Starting AWS learning with the goal of cloud security

Danielm7

My company uses Azure now, but is also looking to add some AWS. I'm not on either of those teams, I'm in security, but I'd like to learn the security side starting with AWS. Should I start with the cloud practitioner cert or skip that and work towards the associate tier?
Thanks. 

srothman

I think this will very much depend on your experience with cloud as an overall concept. The foundational certifications for both AWS and Azure are very entry-level, and although getting certified from the ground up, so to speak, is very admirable, you will likely be able to pick up the required knowledge by simply running through some of the free online training available for either. I would recommend jumping in at the Associate-level if you have some general IT/virtualization experience, you should do fine.

Danielm7

My cloud experience in general is pretty low, which is why I was considering just starting on the ground floor and the exam is $100 so it's not bad really. I have plenty of general IT and engineering experience but it sounds like the smart idea is still to start fro the bottom. 

chrisone

I do not manage Azure/AWS, so I lacked the standard knowledge and the basics that was needed in order for me to jump into the security track.  I came out of the AZ-900 experience coming to this conclusion, "If you believe overall general knowledge of the differences between IaaS, PaaS, & SaaS is all you need to jump into the Security track, you are highly misinformed." I need that foundation (Azure AZ-900/365 MS-900 or AWS Cloud Practitioner) before jumping into the security tracks of AWS and Azure.

I am happy I did not go straight into the security track.  

2 cents

Danielm7

That's helpful to know, thanks. Sounds like the path Ill take. 

cyberguypr

Go for the Practitioner. It's great to establish a solid baseline. My AWS path is Practitioner > Architect Associate > Security. I chose this because my company is just starting to move to the cloud and I didn't have a ton of hands on experience. 

stryder144

I, too, think that the entry-level certs in cloud are a good idea.  While I have the CompTIA Cloud+, I plan to take the AWS and Azure entry-level training/exams in order to get my feet wet with their specific technologies.  Then I will move into the associate levels and, eventually, security.  Good luck!

averageguy72

I would suggest associate to give you a baseline of core services and then the security track.  I've only done AWS so far, but plan on doing Azure next year.  

yoba222

I'm kind of in the same boat and have been recently "assigned" to getting cloud literate over the next several months to pivot into cloud security. Thanks for asking this Danielm7 and thanks guys for these responses. Very helpful! But man, starting from Cloud Practitioner and then AZ-900; this reminds me of A+/Network+ days all over again a bit.

JoJoCal19

The Practitioner isn’t helpful if you want to work with the technology in my opinion. I feel it’s better to study for the Practitioner, but skip the exam. Put that money you'd spend on the exam towards A Cloud Guru or Linux Academy sub, and Jon Bonso's practice exam for the Associate.

Danielm7

JoJoCal19 said:

The Practitioner isn’t helpful if you want to work with the technology in my opinion. I feel it’s better to study for the Practitioner, but skip the exam. Put that money you'd spend on the exam towards A Cloud Guru or Linux Academy sub, and Jon Bonso's practice exam for the Associate.

That's a good idea too. I'm on the ACloudGuru trial now so I could take that route, thanks!

Azt7

JoJoCal19 said:

The Practitioner isn’t helpful if you want to work with the technology in my opinion. I feel it’s better to study for the Practitioner, but skip the exam. Put that money you'd spend on the exam towards A Cloud Guru or Linux Academy sub, and Jon Bonso's practice exam for the Associate.

Great point !

I would say go directly for the Associate Architect certification, Most trainings will break things down for you. 

At the end of the day, cloud is just basic computing applied to a vendor data center. So we mostly have all the basics, it's just getting down to the trillion services that makes it a headache sometimes. 

TheFORCE

@Danielm7 did you start yet man? I'm looking to do the same. Have you collected any material for what you going to start studying first? Let me know and we can get a group started or something 

Danielm7

I started going through the acloudguru material and then got an email from SANS for a beta exam for something. So now I have a limited time to index and work on that. So... have to get that done first and then I'll be back to AWS. 

LonerVamp

I'm going down a similar route. I took the AWS Cloud Practitioner exam a month ago and CCSK a few weeks ago.

I benefited greatly from the AWS CP studying and exam (it's cheap), but largely because I didn't know much about AWS services and pricing. I knew that S3 were buckets and just stored data, and after 15+ years as a sysadmin, I knew the benefits and models of the cloud just fine. Taking that course/exam on allowed me to at least know what the services are and how pricing generally works in a way that I can converse with others and approach the next round of learning.

That said, you'll probably learn similar things in the SA-A, as you go deeper in. But it's nice to have that bigger picture of AWS, too. For me, the next steps as SA-A and then the Security Specialty. I may add SysOps in there or CCSP, but the end goal is really Security Specialty.

TheFORCE

yeah i need to start collecting or use some of the free resources Amazon has on their AWS training. 

yoba222

I'm just going through Linux Academey trainings (essentials, Cloud Practitioner, etc.). Haven't been on Linux Academy in a few years and I'm impressed that they increased the level of polish instead of letting it stagnate. But then it's like $40 a month I think.

Infosec_Sam

yoba222 said:

I'm just going through Linux Academey trainings (essentials, Cloud Practitioner, etc.). Haven't been on Linux Academy in a few years and I'm impressed that they increased the level of polish instead of letting it stagnate. But then it's like $40 a month I think.

Yeah, we were right next to the Linux Academy booth at Black Hat last month, so I got a chance to chat with them and check out their content for a bit. It's honestly really high-quality stuff, and their team was super nice. Highly recommend Linux Academy (for anything you can't get on our own skills platform, of course  )

ClickClack

yoba222 said:

I'm just going through Linux Academey trainings (essentials, Cloud Practitioner, etc.)...

I picked up Linux Academy's AWS Concepts, AWS Essentials, and AWS Serverless Concepts for free on Udemy. These may be available for free on the Community Edition of Linux Academy too (e.g. free, no labs, limited content on the LA site). I was impressed by the amount of information these short courses provided.  I liked them enough that I paid for the Linux Academy's Cloud Practitioner on Udemy during a sale.

Clm

I would Definitely  Grab the AWS Architect Associate the practitioner is more for sales folks. It doesn't help when it comes to understanding moving to the  cloud after that i would grab the Security specialty CCSK and CCSP are good to haves as well.

Danielm7

I convinced work to pay for a year of linuxacadamy so I've been going through the Azure fundamental materials first, really enjoying the hands on labs portion they have on that site. All I had to say was "I want to start learning about azure security" since we use that, and boom, approved. So I plan on getting everything I can out of the subscription since I'm prepaid for the year now. 

MitM

great thread.  My primary focus is network security. The two tracks that interest me the most are the Security specialty and Adv Networking.  Two challenging certs from what I hear and think is great.

I wasn't sure if it was acceptable to go through the Cloud Practitioner material and then straight to the security specialty cert.  I wasn't sure the AWS-SAA gives you too much details, if you're not planning on being a cloud architect/engineer?

p0sitron_col1dr

Presently, I'm studying for the "AWS Certified Security - Specialty" certification. My current role is that of a security engineer. I've only seen an increase in use for AWS resources in our environment and although I've never been on the AWS operations side, I am familiar with the AWS Console and components. I started out studying for the "AWS Certified Solutions Architect Associate" certification material from Udemy. However, I compared the learning objectives to that of the security specialty certification training from Linux Academy and the objectives for the "AWS Certified Security - Specialty" has provided more meaningful content and yielded immediate results for my day-to-day workload. I'm extremely happy with my subscription to the AWS specialty course and it starts off with a nice refresher of the AWS components and how they supplement incident response at each phase. Take a look at what Linux Academy has to offer as far as this track because there is some overlap in content with the "AWS Certified Solutions Architect Associate" exam. The interactive labs have been very helpful, as well.

JDMurray

The free AWS Summit Online event on May 13, 2020 has four AWS security courses (intro to intermediate level) on its agenda that are presented at different times. Attend five courses and get a certificate of attendance for your cubicle wall!

chrisone

JDMurray said:

The free AWS Summit Online event on May 13, 2020 has four AWS security courses (intro to intermediate level) on its agenda that are presented at different times. Attend five courses and get a certificate of attendance for your cubicle wall!

Thanks JD, I signed up and looking forward to the security track. 

JDMurray

There isn't a "security track" per se. The security courses are scattered around in several different tracks. You gotta hunt for them in the agenda.

PeterHands

p0sitron_col1dr said:

Presently, I'm studying for the "AWS Certified Security - Specialty" certification. My current role is that of a security engineer. I've only seen an increase in use for AWS resources in our environment and although I've never been on the AWS operations side, I am familiar with the AWS Console and components. I started out studying for the "AWS Certified Solutions Architect Associate" certification material from Udemy. However, I compared the learning objectives to that of the security specialty certification training from Linux Academy and the objectives for the "AWS Certified Security - Specialty" has provided more meaningful content and yielded immediate results for my day-to-day workload. I'm extremely happy with my subscription to the AWS specialty course and it starts off with a nice refresher of the AWS components and how they supplement incident response at each phase. Take a look at what Linux Academy has to offer as far as this track because there is some overlap in content with the "AWS Certified Solutions Architect Associate" exam. The interactive labs have been very helpful, as well.

Have you tried the LinkedIn Learning platform? Wonder what its like in comparison to Linux Academy.

denisehilton

I think its better to go through the proper route. Get the Associate level and then move on to the Security side. Long and careful approach is always better.

JDMurray

Well, I attended the AWS summit and it was a disappointment from a Cloud security point of view. Of the four security break-out sessions in the original agenda, only one was presented in the summit itself. The AWS security fundamentals and the networking fundamentals break-outs were good, but the information was presented very quickly. I'll need to watch them again at a slower playing speed. I didn't see any other break-outs that were very security-related.

chrisone

Yeah, I attended too. They only had an intro to security. I just stuck to the networking and compute topics after that. It also motivated me into getting started in AWS. Created my account and slowly starting to make my way through practitioner and security materials. Still not sure about any certifications for AWS, I am kind of done with expiring certs. Well I guess it did its job, it got someone interesting in their technology

JDMurray

The first thing in AWS you should become proficient in using is the billing dashboard. Almost everything in AWS costs $$$ to use and this is why you can't create an AWS account without a credit card. The first time your chin hits the ground because you got a big monthly bill because you forgot that you left some EC2 instances with EBS attached with both CloudWatch and CloudTrails active and Lambda scripts running in an obscure region you will understand the wisdom of this advice.

Don't worry about keeping certifications active. No one cares if you are collecting CEU/CPE and paying renewal except the cert vendors (for the reoccurring revenue). The only cert I keep active is my CISSP and only because that cert has had the most perceived value to me. Get the certs to motivate yourself to study the material and pass the exams. AWS people really wave those cert badges around to market themselves, and anyone not doing the same is hurting their chances for being recognized as a serious player in AWS.