Certified Security - Specialty

Sign Up Free or Log In to participate!

Taking Security – Specialty exam, have earned CSA-P and have many years in cyber; How was the exam for those that have demonstrated security experience and have earned other AWS certifications?

I ask because after reading the experiences from those who have taken the exam, there seems to be a lack of detail on people’s prior experience with AWS and security on their post (for the most part).

And I know the chances of grabbing someone who’s taken the exam recently, to reply on here, is slim, but perhaps for those that will pass in the near future can post on here.

So far, I’ve gathered that the exam is harder than the associate-level exams, and have many questions that reflect the difficulty (and mind-numbing) of the professional-level exams. There is an introduction on many new security services (mainly high-level view/have an understanding of the capability of the service) and analytic services (this makes total sense when referencing log data–Guard Duty). Aside from that, having a key, fundamental understand of security-related services and deep-dive into KMS and IAM, key pair (asymmetric) and KMS (symmetric) use cases, etc. Also, having a fundamental understanding of Confidentiality, Integrity, and Availability, Disaster recovery/Incident response and which services support those (which is also the secret, not so-secret, for passing the CISSP, it’s introduced in the first chapter there as it is here in this course. That’s for a reason, I’m assuming).

Any thoughts? Anything I missed?


Also, I found this blog very helpful and well laid out regarding the exam. This guy was a former LinuxAcademy Instructor and has used ACG, as well. https://www.netenrich.com/2019/01/aws-certified-security-specialty-exam-tips/

1 Answers

Hey, I took the security specialty last month and the DevOps Engineer Professional this month.
I am currently studying informatics (B.Sc.) at the KIT in Germany and do not have many years in the industry in contrast to many other gurus here. However, I love to read AWS documentation pages and that is probably what made me pass each exam confidently (besides watching the courses at acloud.guru of course ;).

I already summarized my experience in two posts in the respective discussion forums [1, 2].
My thoughts on your questions are:

  • AWS Security Specialty exam does not test you on any detailed security knowledge. [3]
    It is rather a test if you know the inner workings of some special AWS service such as KMS. Do not get me wrong… I think the security exam makes perfectly sense as it makes you study the concepts AWS implemented to secure their stuff.

Let me give you an example: I worked with IAM policies for the last 1,5 year. However, I did not know how exactly they work. I only knew a specific subset of the IAM JSON policy language and evaluation logic. The security specialty exam made me study stuff like the policy evaluation logic [4] which are actually crucial when designing secure infrastructure on top of AWS services. I do not know why I did not stumble over this article earlier… However, now that I took and passed the exam I am much more confident that I actually know what I am doing when I use concepts such as IAM policies. That fact alone made the certification pay off for me personally.

  • If you already took a professional exam, it is very likely that the security exam will be easier for you. Some of the questions in the security specialty exam might be as tricky as professional exam questions, but all in all the professional exam puts much more time pressure on you IMO.

  • I would totally agree that the security specialty exam is harder than any associate level exam. There are typically much more scenario based questions in the specialty exam and you have to know the inner workings of some special services such as KMS or IAM which not everyone stumbles over in every day use.

[1] DevOps Experience

[2] Security Experience
[3] I saw people in another thread sharing the same experience in terms of "overall security knowledge".

[4] IAM Documentation – Policy Evaluation Logic Reference


Thanks for your response and sharing your experiences, Martin. Your "security experience" is one I bookmarked a while back to ensure I’m in line with what I should be studying. 🙂 thanks again!

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?