AWS Certified Security Specialty

A good friend of mine has a habit of throwing gauntlets around like they’re nothing. “So, Geoff,” he’ll start casually, “did you know there are some new AWS specialty certifications in beta now?”

This is usually about the time that I realize I’m in for a world of pain, uh, learning. It turns out that this time AWS has come up with three exams that I’ll conservatively call pro-level.

I’ve been learning a lot over the past year and a bit, negotiating a career transition from telecom to security, so I’d consider myself a firm novice when it comes to all this stuff, but it’s not like we were doing nothing over in the old world, so I figured I’d check out the landscape for the security certification. I find that preparing for certifications is a great way to learn at least the theory, and sometimes get a bit of practice in as well. When some detail doesn’t click right away, it’s easy enough to spin something up and try it out to figure out how things are working.

Keep in mind that the “AWS recommendations” includes, as a single bullet point among several, “AWS documentation.” So, since we’re talking about security, let’s take that as the reference docs, programmers’ guides, and best practices for 50+ services.

Next is the alphabet soup: as @marknca says, “candidates should be familiar with ISO 27001, PCI DSS, HIPAA, SAS 70, SOC 1, FISMA, and NIST.” That’s “and”, not “or”, folks. Great standards, huge standards.

Right now I’m on the edge. The reading so far has been pretty much stuff I’ve seen before one way or another, so maybe, just maybe, I’ll give the exam a shot.

At least I’m not in this boat:

Good luck to the #triplecertmonday folks, you are definitely certifiable.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.