Please note that this post, first published over a year ago, may now be out of date.
I recently passed the exam for the AWS Security Specialty Certification and I thought I’d share some tips and resources I used to prepare for the exam.
Before embarking on the journey to obtain an AWS certification, it’s worth while asking why bothering getting AWS certified. Here are some good reasons:
In my case, professional growth was the main driver as I wanted to deepen my AWS knowledge in the security space. And it is certainly paying dividends as the AWS Security Specialty Certification is one of the most practical AWS certifications and one of the most useful for my daily job.
The best place to start is to read the AWS Certified Security Specialty page and download the official exam guide. You may also test your current AWS security knowledge by trying to answer the sample exam questions: this gives you a flavour of what to expect during the exam (in case this is your first AWS exam) and shows you some of the areas where you may have knowledge gaps. Don’t worry if you don’t score particularly well on your first attempt, keep track of how many answers you got right, and try the test again before your exam date, you will certainly score better and realize how much you’ve learnt.
Getting organized on what to study and when to take the exam is also another important initial step. When embarking in a new project, my project management technique is to create a Trello board and start recording all the things I need to do to reach my project goals. For the AWS exam I created Trello cards for the resources I wanted to study (i.e. videos, white papers, hands-on labs, etc.) as well as for the practicalities (e.g. booking the exam). A Trello board (or indeed any project management tool) can help you navigate the study material to study for the exam, visualise your study progress, and make sure you don’t forget important bits when the exam date is approaching.
This is how my Trello board looked like few days before taking the exam:
Treat the board as a compass and as a tool to track your progress. Don’t get bogged down to record every single white paper, video course or book you may want to check out. The important thing is to get organized and start studying - you will create new cards and move old ones as you study along.
I prepared for the exam using a mix of study materials which included videos, books, AWS documentation and white papers, and hands-on labs. I personally find useful to mix the course material as it reinforces my learning. Furthermore, a single resource may cover a topic insufficiently or present it on a limited angle so it’s always good to mix and match.
I took the video course on the AWS Certified Security Specialty by A Cloud Guru and if you only have time to focus on a single study resource then go for this video course. It is a very engaging and hands-on course and gets updated regularly which is a major plus over other video courses. Plus, they provide some tests at the end of each section and a simulation of the exam at the end of the course which is the closest thing you get to the real AWS exam. On the minus side, A Cloud Guru courses are not cheap and require a monthly subscription (you can’t just buy a single video course). However, you can stop the subscription when you pass your exam: this should save some money and motivate you to complete the course within your target date.
Another video resource I recommend is Architecture for Security on AWS. This is a 90 minute webinar presented by our very own Scale Factory CEO/CTO Jon Topper that gives you a bird’s eye view of all the security tools you can leverage in AWS. It’s a great introduction to security in AWS and covers lots of the security topics at a high level.
As everyone who has done the exam will tell you, IAM is the most important topic on the security exam and you need to know it inside out. AWS re:Invent videos are great to deep dive into a specific topic and for IAM I definitely recommend Become an IAM Policy Master in 60 Minutes or Less by Brigid Johnson. This was my favourite tutorial video on IAM policies and covers some of the most advanced IAM scenarios you might find in the exam.
I personally love studying on physical books as they keep me away from screens and internet distractions. Unfortunately, unlike other AWS certifications, there aren’t many books specifically dedicated to the AWS Security Specialty Certification. The only one available at the time I studied was Zeal Vora’s AWS Certified Security Specialty Study Guide published in 2018. Although I found the book useful as its content is very hands-on, there are lots of spelling mistakes, typography issues, and awkward phrasing. This included few wrong commands, mainly due to misprints and poor typesetting. It’s a shame as the book could have massively been improved with some editing.
Two promising books on the security certification exam which are scheduled to be released in the course of 2021 are the AWS Certified Security Study Guide to be published by Sybex and the AWS Certified Security Specialty All-in-One Exam Guide to be published by McGraw-Hill. I read exam preparation books by these two publishers in the past and they are usually very good and rigorous. In fact, few years ago I studied my AWS SysOps Administrator Associate certification on a Sybex book: I found it excellent and it also contained extra online content like flashcards and practice exams.
While studying on a video course or a book, you’ll get plenty of references to the official AWS documentation, white papers, and FAQs. In fact, the AWS exam preparation page lists all the white papers and FAQs you should read for the exam. To be honest, I didn’t read every single link to the AWS documentation which was thrown at me but I skim read lots of these web pages and white papers, in particular for the AWS services I was less familiar with. I personally found very interesting the white paper on Best Practices for DDoS Resiliency: it’s a fascinating read and shows how various denial of service attacks work and how to mitigate them.
Another piece of AWS documentation that is extremely useful is the policy evaluation logic: the scenarios presented here are the type of questions on advanced IAM policies you can expect in the exam.
Some video courses offer hands-on labs to practise what you learn during the course. For example, A Cloud Guru offers hands-on labs as part of their subscription offering and the security course has several labs as video content that you can practise on your own AWS account.
AWS Well-Architected Labs are hands-on labs content developed by AWS to build AWS infrastructure using architectural best practices. They cover the five pillars of the Well-Architected Framework, one of which is security. I did some of the intermediate and advanced labs using my AWS account and they were very easy to follow through. These labs complement well the theory that you learn elsewhere and give you that practical knowledge that is invaluable when working as an AWS engineer - and useful to pass the exam too!
Once I covered all the course material, I did some rehearsal to simulate the exam and see how good I would score. These are the resources I used to rehearse the exam:
The security exam has a passing score of 750 so each time I practised a mock exam or a set of sample questions I checked if I got at least 75% of the answers right. This confirmed I was ready for the exam and highlighted some of the areas which I needed to review (usually related to IAM and KMS).
You may want to book the exam in advance to set a strict deadline for finishing your study (there is nothing more motivating than a deadline!) or cover the study material, do some practice tests, and make sure you score above the pass threshold before booking the exam. I personally prefer to cover most of the study material first and then book the exam few weeks in advance.
To book an exam go to the AWS training and certification page and sign in with your Amazon (not AWS) account or APN account if you work for an AWS partner. You are prompted to create an AWS certification account (if you don’t have one already) or redirected to your AWS certification account.
If you take the exam in English and English is not your first language, you can request non-native speaker addition time: this adds 30 extra minutes to your exam so that you’ll have 200 minutes instead of 170 to complete it. To benefit from extra time you must request it via the Request Exam Accommodations button in your AWS certification account. Make sure to request it before you book the exam as it is not possible to add it afterwards. The approval of the exam accommodation is usually immediate.
Before booking you can also check if you are entitled to a discount for the exam (which at the time of writing costs 300 US dollars). For example, if you passed an AWS certification within the last 12 months, you are entitled to a 50% discount on the exam price and you can claim this benefit via the Benefits tab:
You can schedule your exam with Pearson VUE and choose to sit the exam:
Before starting the exam at home you are asked to photograph your identity document, your face, and your workspace from a few different angles, and the online proctor may ask you questions about your workspace. During the exam, your webcam and microphone must remain on all the time and you cannot leave the room nor let anyone in.
On the day of your exam make sure you had a good night sleep, a good breakfast, and you are ready to keep your attention focused for 3 hours. Some exam questions could be quite long to read but make sure you read the question and all the answers carefully. You can also mark questions for review and revisit them later. But if you use this option, I’d recommend to choose a temporary answer as you may not have enough time (or brain) to revisit it later.
I hope these tips and study materials will help you achieving the AWS Security Specialty Certification. Passing the exam is important but I strongly believe that learning is the most important thing: you will use what you’ve learnt, I can guarantee that. Happy learning and good luck with the exam! 🤞
I’ve updated this article on 24th February 2023 to cover changes since then.
Designing effective systems security for your SaaS business can feel like a distraction from delivering customer value. Book a security review today.
This blog is written exclusively by The Scale Factory team. We do not accept external contributions.
Get an expert review of your AWS platform, focused on your business priorities.
Advice, engineering, and training, solving common SaaS problems at a fixed price.
Complete AWS solutions, tailored to the unique needs of your SaaS business.
An ongoing relationship, providing access to our AWS expertise at any time.
The Scale Factory Ltd, 86-90 Paul Street, London, EC2A 4NE
info@scalefactory.com
+44 (0) 20 3095 7609
Company registered in England and Wales number 06784929 VAT registration number GB979418754
