How to pass the AWS Security – Specialty exam

Security Badge

I previously wrote about how to prepare for the Certified Cloud Security Professional (CCSP) and AWS Certified Solutions Architect – Associate exams. Today,  I would like to focus on AWS Security – Specialty.

Exam cost aside, preparing for this specialty can be rather expensive. There is a whole industry around mock practice tests, study books, video tutorials and hands-on labs. Here I’ll aim to outline how to maximise the benefit while minimising costs, focusing on free resources.

Whitepapers, user guides and service FAQs

AWS documentation is arguably the best source of study material out there. I don’t know a single person who passed the exam without reading through at least some of them. Check out the official exam guide for the overview of domains to select the relevant ones. I focused on IAM, KMS, CloudTail, CloudWatch, VPC, Lambda, Inspector, GuardDuty, Athena, Macie and AWS Microsoft AD. At a very minimum, you should read these:

I also wrote about my experience in using security-related AWS services in my blog.

Online courses

Who needs paid for online tutorials when the AWS YouTube channel has a lot of their re:Invent talks available for free? There is literally a video on pretty much every subject you are interested in. It’s probably too many to mention and you could conduct a simple search to find the latest talk on what you want, but I’ll recommend a few to get you started:

If you would rather have a structured online course instead and don’t mind paying a little bit for it, I recommend the Linux Academy and/or A Cloud Guru. I’ve done them both. Personally, I preferred the former as it had some hands-on labs, but A Cloud Guru is shorter and has some good exam tips. Besides, you can try both of them for free for 7 days and decide for yourself.

There is also the official AWS Exam Readiness: AWS Certified Security – Specialty course. It covers the exam structure, gives you tips on tackling questions and provides thorough explanations. I would save this one for last to get a view of your preparedness level.

Practice tests

The obvious thing to do is to buy the official practice exam from AWS, right? Well, maybe not. Unless you’ve got it for free for passing one of the other AWS exams previously, you might be better off finding an alternative. It only includes 20 questions (which works out at $2 per question plus tax), and you don’t get to see the answers! Instead, you are presented with a pass/fail summary that gives you the overall percentage broken down by exam domains. You might be better off using the free 15 questions from Whizlabs, although I can’t recommend their paid products. Practice tests are also included in the Linux Academy and A Cloud Guru courses I mentioned above. Plus, the free official Exam Readiness course also comes with 24 questions with answers and explanations at the end. That should be enough to give you the feel for types of question on the exam.

Getting ready

When revising, I found some good notes and a mindmap from other students on the internet. You can also go through a set of flashcards (e.g.  on Quizlet) to recap on what you’ve learned.

With all this preparation, don’t lose track of why you are doing it in the first place: gaining the skills that you can apply in practice. The exam gives a good indication of your weaker areas and encourages you to fill these gaps. The best way to do this is, of course, through hands-on experience. If your organisation relies on AWS, find ways to apply the newly acquired knowledge there to make your cloud infrastructure more secure. If that’s not an option, there is always the Free Tier, where you can put your skills into practice. Finally, the Linux Academy (and some other providers) for a small cost offer you some hands-on labs and even a whole sandboxed playground for you to experiment in.

AWS constantly evolve and refine their services, and add new ones too. Keep this in mind while studying, as things move pretty fast in the cloud world. This also means that your learning is never finished, even if you pass the exam. But I think this is a good thing and I’m sure you agree!


Time for something new

IMG-6141

After six years with KPMG’s Cyber Security practice I decided it was time to take on a new challenge. It was a great pleasure helping clients from various industry sectors solve their security issues and I certainly learned a lot and met many fantastic people.

A digital venture incubation firm has partnered with a world leader in visas and identity management to found a new London-based venture that is creating a frictionless travel experience. 

I joined this tech startup as the Head of Information Security and couldn’t pass on this opportunity to be one of the early members of the leadership team. 

I’ll be driving the security and compliance agenda, adjusting to the needs of the dynamic and growing business. I can’t wait to put the skills I learned in consulting into practice and contribute to this company.

I’ll have an opportunity to help create a trusted, seamless, user centred visa application process for consumers and businesses alike, through automation and a cutting edge technology. And that’s exciting!


ISACA young professionals

I’ve been interviewed for the launch of the ISACA Young Professionals portal that contains a wealth of information for starting and accelerating your career in IT audit and cybersecurity.

I decided to contribute because ISACA played a role in my career development too.

I started attending ISACA London chapter events while I was studying for my Master’s degree in London. Although the university provided a great theoretical foundation on information security, I wanted to know about the real-world challenges that practitioners in the industry were facing.

At the time I had just finished writing my thesis after doing some great research at the university and I wanted to share my findings and the research of my colleagues with the community. The organisers were supportive, so we agreed a day and I delivered a talk on resolving conflicts between security compliance and human behaviour.

It was a rewarding experience as the participants provided some valuable insights and feedback; they helped to bridge the gap between academia and real practical experience. I already had a solid foundation from my postgraduate degree but I was missing was some anecdotes and real life stories about how this could apply in practice. This laid the foundation for my book The Psychology of Information Security.

It worked out for me, but should you get involved in broader activities beyond developing your technical skills? I would say yes.

The value of technical skills and knowledge can’t be overestimated. But there’s another side to this story. Prospective employers are not only looking for technical experts, they want people who are good team players, who can collaborate and communicate effectively with others, who can organise and get things done, who can lead. Getting involved with the community and volunteering gives you the chance to develop and demonstrate these non-technical skills and grow your professional network.

Regardless of where you are on your journey, ISACA provides great opportunities to advance your career through courses, networking and certification programmes, so I highly recommend getting involved!

Read my story on ISACA Blog.


How to pass the CCSP exam

CCSP-logo-2lines

The CCSP exam is not easy but nothing you can’t prepare for. It tests your knowledge of the following CCSP domains:

  • Cloud Concepts, Architecture and Design
  • Cloud Data Security
  • Cloud Platform and Infrastructure Security
  • Cloud Application Security
  • Cloud Security Operations
  • Legal, Risk and Compliance

The structure and format might change as (ISC)2 continuously revise their exams, so please check the official website to make sure you are up-to-date with the latest developments.

Apart from the official (ISC)2 guides, here are some of the resources I used in my studies:

If you would prefer to add video lectures to your study plan, there’s a free course on Cybrary. For a quick summary, check out these mindmaps. Also, multiple sets of free flashcards are available on Quizlet.

It is a good idea to do some practice questions: there are books and mobile apps out there to help you with this. Practical experience in cloud security is also essential.

On the day, read the questions carefully. It’s not a time pressured exam (I was done in two hours), so it’s worth re-reading the questions and answers again to make sure you are answering exactly what is being asked. Eliminate the wrong options first and then decide on the best out of the remaining ones.

Finally, my suggestion would be to approach the questions from the perspective of a consultant. What would you recommend in each situation? Don’t be too technical – keep the business needs in mind at all times.

Don’t stress too much about the final result. I’m sure you’ll pass, but even if not on your first attempt, you’ll learn either way! Remember, the knowledge you accumulate in the process of preparing for the test itself has the most value, not the credential.

Good luck!


Passed my AWS Certified Solutions Architect exam – here’s how you can too

 

Solutions badge

I’ve recently passed my AWS Certified Solutions Architect – Associate exam. In this blog I would like to share some preparation tips that would help you ace it.

  1. Practice

Not only practice makes perfect, some hands-on experience is also a prerequisite for the exam. So there is really no way around that! But what if you didn’t have a chance to use your skills on a real-world project yet? No problem! AWS gives you a opportunity to learn how their cloud components work through AWS Free Tier.  For one year, you can use Amazon EC2 Amazon S3Amazon RDSAWS IoT and many more free of charge,

You want more guidance? Qwiklabs developed a set of labs that specifically designed to help you prepare for this exam. For a small price, you can complete exercises without  even requiring an AWS account or signing up for Free Tier.

  1. Read

I recommend studying AWS Whitepapers to broaden your technical understanding. If you are short on time, focus on these:

  1. Watch

AWS developed a free self-paced Cloud Practitioner Essential course, to help you develop an overall understanding of the AWS Cloud. You will learn basic cloud concepts and AWS services, security, architecture, pricing, and support.

There is also a YouTube channel with free introductory videos and other noteworthy material.

Exam sample questions can help you check your knowledge and highlight areas requiring more study.

Remember, the best preparation for the exam is practical experience: AWS recommend 1+  years of hands-on experience with their technologies.

When you’re ready, go ahead and schedule an exam here.

Good luck!


Delivering a guest lecture at California State University, Long Beach

CSU Long Beach

I’ve been invited to talk to Masters students at the California State University, Long Beach about starting a career in cyber security.  My guest lecture at the Fundamentals of Security class was well received. Here’s the feedback I received from the Professor:

Leron, thank you so much for talking to my students. We had a great session and everybody was feeling very energised afterwards. It always helps students to interact with industry practitioners and you did a fantastic job inspiring the class. I will be teaching this class next semester, too. Let’s keep in touch and see if you will be available to do a similar session with the next cohort. Again, thank you very much for your time – I wish we could have more time available to talk!


I’ve been interviewed by Javvad Malik about my career in InfoSec

I’ve been interviewed by Javvad Malik about my career in Information Security. He published the interview on his website

The difference between Leron and anyone else that has ever asked for advice is his willingness to learn and take on board as much knowledge as possible and then apply it. In a few short years, not only was Leron able to complete his MSc, but he landed a job (while turning down other offers), spoke at events, and wrote a book. Achieving more in 3 years than most people do in 10.

So, the roles are now reversed. I needed to catch up with Leron and pick his brains about his journey and see what I could learn from him.
Read the full story