I am making the study plan irrespective of job role under AWS Security category. It can be AWS Security Analyst, AWS Security Researcher or AWS Security Engineer or Cloud Security Operations Expert or Cloud Security Manager.
So, check how much you can cover and close the checkbox. The more you close, the better candidate you are for the job role. Also, I assume you have already checked and comfortable with Common Security Skills study plan.
My only suggestion here is ask below 4 questions while learning each topic/concepts etc.
- What is this? (For example: What is security group)
- Why am I learning this?
- How I can implement this?
- How it will make secure or how to make it secure depending upon the topic or concept again?
I am listing only the topic name. How much you learn and comfortable with the concept or topic is upon you. And I will share the minimal link to make you up to the mark and you are free to learn anything more than this for better candidacy and experience.
One of the most important and must have skills for you. Try to understand IAM functionalities as much as possible.
- Understand IAM policy in 60 minutes: Youtube
- Understand IAM permissions
- Business Use Cases for IAM
- Security in IAM and STS
- IAM Access Analyzer
- User, Group, Roles and when to use when and don't forget to ask why this, why not that
- Custom policy vs AWS Managed Policy
- Cross-Account IAM policy to different roles, services, account
- Understand the IAM policy from security mindset. Why this, why not this?
- Service Control Policy
- Security Best Practices in IAM
- What does this service does
- What problem it would solve for business
- Security Best Practices guide for AWS service. Ex: S3 security best practices, VPC security best practices.
- What permissions you should provide for each role to maintain the least privilege principle.
- How it is being used, can there be some security misconfiguration if not configured properly. If so, what are the security guideline to configure it.
- Is multi-tier, multi region required for this service
- How data at rest and data in transit can be achieved.
- Is logging required? If so, how are you going to log and what data and till what period
- Are we monitoring it? what's the reason for Yes or No
- Any specific security settings for that service like Bucket Policy for S3 bucket
What I mean to say here is:
- AWS core services related security skills
- AWS Security services hands-on knowledge
What are these? These are the core services:
- IAM, super important
- EC2
- S3
- VPC, I feel it as the toughest one so far
- RDS
- API Gateway
- Lambda
- ECS and EKS
Below are AWS Core Security services that you should know and try hands-on as much as possible
- IAM Access Analyzer
- S3 Bucket Policy
- Security Group and NACL
- CloudTrail
- Config
- GuardDuty
- Inspector
- Macie
- Security Hub
- WAF and Shield (Optional, but if your job needs it; learn it)
- AWS KMS
- Secrets Manager
- Cognito
AWS has awesome lists of whitepapers related to AWS Security. We are adding few important one here. You can anytime check more for updated or new security whitepapers here
And don't forget to bookmark AWS Security bulletin for new vulnerabilities news from here
- AWS Overview - One of the important whitepaper to understand an overview of AWS
- Introduction to AWS Security Whitepaper
- AWS Well-Architected Security Pillar
- Introduction to Security By Design
- AWS Well Architected Framework
- AWS Risk And Compliance Whitepaper
- AWS Security Checklist
- AWS HIPAA Compliance Whitepaper
- AWS Cloud Adoption Framework
- AWS Auditing Security Checklist
- AWS CIS Foundation benchmark
- AWS Security Incident Response
- Overview of AWS Lambda Security
- AWS KMS Best Practices
- Encrypting File Data with Amazon Elastic File System
- Security of AWS CloudHSM backups
- Security overview of AWS Lambda
- NIST Cybersecurity Framework in the AWS cloud
- NIST 800-144 Security and Privacy in Public Cloud Computing
- Security at the Edge: Core Principles
- AWS KMS Best Practices
- Security Overview of AWS Fargate
- Did you use pacu? if not, start using it
- Try AWS CTF from flaws.cloud. Here is solution on YouTube as well
- Next level is at flaws2.cloud
- Try Well Architected Framework: Security Labs
- AWS Security Workshops
- Check other good tools like Prowler and ScoutSuite as well.
- AWS CIS Benchmark
- CSA Cloud Matrix and STAR Framework
- NIST CSF for AWS
- ISO 27017
Check Awesome AWS Security repo for more details on book, videos, courses etc.
I have a separate repo for skills roadmap and interview questions. I will keep it updated time to time. You can star it or fork it.