Daniel Ives | 1 December 2016
AWS Certified Security – Specialty
I'm in Las Vegas for AWS re:Invent 2016 and I've chosen to spend most of my brief time here taking three 170-minute exams for the new AWS beta-stage certifications. "Why???", I hear you ask. Well, it's like why people choose to climb Everest. Because it's there and they can. I will attempt to conquer these three exams and feed back my first impressions of each of them in turn. Remember, these exams are all beta, so the actual exams may differ significantly from what I discuss herein.
First up is AWS Certified Security – Specialty (Beta)
What is it for?
According to the exam blueprint, this exam "measures a candidate’s ability in the area of security as it pertains to design, implementation, and troubleshooting." Clearly security is a major concern for everyone considering moving to the cloud, so being able to identify specialist personnel with a proven competence in AWS security is extremely useful.
What was it like?
In a beta, they throw loads of questions at you, so I was a little daunted at first; instead of the usual 80 questions I got 106 to worry about in my 170 minutes. It turned out that I finished with about 15 minutes remaining and, to be honest, by then I really needed to avail myself of the facilities, so I didn't spend those 15 minutes reviewing my marked answers as I normally would. I know for a fact that I got many wrong but I hope that I will have passed; I think I've done enough.
OK, but, you know, the structure?
I digress. My feeling is that it stuck to the brief. At first I felt that some of the questions were more relevant to an architecting exam, until I realised that they were all around security best practices.
There was a range of depth of question, going from broad-strokes best-practice down to a deep understanding of exactly how a given service works from a security point of view, and about AWS's compliance programme. I felt that question length was generally shorter than the Pro Architect exam, but there were some longer scenario-based questions with multiple parts.
As you'd expect from a Professional level exam, you'd struggle to pass if you'd only done a bit of reading around the subject.
What I really liked, from an exam on a security competence, were the questions on how to talk to stakeholders at multiple levels about AWS's security provisions and posture. I think that's a key part of what this certification should be about.
How hard was it?
Difficult to say, as I have no idea whether or not I passed. Ask me again in March!
I have a very simple benchmark for exam difficulty: the Certified Solutions Architect - Professional exam. I tell anyone who asks that that is the hardest exam I've ever taken and I still stand by that.
Some of the questions, naturally, I barely needed to read the answers before selecting the correct answer. Some of them, I had to perform a process of elimination on to work out which were distractors and which weren't. Some of them required applied knowledge of The AWS Way to work out. And frankly, some of them were just outright guesses.
I'd say that some of the questions were poorly worded, but that might just be sour grapes for not knowing something, and some of the answers were very similar and interchangeable. Taking a beta exam, you can provide feedback on every question as you're answering it. Those that I felt fell into this category, I did indeed comment on.
To compare this exam with the Pro Architect and DevOps exams I'd say I changed my mind about answers less often than on the Architecting and more often than on the DevOps exam. I'm not sure if that's relevant to anyone reading this post though, as their background will undoubtedly be wildly different to mine.
A welcome addition to the AWS certification ouvre, I think this certification will appeal to any larger organisation and also to smaller consultancies looking to assure their customers that the cloud in general and AWS in particular are a secure deployment option.
There seems to be a clear alignment between this exam and the Security Operations on AWS course.
Sorry, if you came here for one of these, there isn't one. Work hard, play smart, and minimise your attack surface!