Blog articles

Why the AWS Certified Security - Specialty is worth getting

By Andru Estes    |    April 17, 2023

The year is 2040. ChatGPT and other AI services have teamed up to overthrow the human race. Corporate data centers are a thing of the past. Only public cloud providers remain. The evil AI services are close to overthrowing the world. All they need to do is take over one final system that lives within AWS... 

Insert dramatic music

From the data center rubble and dust, a lone individual appears. They approach the AI services with confidence only seen before the year 2020. Slowly, they hold up a piece of paper (old technology used by humans for storing information) to reveal something written on it.

(GASP) It’s the coveted AWS Certified Security - Specialty exam certification badge!

AWS Certified Security - Specialty holder facing off against apocalyptic robots

Also known as SCS-C01, the certification is one of the most respected in the industry, and the AI services know it. Nobody could obtain that difficult certification, especially not a human! It's impossible! 

They’re in utter panic. They don’t know how to defeat this super-powered, certified individual. They go around and around in circles trying to find a solution. Eventually, the influx of requests overwhelms their fragile infrastructure. They crash. Permanently. Ha! They didn't know about fault tolerance and high availability. Amateurs.

The world celebrates, vowing to mark this day forevermore as the day the hero helped “secure” humanity’s future. 

Fin.

Okay, a bit far-fetched. But having the SCS-C01 is valuable!

Let’s face it, public cloud technology hasn’t just gone mainstream. It’s just become the norm. According to Gartner, more than 80% of organizations use more than one cloud provider (compared to 49% in 2017), with 75% of organizations defaulting to multi cloud environments. As a result, being proficient in multiple cloud providers is a “unicorn” skill in the hiring market

Cloud computing forced us to rethink how we design and deploy architectures, so why would security be any different? This naturally leads to some business challenges as well. 

Let's actually talk about a few of those challenges, before we explore how studying and getting your AWS Certified Cloud Security - Specialty equips you to solve them. Below are the top five cloud security challenges most companies face.

1. Data Challenges

Many companies find it challenging to secure their data within the cloud correctly. If you need an example, search for Amazon S3 public data leaks. I'll wait...

Crazy, isn't it? Plain and simple, securing data can be tricky. Especially when you have to worry about new and upcoming data sovereignty laws, compliance requirements, data geolocation regulations, and other issues. All it takes is one misconfiguration, and a company can face massive lawsuits and fines. 

2. Securing Infrastructure

Designing a truly secure cloud architecture is complex, with many nooks and crannies to account for. It takes a lot of time and knowledge. To make things more challenging, there is no "One Size Fits All" approach, either.

3. AuthN and AuthZ

Let's face it, implementing authorization and authentication within the public cloud can be a nightmare. If you have ten people, it's no biggie from an end-user perspective. But what about services within the cloud? You still have to account for those as well. 

And guess what? Every AWS service that needs to perform some action in a workflow requires the proper permissions to make the required API call. So don't give it too many permissions! You have to find the exact right amount, and anyone dealing with AWS IAM long enough knows the headache that entails.

Admins often slap an AWS Managed Policy on there, like AmazonS3FullAccess, and call it good. I can see you shaking your head from here, and I agree.

4. Automation (The right way)

We have also seen an explosion in using infrastructure as code tools to deploy architecture components to the cloud. Things like AWS CloudFormation and HashiCorp Terraform have brought the ability to maintain an SDLC approach to deploying resources for operations teams. 

That adds even more complexity. How can you best secure deployments? Who can deploy and update what? How are you sharing the current state of configurations? What happens when resources drift? It's a pain, but we can make it slightly less painful by following proper security best practices.

5. Reporting and Auditing

Last, everyone's favorite subject: audits. For those of you lucky enough to have gone through a full audit process (sarcasm), you know how much documentation and reporting are required to pass. For those of you who have not, consider yourself lucky. Take our word for it; it is a ton of documentation. Seriously, a ton. 

Of course, all these issues are only the biggest issues. Trust me when I say that the list of security challenges is almost endless!

How studying for the SCS-C01 helps you solve real-world problems

It would be nice if we could wave a certification, like in our story above, and cybersecurity problems solved themselves! That said, it’s not really the certification that does anything (other than get you interviews and pay rises), it’s the knowledge you gain when you study for the exam that equips you to solve real business issues. 

Here is a fraction of the things you learn to pass the AWS Certified Security - Speciality exam:

  • How to efficiently secure AWS data like encrypting data in transit and at rest

  • How to isolate permissions using different KMS keys for encryption or even leverage complex Amazon S3 bucket policies to restrict non-HTTPs traffic and non-organizational access to objects

  • The options for identity provider management, including AWS IAM Identity Center (formerly AWS SSO), Amazon Cognito, and AWS Managed Microsoft AD.

  • Tools to use in AWS to deploy resources, as well as how to securely orchestrate workflows using serverless technologies

  • The correct VPN solution for accessing VPCs from an on-premise location, how to use Lambda@Edge to inject custom HTTP security headers, and how to connect to managed compute without the need for SSH or RDP

  • How to make pass audits (without tearing your hair out) with AWS tools like AWS Security Hub, Amazon Macie, and AWS Artifact

The AWS Certified Security - Specialty also hits the tech-demand trifecta

No matter which report you open (Gartner, StackOverflow, or Pluralsight), there’s three dominant tech themes in 2023: cloud, cybersecurity, and data. The SCS-C01 hits all of these. But here are some other stats worth mentioning:

Studying for the AWS Certified Security - Speciality is good for everyone involved

Getting the AWS Certified Security - Specialist certification is good for solving real-world problems and  maximizes your personal value. So if you’re thinking about going for it, do it! Who knows, you may very well find yourself trying to save your company from AI monsters one day.

Looking to study for the AWS Certified Security - Speciality? 

ACloudGuru and Pluralsight have just released a completely refreshed version of the AWS Certified Security - Specialty exam prep course! This prep course runs through all the significant challenges for teams trying to secure their AWS infrastructure and resources. 

The course walks you through real-world scenarios for each of the following domains so you are prepared for the exam itself and actual use cases that you can implement in your daily tasks.

  • Domain 1: Incident Response (12%)

  • Domain 2: Logging and Monitoring (20%)

  • Domain 3: Infrastructure Security (26%)

  • Domain 4: Identity and Access Management (20%)

  • Domain 5: Data Protection (22%)

Okay, that's enough talking. Whenever you're ready for this epic challenge of an exam, go ahead and check out our newly released AWS Certified Security - Specialty exam prep course at Pluralsight! We are excited for you to get going! Keep being awesome, Gurus!



About the author