AWS Certified Security Specialty
This certification prep path provides a deep dive into the security services and best practices required to secure the AWS platform and pass the AWS Certified Security - Specialty exam.
15
H
36
M
Intermediate
10
Learners at 96% of Fortune 1000 companies trust Cybrary
.svg){kind=small}
About this Path
The AWS Certified Security - Specialty certification is for experienced cloud professionals responsible for securing AWS environments. Recommended for individuals with at least two years of hands-on experience securing AWS workloads, this certification validates your expertise in designing and implementing advanced security solutions to protect the AWS platform. Earning this credential proves you can handle complex security challenges, including incident response, data protection, and infrastructure hardening.
The exam will test your knowledge across five critical domains outlined by AWS:
- Threat Detection and Incident Response: Designing and implementing architectures to detect and respond to security threats and incidents.
- Security Logging and Monitoring: Architecting systems to automate security monitoring, logging, and alerting.
- Infrastructure Security: Designing and implementing security controls for AWS infrastructure, including networking and compute services.
- Identity and Access Management: Creating scalable and secure authorization and authentication systems for users and applications.
- Data Protection: Implementing key management and data encryption solutions to protect data at rest and in transit.
Skills you'll gain
Path Outline
Collection Outline
Coming Soon
The Leadership and Management Career Path is expected to release in Q2 of 2025. Sign up now to explore our other leadership courses and content.
Start Learning for FreeLearn
Learn core concepts and get hands-on with key skills.
AWS CSS: Threat Detection and Incident Response
In this AWS CSS: Threat Detection and Incident Response course, you will learn about AWS acceptable use, unauthorized activtities, and AWS Config.
AWS CSS: Security Logging and Monitoring
In this AWS CCS: Security Logging and Monitoring course, you will learn about automated monitoring services, designing security logging, monitors, and alerts, and security reference architecture (SRA).
AWS CSS: Infrastructure Security
In this AWS CCS: Security Logging and Monitoring course, you will learn about automated monitoring services, designing security logging, monitors, and alerts, and security reference architecture (SRA).
AWS CSS: Identity and Access Management
In this AWS CSS: Identity and Access Management course, you will learn about Active Directory and AWS Directory Service, designing scalable systems to access AWS resources, and identifying issues when accessing AWS resources.
AWS CSS: Data Protection
In this AWS CSS: Data Protection course, you will learn about key managment solutions, designing and evaluating data encryption solutions, and designing mechanisms to forward traffic over secure connections
AWS CSS: Management and Security Governance
In this AWS CSS: Management and Security Governance course, you will learn about AWS Organizations, designing secure and consistent deployment strategies for cloud resources, and how to identify security gaps through architectureal reviews and cost analysis in AWS.
AWS CSS: Preparing for the Exam
In this brief AWS CSS: Preparing for the Exam course, you will learn how to decipher exam questions and get advice on how to study for the certification exam.
Practice
Exercise your problem-solving and creative thinking skills with security-centric puzzles
Implement an IAM Policy
Gain hands-on experience creating an AWS Identity and Access Management (IAM) policy to manage an Amazon S3 bucket. Lab activities include: creating an IAM policy and user group, adding a user account to the group, creating an S3 bucket, adding an object to the bucket, and attempting to delete both the object and the bucket.
Configure Security for an IAM User
Gain hands-on experience creating an Identity and Access Management (IAM) user that has full administrator access. Lab activities include: creating an IAM user, creating a user group, assigning a user to the group, attaching a policy to the group, and implementing multi-factor authentication for the root account.
Implement Security by Using an IAM Role
Gain hands-on experience creating an Identity and Access Management (IAM) role to access an Amazon Simple Storage Service (Amazon S3) bucket from an Elastic Compute Cloud (EC2) instance. Activities include: creating an Amazon S3 bucket, creating an IAM policy that provides full control of the bucket, and testing the policy in a new EC2 instance.
Implement a Network Access Control List Lab
In this lab, students will create a network Access Control List (ACL) that only allows specific traffic to a subnet. Students will then attempt to access a Web server through the ACL.
Implement Protection for Data and Infrastructure
In this lab, you will learn how to protect sensitive information in an AWS environment. First, you will create an Amazon EC2 key pair to provide a secure connection to an instance. Then add and upload the key to the AWS Systems Manager Parameter Store. Finally, you will store a set of access key credentials in the AWS Secrets Manager.
Implement a Security Monitoring Process
Gain hands-on experience implementing a security monitoring process with AWS CloudTrail. Lab activities include: setting up CloudTrail to track management events, configuring a topic by using Amazon SNS, configuring Amazon CloudWatch Logs by using a metric filter, configuring an alarm for a log group, and reviewing the CloudTrail trail.
Prove
Assess your knowledge and skills to identify areas for improvement and measure your growth
AWS Certified Security Specialty (SCS-C02)
Prepare for the AWS Certified Security Specialist (SCS-C02) exam. Amazon recommends candidates have at least 5 years of IT security experience in designing and implementing security solutions, and hands-on experience securing AWS workloads. The exam covers: Incident Response, Logging & Monitoring, Infrastructure Security, IAM, and Data Protection.
Train Your Team
Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.
Instructors
Instructors
Get Hands-on Learning
Put your skills to the test in virtual labs, challenges, and simulated environments.
Measure Your Progress
Track your skills development from lesson to lesson using the Cybrary Skills Tracker.
Connect with the Community
Connect with peers and mentors through our supportive community of cybersecurity professionals.
Success from Our Learners
Frequently Asked Questions
This certification prep path is designed for mid-career practitioners currently in a security role and with two or more years of experience with securing AWS cloud workloads.
This certification prep path is aligned with the SCS-C02 version of the AWS Certified Security Speciality exam.
More information about the AWS Certified Security Specialty exam is available here:https://aws.amazon.com/certification/certified-security-specialty/
