How I passed AWS Security Specialist

I took the test Thursday morning. I spent the whole day thinking about it. Did I pass it? That was the only thing in my mind. I barely slept. This is by far the hardest AWS test I’ve taken so far. To my surprise, I woke up with a credly email confirming I did pass:

The following is my journey towards the AWS Speciality exam. What I think I did right and what I would have done different.

Let me start by saying this: it is a very challenging exam. I was already Solution Architect Associate and SysOps before taking it, but I feel that you need to achieve the level of knowledge that the Solution Architect Professional certification provides, before attempting the AWS Security Specialty exam. It truly goes very deep into security implementation and cryptography. Jumping directly into, like I did, may be a bad idea for most.

My journey began in November 2022. I bought Adrian Cantrill’s course as main study material. Soon, I started to feel a bit overwhelmed with the amount of information. Adrian’s course goes in extreme detail so I thought it would be better to get a lighter introduction into the topics so I can go back to Adrian’s course and fill any gaps. It seems my strategy paid off. The other course I used was from Zeal Vora. His was not as “polished”, but it is more straight to the point while very practical; plenty of hands on and real-life scenarios. His real-life insight about the topics is what I enjoyed the most from Zeal’s

I studied about 2 hrs. every day, on and off, from November to beginning of February of 2023. I barely studied on December. Ramped up my study sessions in January and I finally took it on February 9th. I may have spent a total of 6 weeks preparing, maybe more.

My background? I’ve been in IT for over of 20 years working mainly with SQL databases. have a master's degree in Cybersecurity and several PenTesting courses. The infrastructure background helped me a bit.

Regarding the test, be sure you understand all domains. Although, I would pay especial attention to KMS, Infrastructure security and Monitoring. Know how Firewalls work and their types: stateless vs stateful.

For practice test I used Tutorial Dojo. They usually provide a good content without being “exam dumps”. But I feel, for the 1st time, that the actual AWS Security Specialty exam was harder than TD, which was not the case when I took AWS Solution Architect couple of months ago.

What I would have done differently? Probably much more “hands on” and avoid rushing. Practical exposure is key for cloud exams and no course will be enough is we have not used the product 1st hand.

What’s next? Well… I’ve being trying, unsuccessfully, to pivot into Cybersecurity for a few years now. I may pursue an Azure Pentesting course or round my AWS knowledge with the Solution Architect Professional exam; maybe that will increase my chances to land a cloud security engineering position. In the long run, I may also take the AWS Database Specialty. I believe data and databases are and will always be the “main core” of any company. So, having a very strong knowledge of how they operate and how to secure them is key for any successful business and a great skill to have. Besides, I have an endless love with databases anyway, it was what brought me joy and tears (more joy) back when I was working for Hewlett-Packard.

Happy learning! Stay hungry, Stay foolish …