This is part I of our blog series: "Road to the AWS Security Specialty"
AWS currently offers 11 different certifications. More general ones ranging from level foundational to professional and five Specialty Certifications.
The AWS Certified Security Specialty is intended for developers/consultants who perform a security role. It is supposed to show the persons knowledge about securing the AWS platform.
The recommended AWS knowledge is:
- A minimum of 5 years of IT security experience, designing and implementing security solutions
- At least 2 years of hands-on experience securing AWS workloads
- Security controls for workloads on AWS
After working with AWS for nearly 4 years I recently passed the AWS security specialty. I’m going to give you an insight into my preparation process, my exam experience and my takeaways from my learnings.
Reasons for taking the exam
- Showcase your skills: if you’ve been working with AWS for several years a lot of the topics will already be known to you and having a certification to show for it is always a good thing.
- Personal / professional growth: you want to deepen your AWS knowledge and learn more about Security best practices in AWS.
- Job opportunities: in general AWS certifications are highly sought after.
- Must have for every project: If you are currently deploying infrastructure on AWS someone in your team/company should have this certification so you can secure your workloads the right way.
Preparation for the exam
A Cloud Guru (AGC) Security Specialty Course
AGC is the go-to website for AWS courses. Usually, they give a pretty good overview over the certifications and the content. But in my experience just doing the AGC course isn’t enough.
AGC Exam Simulator:
AGC also has an exam simulator which I used to check my exam readiness,
After each exam I would take note about the topics I needed to do more research on . It also gave me a good feeling for the time of the exam.
Forum from A Cloud Guru with reviews from the exam
AGC has a forum for each specialty and a lot of people take time after their exam to write down their feelings – what topics were mentioned the most or what questions they wished they had prepared more for.
AWS Blog Posts
Especially with all the changes always happening with AWS you should always have an eye on the blogposts – there is also section only for security blog posts: https://aws.amazon.com/blogs/security/
There are a lot of very good talks regarding security topics. One I really liked for fundamental information was: https://youtu.be/-ObImxw1PmI
Even if you don’t take the security specialty, I highly recommend taking the time for this talk. Becky Weiss explains the fundamental of security in AWS in an understandable way.
Personal Notes in OneNote
With the guideline from AGC I created a new OneNote notebook and took notes with all info I deemed necessary. If I had a question during the exam simulator, I had problems with, I would research the topic again and add to my notes.
Whitepapers / FAQs
AWS has a lot of good whitepapers and FAQs. For the most important topics of the exam, I took the time to read through the whitepapers and take notes.
The actual exam
Because of Covid, test centers weren’t open when I took the exam late February. But it seems if you prefer you can schedule in person exams again. AWS offers two providers for the exam, Pearson VUE and PSI. After research most people online recommended using Pearson VUE as a provider. A coworker tried to do an exam through PSI which failed because of technical problems from PSI –they still did not refund the exam fee. So, I would personally recommend Pearson VUE.
When you schedule your exam, you can take a quick test with Pearson VUE to check if your system works with their program.
At the day of the exam, you must prepare your desk and your room. Nothing that is prohibited is allowed to be in arm’s reach. Around 30 minutes before the exam, you can start with your personal preparation. I highly recommend starting 30 minutes earlier. Sometimes it can take a while to get the right shot of your ID etc.
You start the software from Pearson VUE and get connected with the exam overseer. They ask you to see your ID, take pictures of your room or see your desk area. It really surprised me, that I wasn’t allowed to use my headset. Since I was using my personal computer, I had to figure out how to handle the audio without my headset. At the end I used the microphone from my webcam and the integrated speakers in my monitor. After you have started the exam, you are not allowed to leave the room, have somebody enter the room or talk out loud.
Afterwards you get a PASS or FAILED notification on your screen, and you’re done. Only a couple of days later you get the exam results send via e-mail.
Is it worth taking the AWS Certified Security Speciality exam?
Short answer: YES!
Long answer: For me the knowledge I gained during the exam preparation is super useful during my day-to-day business. I already took the Solutions Architect Associate exam, but the Security Specialty is the certification I use the most at work. Topics like VPC, WAF or LoadBalancer are important in basically every project in AWS. Knowing how to properly secure all of them and how to troubleshoot is super helpful.
I’ll make a second blogpost explaining what I think is most useful and give a few examples for important services.