What it takes to be a ‘Certified’ GCP Professional Security Engineer ?
Hmmmm….Another day and Another <in fact very big> excitement in my journey. This time I just don’t want to express my satisfaction & feelings in words and stop there — Rather also would like to help many aspiring Cloud Engineers with my blog by providing the necessary things / references and give back to the community as much as possible.
Again, I’m Not the expert on this subject but being a learner and a newbie — I know how much this blog can add value to those who are in the same path or planning to be on the same path in the near future.
From my view, every information available over the internet in these lines will be useful as long as the user / reader takes out the right context for this Professional Certification. So, feel free to refer to as many other references available online in order to ensure you cover all the grounds possible to attain this Certification under your belt.
Absolutely nothing wrong about studying and preparing for more! You are not going to loose any thing rather I guarantee that you’ll get & gain more understanding and knowledge as you try more, which is a big plus if you are keen to land your feet in to this exciting and most happening domain — Cloud Security — I bet you, it’s worth :)
I just wrote this exam couple of hours ego and the status looks like below. I’m still waiting for the official certification from Google Cloud as its still in the official ‘review process’ but I thought it shouldn’t stop me from sharing my own experiences and learnings I’ve used while preparing for this awesome certification.
Let me take you through what I did and what I recommend. I also would like to share my personal strategy as a recommendation for you guys to follow if that works for you.
Every one is different and unique. And My views or strategy might not work for you —take it easy and I totally understand and happy to learn from your experiences too if makes sense to me!
In this blog, I’m not really focusing on what topics [I mean ‘exam guide’] Google Cloud will test your ability for this certification as that can be referred in the official documentation which can be found here — https://cloud.google.com/certification/cloud-security-engineer and do NOT want to duplicate the same. Rather referencing that official website is more logical and authentic at any given point of time. So, I suggest — Please always refer to the official cloud.google.com page for the latest information and changes
As you understand the Exam Guide and you know what is expected out of this preparation, the next best First Step is to go through and learn from Coursera — Security in Google Cloud Platform Specialisation
As shown, it has got amazing 7 modules which will help you to walk through and learn most of the aspects for this specialisation
As a bonus, it also comes with some awesome Qwiklabs to make your hands dirty for the right balance between the concepts to the console
— Don’t miss it. I promise, you’ll nJoy the Quality of Content!
After playing around with Coursera, it’s time to jump on to Linux Academy, now it is AcloudGuru though and register for ‘Google Cloud Certified Professional Cloud Security Engineer’ course
This course is full of content and context. You will be made to walk through each of the GCP Services and brings ‘Security’ in to the context for each of those as you go through the modules
I’m really impressed with the way this course is structured and organised in bits-and-pieces to sufficiently make you aware of the Security perspectives
As you are going through the above courses, you’ll be exposed to the official Google Cloud Platform documentation. I recommend to read as much as possible to ensure you get the correct understanding and attention to detail while noting down your points about the Services, Security and Best Practices.
Remember — at the end of the day, it boils down to the ‘Best Practices’ and ‘Google’s Recommended’ ways of doing in order to attain the Best Security posture for all the applicable Cloud Services. As long as you keep that perspective and ensure to follow them for the real use-case scenarios, I say you are on the right track.
Without Networking Security, achieving Security overall is a myth and this is true for anyone who is preparing for the Security certification. Please prepare to go through the ‘Professional Cloud Network Engineer’ course under ACloudGuru as it goes deep dive in to the Networking Services which truely is a must to understand concept to be a Security Engineer
Once you are done with Coursera and ACloudGuru and You think, you can test your brain — that’s when is the right for you to check your knowledge through a practice test. Refer to GCP PSE Sample Test. This is a free test and unlimited times with 23 questions set. It repeats the same questions though but a great way to practice and repeat for overall topics coverage.
What I recommend is — do NOT try to just select the right answer rather try the technique to eliminate every wrong answer and be very clear why those answers are wrong. If you follow this strategy, you will not just ensure you are correct but you’ll end up gain more understanding about other possible use-case scenarios for each of those topics. While you are checking to eliminate the wrong answers, you can try to come up with what services can be fitted to those scenarios as well if applicable
I recommend to practice more frequently and try to spend more time based on the gaps you identify for a thorough understanding. Definitely a great way to introspect your knowledge across the topics for sure.
For any services or scenarios, if you are unable to justify — the best way is to ‘re-read’ the question and ‘re-align’ the Best Practices and/or Google’s Recommended ways and you’ll be able to join the dots much clearly now with more confidence with the concept and the context as well
In alignment to the above mentioned official exam guide, I suggest you to refer and get a good understanding for the below items. This not only helps you to give a great insight but gives you an awesome understanding about how Security works on GCP and how it has been implemented within and across the layers
- Google Cloud Security White-paper
- BeyondCorp Research papers — I highly recommend as these papers help you to keep your thought process from Security perspective. This is not just for the Certification exam perspective but it moulds you to be a ‘Security’ mind
- Cloud KMS — Ensure to breathe this. Google will try every aspect to confuse you during the exam. And if you are unclear, it’s easy for you to get lost and loose your control. So, ensure you really understand CSEK, CMEK and DEK, KEK and how actually it boils down across the levels
- Encryption at Rest and Encryption in Transit — No need to special mention about the importance of these topics. Please spend as much time as possible to understand thoroughly.
- Cloud Armor — The more you spend time on to this, the better. I suggest you cover every aspect about this service in the documentation.
- Cloud IAP — Ensure you understand why, where and when to use this. You’ll be thrown in to many use-case scenarios for sure in the exam.
- Cloud DLP — Just imagine in how many ways it can help for a better Security. A sure topic which attracts at least multiple scenarios. So, be clear with it
- Security Command Center and Web Security Scanner — These topics in general are very straight forward unless otherwise you are in confusion. So, take time to qualify for the quality
- Forseti Security — To be frank, I didn’t expect to face many scenarios on this topic but Google really tested all ways for use cases. I recommend, you to read through the official documentation thoroughly to be able to cover all the corner case situations. Mostly, they are straight forward and if you are good with the concepts — easy way to get more ‘pass %’ :)
- Access Context Manager — If you know the ‘Why and When’, then you are definitely in a good position
- Compliance — I just got one question but I think easiest topic to gain more ticks. So., I leave it to you to decide how much time you want to spend.
- Networking Services — This is one of the heaviest topic in ‘Security’ and we all know why. So, the more deeper understanding you’ve on to this topic — the better possibilities of clearing the exam with flying colours. Ensure to cover Cloud VPC, VPC Peering, Shared VPC, Cloud Interconnect [Dedicated & Partner] and Firewalls another great topic. As you can imagine, hell lot of possible scenarios can be created — be prepared to face it with a smile :)
- Cloud Load Balancing — Similar to the Networking Services, the more you prepare and deep understand, the more you can smile ;)
- Identity Services — It’s a mix of Resource Manger, IAM and Cloud Identity. Be prepared to face about GCDS and use cases too
- Compute Services — Be thorough with Compute Engine and GKE best practices. Spend good time to understand about GCE Security and GKE Security concepts as well
- Storage Services — Be prepared to understand Cloud Storage and Security best practices. Many use cases and scenarios possible to be explored like ACLs, Signed URLs, Bucket Lock and different data encryption techniques
- Monitoring — Be thorough with Logging, Monitoring and Alerting mechanisms and how logs can be integrated to the external providers
- Cloud DNS — be clear with Cloud DNS and DNSSEC
- Application Layer Transport Security
- Shared Responsibility Model — I say easy topic to get more smiles on the table provided you understand it. Definitely, have a read through and keep this in mind with use cases. Google can trick you easily if you missed the context about IaaS, PaaS or SaaS
Apart from these, I’ve some awesome YouTube playlists too for you to digest. Listed very few here and there are loads of GCP Video content to soak. Just go for it based on your patience :)
- GCP Networking End-to-End
- VPC Deep Dive and Best Practices
- GCP Encryption of Data
- GCP Kubernetes Security
- GCE Security
- Best Practices GCP Security
As you get more stronger with your concepts and topics —Now, is the best time to go for the Practice Tests with ACloudGuru — Do these practice tests as many times as possible.
Again, I’m re-iterating here. Do NOT focus on the scope rather focus on understanding of each question and eliminating the wrong answer first. My suggestion, the more you are able to eliminate the wrong answers, the more possibilities of you knowing the concepts and techniques thoroughly. It doesn’t matter if you just score 30% or 40% at your first attempt — The Question to ask yourself is ‘Are you really damn good with those 30 or 40% concepts ?’. If not, you might end up missing and making them wrong in your next attempt
Now is the time to read, re-read, practice and re-practice.
If you ask me, I have done almost 8–10 times of these practice tests with ACloudGuru until I got like 98–100% of my every attempt and I think that’s when you know that you got the stuff about GCP Cloud Security <to some extent OK :) — it’s a big ocean to be known ;)>
Once you able to achieve 90+% in every your attempt, definitely you’ll have your inner feeling telling you that it’s time to hit the real exam. Just Go for it!
Again, Please do NOT take me wrong here — Getting 90% or even 100% in practice tests with NOT only ACloudGuru or any other<including Google Cloud’s practice test> doesn’t guarantee that You’ll be passing the real test with flying colours in any way. In case someone claims that, please gently ignore with a smile and focus on your learning. What that “%” means is, You are able to identify the right choices given those situations in those practice tests — that’s all — Nothing more, Nothing less!
The Real Official Google Cloud Certification Exam is totally different and it’s a different ball game altogether. Until you face the real exam and see ‘Pass’ from Google Cloud through official confirmation, you are NOT certified ;) — I’m not discouraging here but trying to be open and transparent. It’s better to know the truth than the false promises!
Some things I followed while attempting the exam:
- Do NOT waste time for the tricky questions as you face them — take it with a smile, mark it for a ‘review later’ and move on
- The moment you are in dilemma with a question and for its correct answer, just mark it for a ‘review later’ and move on — Wasting crucial time is not worth
- For the questions which you are very clear with your responses, Tick them with the right answers and move on — The more you get these ticks, more time you can save for your ‘review later’ questions
- Once you reach to the end of the questions, take a deep breathe and attack your ‘review later’ questions.
- I bet — You’ll be much more comfortable now to respond to those questions as your mind is already fine tuned in to those contexts. Some times while answering other questions, you’ll get a clear picture for some of your ‘review later’ questions…just use it and move on :). This is like a ‘Tube-light’ trick!
- Utilise rest of the time to attack those unanswered questions. Do follow the earlier strategy mentioned like — If you are not able to figure out the correct answer, Do begin with eliminating the wrong answers. Damn sure, You’ll be able to dissect the correct answer now!
- If you still have time, better to re-review and utilise the time to the fullest
That’s all for now. Hope that simplifies the complexity!
As I’m waiting for my official certification, I wish you all the very best!
Hope this blog helps you and motivates you to go for the GCP Professional Cloud Security Engineer certification
Thanks for taking time to read!