The AWS Certified Security – Specialty is intended for individuals who perform a security role with at least two years of hands-on experience securing AWS workloads. The AWS Certified Security – Specialty certification allows experienced cloud security professionals to demonstrate and validate their knowledge about how to secure the AWS platform. Based on Global Knowledge’s 2020 IT Skills and Salary Report, the AWS Certified Security – Specialty certification is one of the top 10 most popular cybersecurity certifications of 2020. Additionally, the survey found that 96 percent of IT leaders believe team members with cybersecurity certifications add value to their organizations. If you’re considering pursuing this certification, you’re in good company. According to the survey, 48 percent of all IT professionals interviewed by Global Knowledge are actively pursuing a cybersecurity certification. It is really worth every penny and every second you invest to earn it.
Abilities Validated by the Certification
An understanding of specialized data classifications and AWS data protection mechanisms
An understanding of data encryption methods and AWS mechanisms to implement them
An understanding of secure Internet protocols and AWS mechanisms to implement them
Working knowledge of AWS security services and features of services to provide a secure production environment
Competency gained from two or more years of production deployment experience using AWS security services and features
The ability to make tradeoff decisions with regard to cost, security, and deployment complexity is given a set of application requirements
An understanding of security operations and risk.
Recommended Knowledge and Experience
At least two years of hands-on experience securing AWS workloads
Security controls for workloads on AWS
A minimum of five years of IT security experience designing and implementing security solutions.
AWS Security Specialty Domains
The AWS exam is divided into 5 content areas or domains:
Incident Response 12%
Logging and Monitoring 20%
Infrastructure Security 26%
Identify Access Management (IAM) 20%
Data Protection 22%
Amazon doesn’t give each domain equal weight—some contain more questions than others—so you’ll want to allocate your study time accordingly. Below, you’ll see a percentage next to each domain. This will give you an idea of how many questions are allocated to each topic. Of course, you’ll want to spend more time studying the domains with higher percentages.
Whitepapers — Take a look at the section called “Security and Compliance.” Be sure to spend time with the “AWS Security Incident Response Guide,” which is an overview of the fundamentals of responding to security incidents in an AWS Cloud environment.
Videos — Be sure to watch “Incident Response in the Cloud.” VPC Connectivity Options,” “DDoS Best Practices,” “Advanced Security Masterclass,” and “Well-Architected Framework Security Pillars”.
“IAM Policy Master” and “IAM Policy Ninja” (they are similar), “ID Federation for AWS” (important to watch since many of us often don’t get much hands-on experience doing ADF and it’s hard to replicate it in a lab environment). KMS Best Practices and Encryption Deep-dive” (This covers the same material as the whitepaper does.)
FAQs — Config, CloudTrail, WAF, AWS Shield, CloudFront, Route 53, VPC, ELB, EC2 Auto Scaling, Lambda, Direct Connect, Artifact, and Macie.
“KMS” (Worth reading twice! It’s critical for passing this domain.) Pay particular attention to the different types of keys involved in KMS and how you rotate the different keys, such as when to use automatic or manual key rotation.
Prepare for Your Exam
There is no better preparation than hands-on experience. There are many relevant AWS Training courses and other resources to assist you with acquiring additional knowledge and skills to prepare for certification. Please review the exam guide for information about the competencies assessed on the certification exam.
Is it Worth Taking the AWS Certified Security - Speciality exam?
If you want to learn some general security best practices or systemize your knowledge about them and gain new fancy paper, then it’s definitely worth it. Furthermore, if you tend to procrastinate, then having the upcoming deadline at the back of your mind is a great motivation to learn regularly every day. However, forget about gaining practical knowledge about offensive aspects of AWS security, like for example scenarios in Cloud Goat, privilege escalation techniques, or data exfiltration from isolated EC2 instances.
Every AWS certification level can be tough. These certifications are very valuable in the market. Holding any of them validates a certain level of experience with the platform, which can be a big boost to your career. As AWS keeps growing and dominating the cloud platform space, the need for experienced engineers will increase. Nothing will make you stand out of the pack more than an AWS cert — no matter the level.
And the “toughness” of any AWS cert is entirely relative and depends on your own AWS knowledge and experience. So train up, and strive for AWS-certified greatness.