AWS security specialty

This post continues my earlier series of covering the top Cloud Security Certifications which professionals can purse in 2022 and the topic this week is the AWS Security Specialty Certification. I have already covered vendor agnostic ones like the CCSP and the CCSK and thought it would be a good idea to move onto more platform specific ones with AWS being the obvious starting point. The AWS Security Specialty cert is one of the hottest β€œprofessional” level certifications around and is a big feather in the cap for anyone who can pass it.

About the AWS Security Specialty Certification

Before we start; a few quick points to note about the AWS Security Specialty Cert:

✍️ As the name suggests this is not a beginner cert but is for those who already have experience in AWS security. As per AWS

AWS Certified Security – Specialty is intended for individuals who perform a security role and have at least two years of hands-on experience securing AWS workloads.Β 

However, If you already know AWS and want to demonstrate expertise in AWS security then this is the definitely the best certification to go for

✍️ The certification is still going strong as of 2022 and is very much in demand. The AWS cloud ecosystem is the biggest among the major cloud providers and cyber-security remains a top concern. You really cannot go wrong with having this on your CV.

✍️ As per the official exam guide on the the AWS Certified Security Specialty page, the exam is a pass or fail one with a minimum passing score of 750 out of 1000. The domains are as follows :

Content Outline – Source: AWS Official website

How to prepare for the AWS Security Specialty Certification

As this is not a platform-agnostic cert like the CCSP and the CCSK, it must be approached slightly differently. Below are my key tips for how to prepare for it.

πŸ’ͺ Know your level: While there is nothing stopping you from making this your first AWS cert if you are just starting out; I would definitely recommend doing a beginner-level AWS certification like the AWS Certified Solutions Architect – Associate first. This will create a great foundation of AWS services such as IAM, KMS, and other concepts which you will need in the future. The AWS security specialty assumes that you are already familiar with AWS terminology and this can become a big challenge if you are attempting this as your first AWS cert.

πŸ’ͺ Get hands on with AWS Services : Another key step would be to setup a home lab environment and start playing around with the AWS services so you can start understanding them. There are a huge number of AWS services which are covered in the exam and you should broadly know all of them. Without having hands on experience you will not able to understand questions which involve IAM Policies , EC2 instances etc. Create an AWS free tier account and start playing around in the AWS cloud environment

πŸ’ͺ Learn AWS IAM inside and out: IAM is one of the toughest areas in the exam requiring you to understand how policies are evaluated and in what order. Know the policy flow and evaluation logic and how IAM elements work. Start experimenting in your AWS IAM account with the IAM policies. The below video gives a great overview and is amazing if you want to deep dive in to AWS IAM:

πŸ’ͺ Be ready for β€œMOST” and β€œLEAST” questions: A lot of questions will attempt to trick you by providing correct responses so you will have to pick the most suitable one. Understand the pros and cons of each AWS service so you can respond to these questions accurately as there is no single wrong answer here

πŸ’ͺ Deep dive into Encryption and Logging: A lot of questions will cover scenarios pertaining to KMS keys and which type of encryption to use in a particular scenario. Additionally you are expected to know the logging and alerting use cases of AWS CloudTrail and CloudWatch and how they differ from each other along with best practises . The FAQ sections for each of these services are really invaluable for doing a deep dive which I have listed below :

IAM FAQ

KMS Faq

CloudTrail FAQ

CloudWatch FAQ

My tips for passing the exam

In addition to the above, below are the steps I took to pass my AWS security specialty exam:

πŸ’‘ Training: Invest in training so you follow a structured way of understanding AWS security concepts. I used A Cloud Guru training which is one of the best ones around but there are several good ones on Udemy and even Youtube. . There is also a free readiness course provided by AWS which goes over the essentials of the exam and is definitely recommended as a refresher.

πŸ’‘ Practise! No amount of studying will get you ready for the exam without preparing so practice tests are a must. A Cloud Guru and Udemy courses have some good practice tests but I would recommend going for the one on WhizLabs as there were ( in my opinion ) the closest to the actual exam.

πŸ’‘ AWS White-papers: AWS has some amazing whitepapers which go into great detail about security best practices and their security services. These are not mandatory but definitely recommended to go through once before the actual exam.

πŸ’‘ AWS Labs: Lastly, AWS provides some great labs based on their well-architected framework which I would suggest everyone go through once as they slowly build up your hands-on experience. This can be a great supplement to any training courses you take on and range from Foundational, Intermediate to Advanced.

Last steps

I hope this gave you a good overview of how to prepare for the AWS Security Specialty exam. The exam is not easy by any means and there is no magic bullet or solution for passing the exam. Build up a solid base of technical knowledge and supplement it with practice exams and you should ace it on the first try.

Wishing you all the best on your exams!