arrays, and Cloud Scheduler integration
  4. Cloud Run sidecars: multi-container Cloud Run — proxy, log shipper, or agent alongside the main container
  5. Cloud Run with VPC: Direct VPC egress and VPC Access Connector — accessing Cloud SQL, Memorystore, and internal services
  6. Cloud Functions (2nd gen): the Cloud Run-based Functions runtime — Eventarc-backed, longer timeouts, larger instances, and concurrency
  7. Eventarc: unified eventing — routing events from GCP services, Pub/Sub, and third-party webhooks to Cloud Run and Cloud Functions
  8. Cloud Pub/Sub: globally distributed message bus — pull and push subscriptions, dead-letter topics, message filtering, ordering, and exactly-once delivery
  9. Cloud Tasks: managed async task queues — HTTP task targets, deduplication, scheduling, and rate limiting
  10. Cloud Scheduler: managed cron jobs — triggering Pub/Sub, HTTP endpoints, and Cloud Functions on a schedule
  11. Cloud Endpoints and API Gateway: managed API gateways for Cloud Run and Cloud Functions — auth, rate limiting, monitoring
  12. Cloud Workflows: serverless orchestration — multi-step workflows in YAML/JSON calling GCP APIs, HTTP endpoints, and Cloud Functions
  13. Event-driven patterns: choreography with Pub/Sub + Eventarc, orchestration with Cloud Workflows, and fan-out with multi-subscription topics
  14. Firebase: Realtime Database, Firestore, Firebase Auth, and Cloud Functions for serverless mobile/web backends
T4
2 weeks · Add-On · Additional Fee
Platform Engineering & Advanced IaC — Fabric FAST, Backstage & Policy
Aligned with: Google Cloud Professional DevOps Engineer + Professional Cloud Architect
+

Platform Engineering on GCP — building the foundation that development teams self-service from. Project provisioning, environment creation, policy enforcement, and the developer portal that surfaces it all.

  1. Platform Engineering principles for GCP: Google's SRE culture applied to platform teams — golden paths, golden images, and DORA metrics
  2. GCP organisation structure: management groups with folders (BU, team, environment), Shared VPC host project pattern, and the Google Cloud Enterprise Foundation blueprint
  3. Project factory with Terraform: automating project creation with standard VPC, IAM bindings, API enablement, and budget configuration
  4. Cloud Foundation Toolkit (CFT): Google's opinionated Terraform module library — project-factory, vpc, gke, iam-member-pairs modules
  5. Fabric FAST: Google's modular, stage-based FAST framework for deploying a complete GCP foundation from zero
  6. Backstage with GCP: internal developer portal — Google Cloud plugin, GKE plugin, Cloud Run plugin, and GCP resource entity provider
  7. Config Connector advanced: managing the full GCP resource hierarchy as Kubernetes resources — policy, IAM, and networking from Git via Config Sync
  8. Terraform advanced patterns for GCP: provider aliasing for multi-project, and Terratest against real GCP projects
  9. Organisation Policy advanced: custom constraints using CEL expressions, policy simulation, and programmatic management with Terraform
  10. GCP resource management at scale: label enforcement via Organisation Policy, and 100+ projects with hub-spoke Shared VPC topology
  11. FinOps on GCP: BigQuery billing exports, Looker Studio cost dashboards, CUD optimisation, and GCP FinOps Hub recommendations
T5
2 weeks · Add-On · Additional Fee
Data Engineering & ML Infrastructure — BigQuery, Vertex AI & MLOps
Aligned with: Google Cloud Professional Data Engineer + Professional ML Engineer
+

GCP's data and ML platform is the most complete of any cloud — BigQuery, Vertex AI, Dataflow, Pub/Sub, Dataproc, and Looker form an integrated stack that powers the world's most data-intensive applications.

  1. BigQuery infrastructure: dataset/table organisation, column-level access control, row-level security, and partitioned/clustered table design for cost control
  2. BigQuery slot management: on-demand vs capacity pricing, slot reservations (editions), and monitoring slot utilisation
  3. Cloud Dataflow: the managed Apache Beam service — worker pools, autoscaling, Streaming Engine, and Dataflow templates
  4. Cloud Pub/Sub as a data pipeline backbone: exactly-once delivery, Dataflow-Pub/Sub integration, dead-letter topics, and Pub/Sub Schema registry
  5. Cloud Dataproc: managed Apache Spark/Hadoop — autoscaling policies, Dataproc Serverless for ephemeral Spark jobs, and Dataproc Metastore
  6. Cloud Composer (managed Airflow): environment infrastructure, environment size, autoscaling workers, VPC-native networking, and DAG deployment from Cloud Storage
  7. Vertex AI platform infrastructure: Workbench, custom training jobs (CPU and GPU), Training Pipelines, and the Model Registry
  8. Vertex AI compute: N1/N2/A2/A3 GPU instances (T4, V100, A100, H100), Spot VM training jobs, and TPU pods for large-scale training
  9. Vertex AI model serving: Dedicated Endpoints vs Serverless Prediction, traffic splitting for A/B testing, and autoscaling
  10. Vertex AI Pipelines: Kubeflow Pipelines on Vertex — reproducible ML pipelines with component caching and artifact lineage
  11. Vertex AI Feature Store: online store for low-latency retrieval, offline store for training, and feature monitoring
  12. MLOps CI/CD on GCP: triggering Vertex AI Pipelines from Cloud Build, model evaluation gates, automatic deployment on approval
  13. Data platform security: VPC Service Controls around BigQuery and Vertex AI, column-level encryption with Cloud DLP
  14. Data infrastructure cost control: BigQuery slot and storage cost analysis, Dataflow job optimisation, and Vertex AI Spot VM training
T6
2 weeks · Add-On · Additional Fee
SRE & Advanced Observability — Google's Own SRE Tooling on GCP
Aligned with: Google Cloud Professional DevOps Engineer
+

SRE was invented at Google. GCP's SLO API, Managed Prometheus, Cloud Profiler, and Cloud Trace are built by the engineers who wrote the SRE book. This track applies Google's own principles to operating GCP infrastructure.

Week 1 — Advanced Observability Stack
  1. Google Managed Prometheus: fully managed Prometheus-compatible backend — scraping GKE workloads, rules evaluation, Grafana integration, no infrastructure to operate
  2. Grafana on GCP: Google Cloud Managed Grafana vs self-hosted on Cloud Run — Cloud Monitoring, Managed Prometheus, Cloud Logging, and Cloud Trace as data sources
  3. Cloud Trace advanced: sampling configuration, custom span attributes, trace-log correlation, and p99 latency analysis across Cloud Run and GKE
  4. Cloud Profiler in production: continuous profiling for Go, Java, Python, and Node.js — flame graph analysis without overhead
  5. OpenTelemetry Collector on GCP: deploying as a GKE DaemonSet or Cloud Run sidecar — receivers, processors, and exporters to Cloud Monitoring, Cloud Trace, and Cloud Logging
  6. Log-based metrics and alerting: distribution metrics from structured log fields — latency histograms, error rate metrics
  7. Cloud Monitoring custom dashboards: MQL (Monitoring Query Language) for advanced metric expressions and SLO-based widgets
  8. Cloud Monitoring alerts at scale: alert rules, notification channels, and programmatic alert management with Terraform
Week 2 — SRE Practice on GCP
  1. SLIs, SLOs, and error budgets: defining SLIs from Cloud Monitoring metrics — the Cloud Monitoring SLO API for creating request-based and window-based SLOs natively
  2. Cloud Monitoring SLO dashboard: tracking error budget burn rate and burn rate alerts (fast burn + slow burn)
  3. Multi-window multi-burn-rate alerting: the Google SRE Book's recommended alerting strategy in Cloud Monitoring
  4. Chaos engineering on GCP: building controlled failure experiments with Cloud Functions + Pub/Sub triggers — VM termination, Cloud SQL failover, Cloud Run scaling-to-zero, and Pub/Sub message delivery delays
  5. Resilience testing: validating Cloud SQL HA failover, Cloud Run health check recovery, GKE node pool disruption, and multi-region load balancer failover
  6. Cloud Functions for operational automation: auto-remediating SCC findings, auto-stopping idle Compute Engine VMs, and cleaning up orphaned Persistent Disks
  7. Pub/Sub for operational event streams: Cloud Audit Logs → Pub/Sub → Cloud Functions for real-time, event-driven automation
  8. Toil reduction: automating repetitive operations with Cloud Functions, Cloud Workflows, and Eventarc-triggered pipelines
  9. Blameless post-mortems: reconstructing timelines using Cloud Audit Logs, Cloud Monitoring incident history, and SCC findings
  10. Capacity planning: Cloud Monitoring metric trends, Committed Use Discount analyser, and Recommender right-sizing
  11. Google Cloud Status integration: status RSS feed → Slack, personalised incident notifications, and GCP service health in SRE dashboards

🎓 Google Cloud Certifications Aligned

Every component of this program is aligned with a specific Google Cloud or industry certification. Google's Professional certifications are among the most rigorous and respected in the cloud industry.

Core Program

Google Cloud Associate Cloud Engineer (ACE)

Core GCP services, IAM, Compute Engine, GKE, Cloud Storage, networking

Track 1

CKA — Certified Kubernetes Administrator

The global standard for Kubernetes operations — created on GKE

Track 1 + 3

Professional Cloud Developer

Cloud Run, GKE, Cloud Build, App Engine, Firebase, Cloud Functions

Track 2

Professional Cloud Security Engineer

SCC, Binary Authorization, VPC Service Controls, Cloud KMS, IAM

Track 4 + 6

Professional Cloud DevOps Engineer

The most rigorous DevOps certification — SRE, SLOs, CI/CD, platform engineering

Track 4

Professional Cloud Architect

GCP solution design, multi-region strategy, cost optimisation, Fabric FAST

Track 5

Professional Data Engineer

BigQuery, Dataflow, Pub/Sub, Dataproc, Cloud Composer, and data governance

Track 5

Professional ML Engineer

Vertex AI, MLOps pipelines, Feature Store, model serving, and ML monitoring

📅 Schedule & Timings

📌
Choose one group based on your availability. Maximum 5 candidates per group — individual hands-on GCP lab support and direct instructor access throughout.

Weekday Groups

Group 1Mon–Wed · 10 AM – 1 PM
Group 2Mon–Wed · 4 PM – 7 PM

Weekend Groups

Group 3Sat & Sun · 10 AM – 2 PM
Group 4Sat & Sun · 4 PM – 8 PM

📍 Location: In-house training, F-11 Markaz, Islamabad  ·  📱 Online option available for out-of-city participants

🎯 Who This Is For

Developers and system administrators transitioning into GCP cloud engineering and DevOps roles — no prior GCP experience required
Data engineers and ML engineers who want to own the infrastructure layer of their data and AI pipelines — BigQuery, Vertex AI, and Dataflow all covered in Track 5
Engineers targeting remote roles at product companies and AI-native startups that run on GCP — the fastest-growing segment of Pakistan's IT export market
DevOps engineers experienced on AWS or Azure who want to add GCP expertise — the open-source tooling skills (Kubernetes, Terraform, Prometheus) transfer directly
Anyone pursuing the Google Cloud ACE, Professional Cloud DevOps Engineer, or Professional Cloud Architect certifications with hands-on lab training
Engineers who want to work with Google's own SRE tooling — the SLO API, Managed Prometheus, Cloud Profiler, and Chaos engineering patterns