6. Obtain Traditional Security Certifications As Well
The AWS Certified Security – Specialty is great for mastering the AWS environment itself, but for security for an entire ecosystem, traditional security certifications are needed as well, said Rohit Dhamankar, Alert Logic’s vice president of threat intelligence products. Security practitioners still must know how malware works and have basic knowledge at the application level to enjoy success more broadly, he said.
Practitioners must have well-rounded knowledge of the environment in which attacks are taking place as well as an understanding of where vulnerabilities can be found, said Onkar Birk, Alert Logic’s chief product officer. If a security practitioner doesn’t understand the environment he or she is operating in in the first place, Birk said leveling security on top of that is an exercise in futility.
Practitioners must understand how AWS relates to the environment they’re currently working in, what commonalities apply and where they occur, according to Birk. To be more tactical, Birk said practitioners should have a grasp of where microservices, APIs at rest and different types of databases apply.
