AWS: Security – Specialty vs Azure Security Engineer Associate (AZ-500)

Until late 2018 my interactions to both AWS and Azure were pretty limited, even after this they were limited in a working capacity and it was mainly hobbyist working with the products on the cheap.

After completing what I call “hands-on” exams with OSCP & OSWE which are Offensive Security certifications that require breaking into systems, I wanted to show I knew how to setup securely. Most of the types of technology on both AWS and Azure have been around for a while, but it used to be the case you’d need several things to stitch together to make a solution for your needs – it wasn’t just all in one place and with a few clicks it’d all just play nicely together. AWS and Azure offer this now with relative ease.

I took AWS: Security in October and this is really what I’d call a solutions type exam, the goal was to provide answers to specific scenarios where you could technically do it a few ways but the goal would either be cost, scalability or something else they wanted you to factor in. It did have a lot of core information security and basic networking related questions that anyone with a few years of that domain knowledge would find fairly straight forward. It was challenging because sometimes a right answer can be a wrong answer and it’s a word or two in the requirements that makes that difference. It had a lot of emphasis on availability, monitoring, IAM, alerting and KMS. I definitely felt like I’d gone through an exam with this and it genuinely hurt my head.

I took the Azure Security Engineer Associate (AZ-500) at the end of November after managing to snaffle another 30 day freebie trial to play with. The Azure exam is a lot simpler and the scenarios are simpler to determine the right answer. There was some emphasis on IAM, monitoring, alerting and Vault but not so much on availability. I felt like the exam wasn’t too hard on the brain but some things you just couldn’t know without exposure to premium licensing and products which isn’t easy to achieve on a budget. Any Udemy videos around these features were generally outdated, in some cases nothing existed.

Each certification has its own merits but the AWS: Security – Specialty exam is definitely aimed at people with a bit more real world experience and this shows in the scenarios, troubleshooting and depth of questions. The Azure exam is entry level and focuses on best practices with their products, very basic networking, basic troubleshooting, security fundamentals and common uses.

Very pleased to have completed both this year!