Just passed the exam (942/1000). Some comments/tips/observations.
Having attended the network specialty exam just 10 days ago, it is a pleasant surprise to me on the extent of overlap between the network specialty and security specialty exam. I would say at least 25% and therefore would recommend Ryan’s network specialty course if you are not comfortable with the network elements in AWS
The exam is very up to date with new services released by AWS. It would seems to me the AWS is iterating its questions bank at the same speed with the services!
While on the surface this might looks like a nightmare to exam takers, I noticed questions relating to newser services tend to be more straightforward; sometimes just by knowing the name of the service and what their primary use cases will help you eliminate some choices or get you straight to the answer. I would definitely watch some re:invent sessions on Athena, SSM Parameter Store, SCP, Secret Manager, GuradDuty, Maice.
On the contrary, questions relating to foundational/older security services tend to be more in-depth. This applies to IAM/S3 bucket policies and KMS.
Understanding the difference between CloudTrail, Cloudwatch logs, Cloudwatch metric filter, Cloudwatch events, how they interact with Lambda to provide security alertings, and enable automation in incident response is crucial. Unfortunately, this is not a subject that so far I have found a single document or reinvent session that explain clearly or to the depth required.
Understand how AWS Config/Config Rule could be used to detect, alert and react to config drift and/or monitor config compliance.
I would recommend these 5 re:invent sessions that from me perspective, are most useful for the exam.
AWS re_Invent 2014 SEC302 – Delegating Access to Your AWS Environment. (2014 might looks like a generation ago for AWS but this old session explains cross account and roles very well and to a depth required)
AWS reInvent 2017 A Deep Dive into AWS Encryption Services (SID329)
AWS reInvent 2018 [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) – and possibly watch the equivalent 2016 and 2017 sessions as well
AWS reInvent 2017 Using AWS CloudTrail to Enhance Governance and Compliance of Amazon (DEV311)
AWS reInvent 2018 [REPEAT 1] Deep Dive on Amazon S3 Security and Management (STG303-R1)
Congrats on passing, what a great score!
Thanks so much for the feedback