Certifications as a Measurement

To start this off right, I renewed my AWS Security Specialist certification this week. It was due to expire in early February and, like most of my academic career, I got it done at the last minute.

The good news is that I passed! I am recertified for another 3 years - a complaint I am sure I will make come January of 2027.

However, I decided to try something I rarely do, and took the new certification exam cold - no prep work, no classes, nothing more than having some upbeat tunes as I drove through the snow to the local community college to take the exam in-person. So, let's break down why.

Why try it cold? Isn't that expensive?

Well, the good news is that AWS provides multiple ways to reduce the cost of most of the exams. Every time you pass an exam, you get 50% off the next one. If you go to some AWS conference, you get 50% off an exam, such as going to AWS Re:Invent. Some programs, including the Community Builders program, even provide a free voucher - and this is why I took the leap.

The AWS Community Builders program is focused on, as you'd expect, building a grassroots community about AWS and their products. It includes a lot of things, including good networking, some AWS credits to try and test things, an exclusive Slack instance, and a few other things - like an annual AWS exam.

If you're interested, once a year they take new applications - and they close on 28 Jan this year.

What did I learn taking it cold?

750 Points is cut-off

I got a 768 on the exam, which is enough to pass. 18 fewer points and I would've passed, 19 fewer and I would've failed. Although people should be proud of scores they get, there's nothing differentiating my score from a perfect score on Credly or in the system - a pass is a pass.

The new Security (02) exam is very practical

Without diving into the content, I felt the questions were very reasonable based on my day-to-day job. I have secured systems, entire accounts, introduced Security Hub, GuardDuty, AWS Config, and other related tooling to teams, and all of that was presented in ways that actually happened.

I remember when taking the old version of the exam that it was very theoretical and a lot of the situations were just unrealistic. This time, I think they really tightened down the questions and made sure it was less theory and more "given X situation, what should the security engineer do that's the cheapest/fastest/best practice" with actual steps. Overall, a huge improvement for the validity of the exam.

Taking it in-person helps

I live about 30 minutes from the nearest testing center. Counter to that, I live at home with my lovely partner and two pets. Trying to schedule a time where the pets could be contained, my desk cleaned, and general mayhem under control for 3 hours is a lot more difficult than anticipated. Especially in the winter, where you can't go take the dog on a hike (unless you like the single digit temps), it can be hard to make sure pets aren't trying to come into your office.

This time, I decided to deal with the 30 minute drive through snow-covered roads and take it at a local community college. The experience there was vastly superior to the remote experiences I've had recently. The proctor was very polite, allowed me to take the exam 45 minutes early, made sure I had the key to my stuff on the way out, and the room was silent - even with other test takers. After taking the test, I realized the whole time of travel and duration that I was actually testing was under the 3 hours that I would've had to plan at home.

I feel that the quality of remote proctors and/or how overwhelmed they are is a major impact on my test taking experience. I have a remote-only GitHub certification to do next week that I think will be more stressful than this one, only because I have to prepare a ton more at home, can't start early, will have to get my Drivers' License in focus on my camera, deal with a proctor maybe asking me to move my phone further away and any number of things. Overall, hopeful but not looking forward to it.

Is it a Measurement?

Back to the opening statement, was this exam a measurement? I feel it truly was. I didn't study, but I am in AWS Security in and out on a regular basis. Although there were topics that I don't normally need to know, especially about CloudFormation, it required a good understanding of the toolset and when to apply each tool. I hope that as they refresh the different certifications they take a mindset similar to how they developed this one, where it seems more realistic and less "theory so we can say use X tool for Y problems" type exams that plagued a lot of the high-stakes exams for a number of years.

I think if I took some of the other exams cold, I'd have more of an issue - such as SAP on AWS. As popular as SAP is, I've never once administered or deployed it. Trying something like this without any study would be blind guessing and a waste of mine and AWS and a proctor's time. In that case, it'd also be a measurement. However, studying for it and playing with it some on my personal accounts, I could probably get solid enough to work towards the illustrious "all the AWS certifications" achievement.

I think it's important to remember that certification measure at one particular point in time your mastery - with or without studying - of a topic. I am proud of being able to pass the measurement of Security this time without studying because I know it's truly on me. I'd also have owned a failure - it's important to own your mistakes but I felt confident in my overall AWS Security knowledge and had my AWS Community Builder benefit to make this a study worth doing.

Summary

I feel if I studied for it, I would've done significantly better - but a pass is a pass. The new Security exam is much more realistic and, in my opinion, better. Lastly, the AWS Community Builders program has really enabled me to try different things and learn how AWS works - sometimes by even trying exams without studying!

Next exam though? Definitely not a 3 hour-long specialist exam.