Cloud adoption has grown rapidly and accelerated as a result of recent global events. Organisations are increasingly looking to the cloud to drive innovation, improve scalability, performance, and reduce overall operational costs. As a result over 98% of organisations are using some form of cloud infrastructure to run critical application workloads, store and process sensitive company and user data. Cloud environments differ significantly from on-premises data centers. Traditional security methodologies often don't translate nicely into the cloud, and the combination of these challenges can often be seen as a barrier to fully realising the potential of cloud-first strategies. Understanding and solving these challenges is critical to preventing security incidents and overall long-term success. Sun Tzu aptly said “If you know the enemy and know yourself, you need not fear the result of a hundred battles". As a Cloud Security Engineer and Ethical Hacker I'll share the learnings from my involvement with cloud migrations, and pragmatic advice on how organisations can protect themselves from adversaries.