I have written before on which Cloud Security certification you can choose if you are planning this career path in 2023 and I thought I should take my own advice first !
I will try not to bore you with how certs and important and a key enabler for your career blah blah
My reason for doing the AWS Security Specialty cert are pretty simple ..
I work in AWS so we have to keep our certifications up to date and
I work in cloud security and it would be kind of weird NOT to be AWS certified
The AWS Security Specialty cert is one of the hottest “professional” level certifications around and is a big feather in the cap for anyone who can pass it.
As the name suggests this is not a beginner cert but is for those who already have experience in AWS security.
As per AWS
AWS Certified Security — Specialty is intended for individuals who perform a security role and have at least two years of hands-on experience securing AWS workloads
However, If you already know AWS and want to demonstrate expertise in AWS security then this is the definitely the best certification to go for
The AWS cloud ecosystem is the biggest among the major cloud providers and cyber-security remains a top concern.
You really cannot go wrong with having this on your CV.
As per the official exam guide on the the AWS Certified Security Specialty page, the exam is a pass or fail one with a minimum passing score of 750 out of 1000.
As this is not a platform-agnostic cert like the CCSP and the CCSK, it must be approached slightly differently.
Below are my key tips for how to prepare for it.
Know your level: While there is nothing stopping you from making this your first AWS cert if you are just starting out; I would definitely recommend doing a beginner-level AWS certification like the AWS Certified Solutions Architect — Associate first. This will create a great foundation of AWS services such as IAM, KMS, and other concepts which you will need in the future. The AWS security specialty assumes that you are already familiar with AWS terminology and this can become a big challenge if you are attempting this as your first AWS cert.
Get hands on with AWS Services : Another key step would be to setup a home lab environment and start playing around with the AWS services so you can start understanding them. There are a huge number of AWS services which are covered in the exam and you should broadly know all of them. Without having hands on experience you will not able to understand questions which involve IAM Policies , EC2 instances etc. Create an AWS free tier account and start playing around in the AWS cloud environment
Learn AWS IAM inside and out: IAM is one of the toughest areas in the exam requiring you to understand how policies are evaluated and in what order. Know the policy flow and evaluation logic and how IAM elements work. Start experimenting in your AWS IAM account with the IAM policies. The below video gives a great overview and is amazing if you want to deep dive in to AWS IAM:
Multiple response questions can be tricky: These questions have two or more correct responses and all of them have to be selected. Remember that there is more than one correct answer here and understand what the question is asking you.
Deep dive into Encryption and Logging: A lot of questions will cover scenarios pertaining to KMS keys and which type of encryption to use in a particular scenario. Additionally you are expected to know the logging and alerting use cases of AWS CloudTrail and CloudWatch and how they differ from each other along with best practises . The FAQ sections for each of these services are really invaluable for doing a deep dive which I have listed below :
IAM FAQ
KMS Faq
CloudTrail FAQ
CloudWatch FAQ
In addition to the above, below are the steps I took to pass my AWS security specialty exam:
Training: Invest in training so you follow a structured way of understanding AWS security concepts. I used A Cloud Guru training which is one of the best ones around but there are several good ones on Udemy and even Youtube. . There is also a free readiness course provided by AWS which goes over the essentials of the exam and is definitely recommended as a refresher.
Practise! No amount of studying will get you ready for the exam without preparing so practice tests are a must. A Cloud Guru and Udemy courses have some good practice tests but I would recommend going for the one on WhizLabs as there were ( in my opinion ) the closest to the actual exam.
AWSWhite-papers: AWS has some amazing whitepapers which go into great detail about security best practices and their security services. These are not mandatory but definitely recommended to go through once before the actual exam.
AWS Labs: Lastly, AWS provides some great labs based on their well architected framework which I would suggest everyone go through once as they slowly build up your hands-on experience. This can be a great supplement to any training courses you take on and range from Foundational, Intermediate to Advanced.
After reading all that .. the question you might be asking is if I passed or not ? the answer is YES as you can see below :
I hope this gave you a good overview of how to prepare for the AWS Security Specialty exam. The exam is not easy by any means and there is no magic bullet or solution for passing the exam. Build up a solid base of technical knowledge and supplement it with practice exams and you should ace it on the first try.
Wishing you all the best on your exams!
Taimur Ijlal is a multi-award-winning, information security leader with over two decades of international experience in cyber-security and IT risk management in the fin-tech industry. Taimur can be connected on LinkedIn or on his YouTube channel “Cloud Security Guy” on which he regularly posts about Cloud Security, Artificial Intelligence, and general cyber-security career advice.
If you are interested in getting Cyber Security career coaching then reach out to him here.
