Cloud skills are in high demand. Industry-leading AWS certifications demonstrate AWS skills and expertise in multiple areas and levels and provide a great ROI to IT professionals seeking career advancement.
“The idea is for certification paths to start with the Practitioner, which is a nontechnical, entry-level certification. Then, you move up to Associate-level certifications, which start becoming more technical,” said Stuart Scott, AWS content and security lead at Cloud Academy. Next, there is the Professional level, which competes with the Specialty level in terms of difficulty.
What is unique about the Specialty-level AWS Certified Security certification is that can provide individuals, organizations and their customers with priceless peace of mind, Scott said. An experienced, self-motivated and accredited security team adds value to an organization and potentially saves money by preventing costly breaches and data protection noncompliance penalties.
Scott authored AWS Certified Security – Specialty Exam Guide to help cloud security professionals better understand the AWS environments they are responsible for protecting. The book outlines AWS services and security methodologies to equip AWS security teams with everything they need to confidently sit for the certification exam.
Here, Scott shares study tips, resources and additional insights on the AWS Certified Security – Specialty exam.
Editor’s note: This transcript has been edited for length and clarity.
How much cloud security experience should candidates have to prepare them for the AWS Certified Security – Specialty certification exam?
Stuart Scott: To pursue the AWS Certified Security – Specialty certification, you should have a high-level background knowledge of multi-cloud computing and the main objectives of how to secure your cloud. It is beneficial to have at least six months to one year of experience of using AWS because it does dive into some quite deep technical areas. The exam questions are quite long, and the answers can be a whole page long.
Without that foundational knowledge of AWS, you may find some of the methodologies and concepts more difficult to understand. The AWS Certified Security – Specialty Exam Guide is designed to take you from those early stages and explain what you need to know, why you need to know it and how to enforce security across all different layers of your architecture.
How can the AWS Certified Security – Specialty certification benefit individuals and organizations?
Scott: Obtaining the AWS Certified Security – Specialty certification is good for you at the professional level. It demonstrates that you have a wide breadth of knowledge about how to secure deployments from the application level, the network level and the infrastructure level.
Without question, it can also benefit the organization because it can verify its staff is fully aware of how to secure AWS cloud infrastructure. The organization can reinforce to any customers it provides service to that its team has passed the AWS Certified Security – Specialty exam, thus customer data will be in safe hands. That’s important because security has always been a touchpoint that can hold organizations back from joining the cloud. They hear scary stories of how large organizations leaked customer documentation or details out of the cloud. But it also reflects a lack of knowledge in how to secure cloud infrastructure.
Which of the domains of the exam are most challenging for test-takers?
Scott: This depends on your level of experience and knowledge. If you have someone who has less experience with network infrastructure, then domain three — infrastructure security — can be a bit daunting. The data protection domain’s heavy emphasis on encryption may be challenging for some people. Often, they find cookie encryption confusing before looking into it. But, when you start breaking down how the encryption services work, such as AWS Key Management Service, it can become quite simple — as long as you take the time to apply the material to hands-on experience with your own test account.
What are some of the broader cloud security considerations or trends that test-takers in organizations need to keep top of mind?
Scott: The shared responsibility model underpins many of the different elements of the certification. You need to understand where your responsibility starts and ends, and where AWS’ responsibility starts and ends, to implement a secure solution within your environment. You can’t secure your environment without knowing what you need to secure. If you assume AWS is securing elements of your infrastructure that it is not, that’s when malicious activity can start to prevail. Malicious actors can find weaknesses in your designs and infrastructure.
Which soft skills can best augment cloud security professionals and equip them for success?
Scott: Patience, patience, patience. You need to take time to examine why you are implementing a security control and when. For example, is it because it protects you from internal threats or external threats? You can implement too much security, thus wasting time and resources. If something doesn’t need to be protected to the nth degree or if it doesn’t need to be encrypted, then you don’t need to apply all those security controls. You have to stick with it to understand why you’re influencing security — that’s why it takes time management and patience.
What is the typical timeline for the certification process?
Scott: It depends on your experience level. If you’re new to AWS, I would recommend at least three to six months’ study preparation time. That gives you ample opportunity to get hands-on experience as well. It’s different if you’re advanced within AWS — or hold an AWS [Certified] Solutions Architect – Associate or one of the AWS Professional-level certifications, for example. In those cases, I would recommend one to three months since many of the services and topics on those exams are likely to overlap to some degree with this certification.
What other resources should cloud security practitioners take advantages of to help pass the exam?
Scott: Cloud Academy offers online courses with hands-on labs and exams to assess your preparation for all of the AWS certifications. You don’t need your own AWS account — the credentials are provided in the course.
AWS white papers are also a great resource; they’re packed full of useful information. Throughout AWS Certified Security – Specialty Exam Guide, there are many different white papers listed that can help you understand the more difficult topics. The AWS YouTube channel has some great videos with deep dives that you can look into as well. Those would be my top three resources to help pass the exam.