Ultimate AWS Certified Security Specialty [NEW 2025] SCS-C02 from Udemy

Welcome. I'm here to help you prepare and PASS the newest AWS Certified Security Specialty exam.

I'm so excited to have you here, but first, let's make sure this AWS Certified Security Specialty course is the right one for you

[Jun 2023 Update]: The course is fully updated for SCS-C02

PLEASE READ:

The course is MOSTLY SLIDES-BASED: If you're new to AWS, just finished AWS Certified Solutions Architect Associate and need to acquire some hands-on experience, I strongly recommend doing the following courses: AWS Certified Developer Associate, AWS Certified SysOps Administrator Associate, AWS Certified DevOps Engineer.

Expert course - you MUST have AT LEAST the AWS Certified Solutions Architect Associate: a lot of pre-requisite knowledge is assumed for that course. If you don't feel confident, please review the AWS Certified Solutions Architect Associate course first. Other certifications and extra-hands on experience is a huge plus.

This course is FAST-PACED: You must be ready to learn fast. I will not waste time over some basics. The slides are downloadable. I advise you to use the slides for some offline review after your session. I also recommend to not hesitate to go over some lectures you might have not understood fully.

Please enroll in a separate course for that. This course focuses on teaching you the knowledge to ace the exam.

The AWS Certified Security Specialty certification is a fun certification and a challenging exam. It requires some substantial hands-on and real-world experience for you to pass. This course is going to help you solidify the knowledge you already have and put it in perspective through the study of various solutions architectures and services.

With the right dedication and thanks to this course, you should be prepared for your exam and maximize your chances of passing your AWS Certified Security Specialty certification.

I am dedicated to helping people pass AWS certifications on Udemy, and have been teaching about how to pass all Associate Level, Professional Level, and all Specialty certifications. People who learn with me pass their exams with great confidence.

Instructor

My name is Stéphane Maarek, I am passionate about Cloud Computing, and I will be your instructor in this course. I teach about AWS certifications, focusing on helping my students improve their professional proficiencies in AWS.

I have already taught

With AWS becoming the centerpiece of today's modern IT architectures, I have decided it is time for students to learn how to be an AWS Security Specialty expert. So, let’s kick start the course. You are in good hands.

This course also comes with:

Lifetime access to all future updates
A responsive instructor in the Q&A Section
Udemy Certificate of Completion Ready for Download
A 30 Day "No Questions Asked" Money Back Guarantee.

Join me in this course if you want to become an AWS Certified Security Specialty and master the AWS platform.

What's inside

Syllabus

Important Course Information

Note: Other Courses Abbreviations

About your instructor

Code and Slides Download

[SOA] Logging in AWS for security and compliance

Domain 1 - Threat Detection and Incident Response

[CCP/SAA] GuardDuty Overview

GuardDuty - Advanced

[CCP] Security Hub Overview

Security Hub - Advanced

[CCP] Detective Overview

Detective - Architectures

[CCP/SOA] Penetration Testing on AWS

DDoS Simulation Testing on AWS

Compromised AWS Resources

Compromised AWS Credentials

EC2 Key Pairs & Remediating Exposed EC2 Key Paris

EC2 Instance Connect

EC2 Serial Console

Lost EC2 Key Pair - Linux

Lost EC2 Key Pair - Windows

EC2 Rescue Tool for Linux & Windows

AWS Acceptable Use Policy (AUP)

AWS Abuse Report

[CCP/SAA/DVA/SOA] IAM Security Tools

[Important] AWS Console UI Update

[CCP/SAA/DVA/SOA] IAM Security Tools - Hands On

IAM Access Analyzer

Domain 1 - Quiz

Domain 2 - Security Logging and Monitoring

Definitions & Terms

[CCP/SAA/SOA] Amazon Inspector

[SOA/DOP] Amazon Inspector Hands On

[SOA] Systems Manager Overview

[SOA] Start EC2 Instances with SSM Agent

[SOA] AWS Tags & SSM Resource Groups

[SOA] SSM Documents & SSM Run Command

[SOA] SSM Automations

[SAA/DVA/SOA] SSM Parameter Store Overview

[SAA/DVA/SOA] SSM Parameter Store Hands On (CLI)

[SOA] SSM Inventory & State Manager

[SOA] SSM Patch Manager and Maintenance Windows

[SOA] SSM Patch Manager and Maintenance Windows - Hands On

[SOA] SSM Session Manager Overview

[SOA] SSM Session Manager Hands On

[SOA] SSM Cleanup

[SOA] CloudWatch - Unified CloudWatch Agent - Overview

[SOA/DOP] CloudWatch - Unified CloudWatch Agent - Hands On

CloudWatch Unified Agent - Troubleshooting

[SAA/DVA/SOA] CloudWatch Logs

[SAA/DVA/SOA] CloudWatch Logs Hands On

[SAA/DVA/SOA] CloudWatch Alarms

[SAA/DVA/SOA] CloudWatch Alarms Hands On

CloudWatch Contributor Insights

[SAA/DVA/SOA] Amazon EventBridge

[SAA/DVA/SOA] Amazon EventBridge - Hands On

[SAA/DVA/SOA] Amazon Athena

[SAA/DVA/SOA] Amazon Athena - Hands On

Amazon Athena - Troubleshooting

[SAA] CloudTrail

[CCP/SAA/DVA/SOA] CloudTrail Hands On

[SAA/DVA/SOA] CloudTrail - EventBridge Integration

[SOA] CloudTrail for SysOps

CloudTrail to CloudWatch Metrics Filter - Example

CloudTrail - Integration with Athena

Monitoring Account Activity

[CCP/SAA/SOA] Macie

Macie - Advanced

[SAA/DVA/SOA] S3 Event Notifications

[SAA/DVA/SOA] S3 Event Notifications - Hands On

[SAA/SOA] VPC Flow Logs

[SAA/SOA] VPC Flow Logs Hands On

VPC Flow Logs - Advanced

[SAA/SOA] VPC Traffic Mirroring

VPC Traffic Mirroring - Architectures

VPC Network Access Analyzer

Route 53 - Query Logging

[SAA] OpenSearch

OpenSearch - Advanced

Domain 2 - Quiz

Domain 3 - Infrastructure Security

[SAA/SOA] Bastion Host

[SAA/SOA] Bastion Host - Hands On

[SAA/SOA] Site to Site VPN

[SAA/SOA] Site to Site VPN - Hands On

[CCP] Client VPN

Client VPN - Client Authentication Types

[SAA/SOA] VPC Peering

[SAA/SOA] VPC Peering - Hands On

[SOA] DNS Resolution Options in VPC

[SOA] DNS Resolution Options in VPC - Hands On

VPC Endpoints - Overview

VPC Endpoint Policies

VPC Endpoint - Examples

[SOA] PrivateLink

[SOA] PrivateLink - Hands On

[SAA/SOA] NACL & Security Groups

[SAA/SOA] NACL & Security Groups - Hands On

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Ultimate AWS Certified Security Specialty [NEW 2025] SCS-C02 with these activities:

Review IAM Fundamentals

Show steps

Solidify your understanding of IAM concepts before diving into advanced security topics. This will help you grasp the nuances of IAM roles, policies, and best practices within the AWS ecosystem.

Browse courses on IAM

Show steps

Review IAM roles and policies.
Practice creating and managing IAM users.
Familiarize yourself with IAM best practices.

Review IAM Fundamentals

Show steps

Solidify your understanding of IAM concepts before diving into advanced security topics. This will help you grasp the nuances of IAM roles, policies, and best practices within the AWS ecosystem.

Browse courses on IAM

Show steps

Review IAM roles and policies.
Practice creating and managing IAM users.
Familiarize yourself with IAM best practices.

AWS Certified Security Specialty Study Guide

Show steps

Use this book to reinforce your understanding of key security concepts and prepare for the AWS Certified Security Specialty exam. It provides a structured approach to learning and includes practice questions to test your knowledge.

View AWS Certified Cloud Practitioner Study Guide... on Amazon

Show steps

Read the chapters relevant to the course modules.
Complete the practice questions at the end of each chapter.
Review the key concepts and definitions.

Ten other activities

Expand to see all activities and additional details

Show all 13 activities

AWS Certified Security Specialty Study Guide

Show steps

Use this book to guide your studies and reinforce your understanding of key concepts. It provides a structured approach to learning and helps you identify areas where you need to focus your studies.

View AWS Certified Cloud Practitioner Study Guide... on Amazon

Show steps

Read the chapters related to each course module.
Complete the practice questions at the end of each chapter.
Review the key concepts and definitions.

Implement Security Group Rules

Show steps

Practice configuring security groups for different scenarios. This will reinforce your understanding of network security and how to control traffic to your AWS resources.

Show steps

Create security groups for web servers.
Configure security groups for database servers.
Test connectivity between different security groups.

Implement Security Group Rules

Show steps

Practice configuring security groups for different scenarios. This will reinforce your understanding of network security and how to control traffic to your AWS resources.

Show steps

Create security groups for web servers.
Configure security groups for database servers.
Test connectivity between different security groups.

Cloud Security Engineering

Show steps

Read this book to gain a deeper understanding of the engineering principles behind cloud security. It provides practical guidance on building secure cloud environments and implementing security best practices.

View Practical Cloud Security on Amazon

Show steps

Read the chapters on identity management and data protection.
Review the sections on incident response and security automation.
Consider how the concepts apply to your AWS environment.

Cloud Security: A Comprehensive Guide to Secure Cloud Computing

Show steps

Read this book to gain a broader understanding of cloud security principles. It will help you understand the context behind AWS security services and how they fit into a larger security strategy.

View Cloud Security: A Comprehensive Guide to Secure... on Amazon

Show steps

Read the chapters related to cloud security principles.
Identify the key security challenges in cloud computing.
Understand the different cloud security models.

Document a Security Incident Response Plan

Show steps

Develop a comprehensive security incident response plan tailored to AWS. This will help you think through potential security breaches and how to effectively respond to them.

Show steps

Identify potential security incidents.
Define roles and responsibilities.
Outline steps for incident detection, analysis, containment, eradication, and recovery.
Document communication protocols.

Document a Security Incident Response Plan

Show steps

Develop a comprehensive security incident response plan tailored to AWS. This will help you think through potential security breaches and how to effectively respond to them.

Show steps

Identify potential security incidents.
Define roles and responsibilities.
Outline steps for incident detection, analysis, containment, eradication, and recovery.
Document communication protocols.

Automate Security Audits

Show steps

Build an automated system for regularly auditing your AWS environment for security vulnerabilities. This will give you practical experience with security automation tools and techniques.

Show steps

Choose an automation tool (e.g., AWS Config, Cloud Custodian).
Define security rules and policies.
Implement automated remediation actions.
Set up alerts and notifications.

Automate Security Compliance Checks

Show steps

Build an automated system to continuously monitor your AWS environment for security compliance. This will help you proactively identify and address potential vulnerabilities.

Show steps

Choose a compliance framework (e.g., CIS, NIST).
Identify relevant AWS services for compliance monitoring.
Implement automated checks using AWS Config, CloudWatch, and Lambda.
Create dashboards to visualize compliance status.

Contribute to an AWS Security Open Source Project

Show steps

Contribute to an open-source project related to AWS security. This will provide hands-on experience and expose you to real-world security challenges.

Show steps

Find an AWS security-related open-source project on GitHub.
Review the project's documentation and code.
Identify a bug or feature to work on.
Submit a pull request with your changes.

Career center

Learners who complete Ultimate AWS Certified Security Specialty [NEW 2025] SCS-C02 will develop knowledge and skills that may be useful to these careers:

Cloud Security Architect

A Cloud Security Architect designs, plans, and manages the security of an organization's cloud computing infrastructure. This role involves creating security strategies, implementing security controls, and ensuring compliance with relevant regulations. The Ultimate AWS Certified Security Specialty course equips you with the knowledge to excel as a Cloud Security Architect, particularly with its focus on AWS security services and architectures. The hands-on experience with tools covered in the course, such as GuardDuty, Security Hub, and CloudTrail, helps build a practical understanding of threat detection, incident response, security logging, and monitoring. The course's emphasis on various solutions architectures and services specifically prepares you to design secure and robust cloud environments, making you an effective Cloud Security Architect.

See salaries and explore the career path for Cloud Security Architect

Security Engineer

As a Security Engineer, you are responsible for implementing and maintaining security measures to protect computer systems, networks, and data. This includes tasks such as configuring security tools, conducting vulnerability assessments, and responding to security incidents. The Ultimate AWS Certified Security Specialty course provides the specific knowledge needed to succeed as a Security Engineer in an AWS environment. The course dives deep into AWS security services like Inspector, Macie, and VPC Flow Logs, providing a comprehensive understanding of how to secure AWS infrastructure. The hands-on labs with services, such as SSM Parameter Store, CloudWatch, and EventBridge, help you build the practical skills and knowledge to excel as a Security Engineer.

See salaries and explore the career path for Security Engineer

DevSecOps Engineer

A DevSecOps Engineer integrates security practices into the software development lifecycle, automating security checks and ensuring that security is a shared responsibility throughout the development process. This role requires a strong understanding of both development and security principles. The Ultimate AWS Certified Security Specialty course may be useful for you, as it provides valuable insights into AWS security tools and best practices, allowing DevSecOps Engineers to integrate these practices into their workflows. The course's coverage of topics like IAM security tools and infrastructure security helps you implement security controls, while sections on CloudTrail and CloudWatch aids in monitoring and threat detection, essential for a DevSecOps Engineer.

See salaries and explore the career path for DevSecOps Engineer

Security Consultant

As a Security Consultant, you advise organizations on how to improve their security posture, assess risks, and implement security solutions. This often involves conducting security audits, developing security policies, and providing training to employees. The Ultimate AWS Certified Security Specialty course gives you expertise in AWS security that can be directly applied to consulting engagements. By understanding AWS-specific security services and architectures, you can provide informed recommendations to clients using the AWS platform. The course's broad coverage of topics, from threat detection to infrastructure security, helps you assess risks and design effective security solutions, making you a highly competent Security Consultant.

See salaries and explore the career path for Security Consultant

Cloud Security Analyst

A Cloud Security Analyst monitors cloud environments for security threats, investigates security incidents, and implements security controls to protect data and systems. This role requires a strong understanding of cloud security principles and tools. For a Cloud Security Analyst, the Ultimate AWS Certified Security Specialty certification course may be useful, as it provides in-depth knowledge of AWS security services and how to use them for monitoring and incident response. The course's coverage of tools such as GuardDuty, Security Hub, and CloudTrail helps you detect and respond to security threats effectively. The course can improve your understanding of CloudWatch, VPC Flow Logs, and Macie, as you analyze security events and ensure the integrity of cloud environments.

See salaries and explore the career path for Cloud Security Analyst

Information Security Manager

An Information Security Manager is responsible for developing and implementing an organization's information security strategy, ensuring that information assets are protected from unauthorized access, use, disclosure, disruption, modification, or destruction. The Ultimate AWS Certified Security Specialty course may be useful for Information Security Managers, as it offers a deep dive into AWS security best practices and services. This course provides the knowledge needed to effectively manage and secure AWS-based environments. The course’s comprehensive coverage, from IAM to threat detection, helps build a strong foundation for making informed decisions about security policies and risk management, essential for an Information Security Manager.

See salaries and explore the career path for Information Security Manager

Compliance Analyst

A Compliance Analyst ensures that an organization adheres to relevant laws, regulations, and internal policies related to data security and privacy. This role involves conducting audits, developing compliance programs, and monitoring compliance activities. The Ultimate AWS Certified Security Specialty course may be useful for Compliance Analysts, as it provides a detailed understanding of AWS security features and how they align with common compliance frameworks. The course's emphasis on logging, monitoring, and infrastructure security helps you assess and maintain compliance in AWS environments. Knowledge of AWS services like CloudTrail, Security Hub, and Macie can also be useful for regulatory requirements, assisting Compliance Analysts in ensuring adherence to standards.

See salaries and explore the career path for Compliance Analyst

Network Security Engineer

A Network Security Engineer is responsible for designing, implementing, and maintaining network security infrastructure, including firewalls, intrusion detection systems, and VPNs. This role requires a strong understanding of networking protocols and security principles. The Ultimate AWS Certified Security Specialty course may be useful for a Network Security Engineer, as it covers various aspects of network security within the AWS cloud. The course's sections on VPCs, security groups, NACLs, and VPNs help you design and implement secure network architectures in AWS. Moreover, the knowledge of services like VPC Flow Logs and Traffic Mirroring, provides skills to monitor network traffic and detect security threats effectively, making you a more capable Network Security Engineer.

See salaries and explore the career path for Network Security Engineer

Cloud Engineer

A Cloud Engineer is responsible for building, deploying, and managing applications and services in the cloud. This includes tasks such as provisioning resources, configuring networks, and automating deployments. The Ultimate AWS Certified Security Specialty course may be useful for Cloud Engineers, as it provides them with the knowledge and skills necessary to secure the AWS environments they manage. The course's coverage of topics like IAM, VPCs, and encryption helps you implement security best practices in your cloud deployments. Moreover, understanding security services like GuardDuty and Inspector, you can build more robust and secure cloud solutions as a Cloud Engineer.

See salaries and explore the career path for Cloud Engineer

Systems Administrator

A Systems Administrator is responsible for managing and maintaining computer systems and servers, ensuring their availability, performance, and security. The Ultimate AWS Certified Security Specialty course may be useful for Systems Administrators who work with AWS environments. This course provides insights into securing AWS infrastructure and managing access controls. The course's focus on IAM, patching, and logging may be useful to ensure the systems they manage are secure and compliant. This knowledge helps Systems Administrators maintain a secure and efficient IT infrastructure on the AWS platform.

See salaries and explore the career path for Systems Administrator

IT Auditor

An IT Auditor evaluates an organization's IT controls to ensure they are effective in protecting information assets and complying with regulations. This role involves assessing risks, testing controls, and reporting findings to management. The Ultimate AWS Certified Security Specialty course may be useful for IT Auditors, as it offers a comprehensive understanding of AWS security services and best practices. The course's coverage of topics like CloudTrail, Security Hub, and IAM helps you assess the effectiveness of security controls in AWS environments. You can leverage this knowledge to conduct thorough audits and provide valuable insights to organizations using AWS.

See salaries and explore the career path for IT Auditor

Data Protection Officer

A Data Protection Officer (DPO) is responsible for overseeing an organization's data protection strategy and ensuring compliance with data privacy regulations such as GDPR. The Ultimate AWS Certified Security Specialty course may be useful for a Data Protection Officer, as it provides insights into how to secure data within the AWS cloud environment. The course's coverage of topics like encryption, access control, and data loss prevention can help you implement effective data protection measures in AWS. You can use this knowledge to develop and enforce data privacy policies, ensuring compliance with relevant regulations.

See salaries and explore the career path for Data Protection Officer

Security Operations Center Analyst

A Security Operations Center (SOC) Analyst monitors security systems, analyzes security events, and responds to security incidents. This role requires a strong understanding of security tools and incident response procedures. The Ultimate AWS Certified Security Specialty course may be useful for SOC Analysts, as it provides valuable knowledge of AWS security services and how to use them for monitoring and incident response. The course's coverage of tools such as GuardDuty, Security Hub, and CloudTrail helps you detect and respond to security threats in AWS environments effectively. Through these tools, you can improve your ability to analyze security events and mitigate risks.

See salaries and explore the career path for Security Operations Center Analyst

Penetration Tester

A Penetration Tester simulates attacks on computer systems and networks to identify vulnerabilities and weaknesses. This role requires a deep understanding of security principles and attack techniques. The Ultimate AWS Certified Security Specialty course may be useful for Penetration Testers, as it provides an understanding of AWS security configurations and potential vulnerabilities. The course touches on penetration testing on AWS, giving insights into how to assess the security posture of AWS environments. You can leverage this knowledge to design and execute effective penetration tests, helping organizations identify and address security weaknesses.

See salaries and explore the career path for Penetration Tester

Database Administrator

A Database Administrator (DBA) is responsible for managing and maintaining databases, ensuring their performance, availability, and security. The Ultimate AWS Certified Security Specialty course may be useful for a Database Administrator working with databases in the AWS cloud. The course's coverage of topics like encryption, access control, and monitoring helps you secure databases and ensure compliance with security policies. By understanding AWS-specific security features, a DBA can better protect sensitive data and maintain the integrity of database systems.

See salaries and explore the career path for Database Administrator

Reading list

We've selected three books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Ultimate AWS Certified Security Specialty [NEW 2025] SCS-C02.

AWS Certified Cloud Practitioner Study Guide With...

Save

This study guide provides a comprehensive overview of the topics covered in the AWS Certified Security Specialty exam. It includes practice questions, hands-on exercises, and real-world scenarios to help you prepare for the exam. is commonly used as a textbook at academic institutions and by industry professionals. It adds depth and breadth to the existing course by providing a structured approach to exam preparation.

AWS Certified Cloud Practitioner Study Guide With...

Paperback

AWS Certified Cloud Practitioner Study Guide With...

Kindle Edition

Practical Cloud Security

Save

Delves into the engineering aspects of cloud security, providing practical guidance on building secure cloud environments. It covers topics such as identity management, data protection, and incident response. This book is more valuable as additional reading than it is as a current reference. It adds more depth to the existing course by providing a deeper understanding of the technical challenges and solutions in cloud security.

Practical Cloud Security

Paperback

Check price

Practical Cloud Security

Kindle Edition

Check price

Cloud Security: A Comprehensive Guide To Secure...

Save

Provides a broad overview of cloud security principles and practices. It covers various aspects of cloud security, including data protection, identity management, and compliance. While not specific to AWS, it provides a valuable foundation for understanding the broader context of cloud security. It is particularly useful for understanding the underlying principles behind AWS security services.

Cloud Security: A Comprehensive Guide to Secure...

Kindle Edition

Ultimate AWS Certified Security Specialty [NEW 2025] SCS-C02

What's inside

Syllabus

Save this course

Activities

Career center

Reading list

Share

Similar courses