How I passed the AWS Security Specialty?

CybersecurityAWS
Written By Shasheen Bandodkar

The AWS Certified Security Specialty helps organizations identify and develop talent with critical skills for implementing cloud initiatives. Earning AWS Certified Security Specialty validates expertise in securing data and workloads in the AWS Cloud. Here’s my experience and advice on how you can prepare for the AWS Certified Security – Specialty exam (SCS-C01).

An Overview of the Security Specialty exam:

The certification is designed to validate an individual's expertise in securing and protecting data, applications, and infrastructure on the AWS platform. It covers various security topics, including identity and access management, encryption, network security, incident response, and governance. You should also be familiar with AWS services such as AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), AWS CloudTrail, and AWS Config and have a solid understanding of security best practices and principles.

Essential skills and knowledge areas that you should focus on:

  1. Identity and Access Management (IAM): Understanding of IAM policies, roles, and groups; knowledge of AWS Single Sign-On (SSO) and AWS Directory Service; ability to implement and manage federated access.

  2. Data Protection: Knowledge of encryption technologies, such as AWS Key Management Service (KMS) and AWS Certificate Manager; ability to implement and manage encryption at rest and in transit; understanding of data classification and protection best practices.

  3. Network Security: Understanding AWS networking concepts, such as Virtual Private Cloud (VPC), Security Groups, and Network ACLs; knowledge of AWS services for network protection, such as AWS WAF and AWS Shield; ability to implement and manage secure network architecture.

  4. Monitoring and Incident Response: Knowledge of AWS logging and monitoring tools, such as AWS CloudTrail and AWS Config; understanding of incident response best practices and ability to implement and manage incident response procedures.

  5. Compliance and Governance: Understanding AWS compliance requirements, such as GDPR and HIPAA; implementing and managing compliance and governance controls using AWS services, such as AWS CloudFormation and AWS Config.

My preparation for the exam

My preparation involved roughly 2/2.5 months.

  • The initial focus involved active learning, playing around with the AWS environment, and understanding the different AWS technologies in-depth.

    • Playing and understanding the environment is essential. If you primarily rely on theory, you could fall short in the exam.

  • Once I completed going through all five domains, I read through a lot of the AWS Documentation.

    • Going through the AWS documentation is an absolute must.

  • The final Steps were going through many practice tests and identifying critical areas of improvement.

Choosing the Study material

  • The primary material of reference is the AWS Documentation: https://docs.aws.amazon.com/index.html

    • Tip: Go through the troubleshooting sections for different AWS services.

  • Adrian Cantrill's AWS security course is pretty good. It covers all exam sections with visual representations of the services and their workings.

    • Note: A few exam topics overlap with other specialty/associate exams.

  • Tutorials Dojo Practice exams. Note: These are not the most up-to-date practice questions.

  • AWS Practice Questions and summary guide. Sign in to AWS Skill Builder; you will find it there.

A few areas I focused on personally:

  • Server-side/Client-side encryption [S3]

  • KMS Encryption

  • VPC Networking

  • Stateful/Stateless connections

  • AWS Cognito/ SSO

  • Differences/Functionality between different services [Cloud Watch/Trail/Front etc.]

  • Parameter Store/Secrets manager [Key Rotation]

  • EC2/ ECS/EKS Security

  • Load Balancers [NLB/ALB]

  • Incidence Response [lambda]

  • Cloudformation IAM Policies

  • Troubleshooting

My Notes

My notion notes I covered the main functionalities of each service and technology, but 75% covered different troubleshooting areas and error findings. I also used handwritten notes.

You can also follow these mini projects and build your own AWS environment: https://github.com/acantril/learn-cantrill-io-labs

Final Points

If you are planning to take the AWS Security Specialty exam, here are some key takeaways to keep in mind:

  1. Prepare thoroughly: Ensure you have a solid understanding of AWS security concepts, services, and features. AWS offers a variety of resources to help you prepare, including training courses, whitepapers, and practice exams.

  2. Hands-on experience: Practice using AWS security services and features in a real-world scenario to gain hands-on experience. This will help you better understand how to implement and manage security in AWS.

  3. Time management: The AWS Security Specialty exam consists of 65 questions. You have 170 minutes to complete it. Make sure you manage your time effectively and don't spend too much time on any one question.

  4. Stay up-to-date: AWS frequently updates its security services and features, so it's essential to stay up-to-date on the latest developments. Review the AWS Security Specialty exam guide to ensure you know of any recent changes.

  5. Don't get discouraged: The AWS Security Specialty exam is challenging, but don't get discouraged if you don't pass the first time. Use your exam results to identify areas where you need to improve and continue to study and practice until you are confident in your abilities.

Shasheen Bandodkar
Previous

How to build an effective security awareness training program?
Next

Stateful v/s Stateless Connections in AWS VPCs