topic Re: What do you think about AWS Certified Security Specialty? in Cloud Security

What do you think about AWS Certified Security Specialty?

alicetran — Sun, 17 Mar 2024 02:12:15 GMT

It's great when our community can share your thoughts about cloud security, especially AWS security and its certificate. I currently find myself going step by step deeper into cloud security via practical skills of AWS security tools set. I have figured out that they have a huge knowledge, skills and tools set so I have to put in a heavy effort for this journey. During this journey, I just take a break, and take a deep breath in and wonder if it is worth it to invest my huge effort for AWS security. Can anyone share with me your thoughts about this journey or is it worth pursuing?

Re: What do you think about AWS Certified Security Specialty?

ashishkarpe — Mon, 18 Mar 2024 04:21:07 GMT

Certainly Yes! it is worth to invest effort for AWS security or may also think about CCSP by ISC2 https://www.isc2.org/certifications/ccsp

Re: What do you think about AWS Certified Security Specialty?

Caute_cautim — Tue, 19 Mar 2024 00:08:03 GMT

@ashishkarpe @alicetran I think it depends on the employment circumstances, whether you are working for an employer who requires those skills specifically or is prepared to support you to gain them.

Most of these are short lived, so within a few years, you have to re-certify as new elements are added to keep aware of developments and updates too.

Rather like doing the firewall journey on a specific vendor, one has to keep being certified to keep up fluency etc.

Regards

Caute_Cautim

Re: What do you think about AWS Certified Security Specialty?

alicetran — Tue, 19 Mar 2024 03:31:06 GMT

@ashishkarpe @Caute_cautim

You both are right.

CCSP is also great. CCSP knowledge is wider and it doesn't not depend on any specific cloud provider. It also brings up the view of independent roles such as risk officers, auditors or consultants. I have just taken some first steps into CCSP and I want to strengthen my practical skills. I thought that CCSP and AWS security support each other in knowledge and skills. However, when I've recognized it I wonder whether I'm going too far for a specific cloud service provider. Should I stop here with the general practical skills and go back to CCSP? Which one should be the better option? I need to focus on one thing at a time.

Re: What do you think about AWS Certified Security Specialty?

Caute_cautim — Tue, 19 Mar 2024 03:48:42 GMT

@alicetran

You need to weigh up your vision of the future, and objectives - if you see yourself specialising in AWS Security, then by all means do so, if you think this will be your bread and butter on a daily basis.

My thoughts are towards having sufficient knowledge to understand the Cloud Computing environment and how to apply the principles to any cloud situation - often as consultants or even architects, we find ourselves in a new situation, - yes we may have a certificate in AWS Security instance, but five years hence that current knowledge may have gone stale. Rather like the CISSP, knowing how to tackle situations by going back to grassroots and then weighing up the risks, implications or impact and then understanding what countermeasures or mitigations you can put in place - becomes more important as you inherently weigh up the risks, against the current situation i.e. what is the impact to AWS Security when AI Gen AI is applied i.e. data poisoning, distribution denial of service against the LLMs? or What is the impact of changing over from Public Key Cryptography to Quantum Key Management etc. Yes, you can be a specialist, but remember we all have to have the capability with experience by being able to apply ourselves to literally any situation, by being able to see things from a holistic perspective and then have to delve deeply to root out the issues and then provide. trusted advice based on the current situation and circumstances. These circumstances constantly change, our original hypothesis can often changes, due to new capabilities and technologies being applied. It is dynamic, understand the principles, apply them well, gain new experiences, and constantly keep your own self knowledge and development regularly up to date, so you maintain your fluency and capabilities.

What about data security, governance and being able to protect data, where ever it exists within a cloud environment? Who controls the keys? The Cloud Provider or the client? Can it be purged securely or returned back to the client securely and the integrity maintained etc?

Others, may have a totally different perspective to myself, it really depends on the circumstances, and what you want to achieve, what your goals are and your vision of yourself five, ten or more years on.

Can you learn, develop, self develop, applying soft skills not just technical skills to virtually any circumstances?

Regards

Caute_Cautim

Re: What do you think about AWS Certified Security Specialty?

Early_Adopter — Tue, 19 Mar 2024 04:58:55 GMT

@Caute_cautim

“Firewall Journey”.😅😂🤣

Sidewinder 6.x/Gauntlet 2! The only UI that sacrifices most of the screen real estate for a massive picture of a snake! On a CRT as well… The Secure Computing training didn’t take prisoners either - you had to be able to use a CLI well and you were given a real life implementation project - if you didn’t read it all first and make a plan - very good luck to you.

Regards certification in general it’s much more useful if you have the skills/knowledge/experience from a job you’re currently doing vs trying to break into something with certifications, you can see some of the folk running into this on the quest for ‘entry level’ with just a CC, it’s a toughie if you’re not already skilled as say a sysadmin.

I think that for SaaS operations AWS, Azure and GCP certificates/certifications are all valuable if you work on those platforms - again to the point here it’s important to look at the stuff that’s more general and applicable - having delivered on Amazon and GCP I can say that you need to be familiar with doing, and you don’t need the certifications per se, but they are useful if you are changing jobs, and as a way of formalising ongoing training and giving full coverage of the things you don’t do.

CCSP provides decent coverage, but it’s different to something that validates hands on skill and that’s something specific vendor certs can do well for you.

Re: What do you think about AWS Certified Security Specialty?

ashishkarpe — Tue, 19 Mar 2024 17:05:34 GMT

@alicetran I have most of my experience in AWS and now from my own experience I can tell you if you have good hands-on experience in either of the cloud then it's not so hard to adopt to Azure, Gcp or any cloud. So just don't over think and do nothing. Believe me no one will reject you in interview just because you know Aws and haven't worked on others, good interviewer all checks how well you know any one other cloud services and how easily ready to adopt to others.

Re: What do you think about AWS Certified Security Specialty?

alicetran — Thu, 21 Mar 2024 14:13:33 GMT

@Caute_cautim @Early_Adopter @ashishkarpe

Thank you for sharing your thoughts! My picture is becoming more clear from your sharing. I'm the case with experience in cybersecurity and GRC in my previous jobs in my country and certified CISSP. Although the CISSP helped me to pass over the resume screening round, my interviewers had never asked me about this knowledge but they asked for hand-on skills instead 😭. I'm not sure whether I applied to the wrong roles but I'm looking for GRC roles. I used to work as a GRC first layer defense working directly with developers, system admins, security admins, but I didn't do their jobs. Via some interviews I wondered that should I improve my hand-on skills and that's why I have taken step by step to AWS security 😅

Re: What do you think about AWS Certified Security Specialty?

Caute_cautim — Thu, 21 Mar 2024 22:51:05 GMT

@alicetran Where possible always keep your knowledge up to date, to stay relevant, especially with new threat and risk avenues such Gen-AI and new technologies, which are likely to engulf everyone within the next five years or so. Often you will find that this role, requires a number of skills and abilities, so whether you are motivated towards GRC roles, often we find ourselves having to roll up our sleeves and get pitched or providing trusted advice or guidance.

Stay curious and in discovery mode, to keep yourself motivated and invigorated.

Regards

Caute_Cautim

Re: What do you think about AWS Certified Security Specialty?

alicetran — Sun, 24 Mar 2024 22:29:02 GMT

@Caute_cautim i highly appreciate your advice!

I can see more and more AI and new technologies are being discussed in many forums, meetings to raise awareness. Could you please advise in more detail which level of hand-on skills a GRC role should be? They may be GRC tools which we use to manage risks/incidents or audit tools which we use to assess security posture, or security tools such as AI security to detect threat and response to incidents or tools to create security policies in the systems and manage the security posture of an organization. I feel that this role requires more or less hand-on skills but which levels and which tools should be focused more than the others are what I don't have enough information on.

Re: What do you think about AWS Certified Security Specialty?

Caute_cautim — Sun, 24 Mar 2024 22:46:22 GMT

Hi @alicetran Sure, sign up to https://skillsbuild.org/

It is free training from IBM to develop key skills for people such as yourself, and security practitioners too.

Look for AI training and you will come up with a number of courses.

I suggest you review AI under:

https://www.ibm.com/blog/announcement/ibm-framework-for-securing-generative-ai/

There are a number of links under the blog underneath, so go explore.

The reason I point you here, is the strong belief in AI Ethics which IBM is leading internationally, which links with AI security, Governance and then it leads to another subject Data Governance and how to use data and protect it.

https://www.ibm.com/topics/data-governance

Now you can do the same with Google, Microsoft and others, who have partnered with IBM - on the world wide stage. The UN just signed up to a worldwide support of Ethics within AI over the weekend too.

I hope this gives you a head start?

If you are interested in AI threat models, start with OWASP and their AI security model etc.

Lots of research, and lots of reading, but good for cpd's etc./

Regards

Caute_Cautim

Re: What do you think about AWS Certified Security Specialty?

alicetran — Wed, 27 Mar 2024 15:00:05 GMT

Thank you @Caute_cautim for your advice!