AWS № 07 of 14 SCS-C02 · Specialty

AWS
Security Specialty

A deep understanding of AWS security services — data protection, infrastructure security, incident response, identity, monitoring and logging. Cloud security is crucial to all use cases.

Enroll Now View Curriculum

10^wk

Programme Length

50^hr

AWS Training

1:1

Mentor Pairing

250^q

Exam Bank

Cohort 2026 · 03

Tuition

^$2,995

or 3 payments of $999 via Mia-Share

Instructional courses, hands-on labs and a preparation exam
SCS-C02 exam preparation aligned to the Specialty blueprint
Live AWS account with security services enabled
After-course computing sandbox included
One-on-one mentor — a practising AWS security engineer
250+ exam questions with rationale walkthroughs
GuardDuty, Macie, Inspector and KMS labs
Two full-length mock exams with proctored scoring

Begin Enrollment Speak to an Advisor

№ 01 / Overview

Cloud security is every use case.

Designed specifically for students looking to gain a deep understanding of AWS security services — including the many different security mechanisms and techniques that AWS offers to secure your infrastructure and data from both internal and external threats and exposures.

The AWS Certified Security – Specialty certification allows you to demonstrate and validate your AWS knowledge across security topics such as data protection and encryption, infrastructure security, incident response, identity and access management, monitoring and logging. With a blend of instructional courses, hands-on labs, quizzes and a preparation exam, this programme helps you prepare and master the SCS-C02 exam.

Why this certification matters: AWS certifications provide a reputable benchmark for AWS partners and practitioners. The Security Specialty ensures team members are following security best practices, provides professional progression, and contributes to AWS partner certification requirements.

№ 02 / Outcomes

What you'll walk away with.

01Master Identity & Access ManagementInternal and external authentication and authorisation methods — IAM users, roles, federation, SSO, Cognito and STS.
02Apply auditing & compliance servicesGuardDuty, Macie, Inspector, Security Hub — machine-learning-driven services that find what humans miss.
03Run monitoring and logging at depthCloudWatch, CloudTrail, VPC Flow Logs, Config — track log data and find vulnerabilities.
04Encrypt data correctlyKMS, CloudHSM, Secrets Manager, ACM. Envelope encryption, key rotation, client-side and server-side encryption — explained with the threat model that motivates each choice.
05Secure applications and networksWAF, Shield, Network Firewall, VPC isolation, security groups, NACLs — protect Web Apps and VPC infrastructure from both internal and external threats.
06Apply security best practices and governanceOrganisations SCPs, Config rules, Control Tower, audit trails for compliance evidence.
07Pass the SCS-C02 exam with confidenceValidate AWS knowledge across the full security surface area. A specialty credential employers genuinely respect.

Cloud data centre infrastructure — Chapter 03 — On the workload

№ 03 / Curriculum

Ten weeks. Nine modules.

Curriculum mirrors the SCS-C02 exam domains. We begin with Identity & Access Management — the foundation under everything else — then move outward through auditing, monitoring, encryption, network and application security, and finally governance.

The most common security service, IAM. Access management and identities — internally and externally. Different authentication and authorisation methods, IAM users, groups, roles and policy evaluation logic.

SAML federation, IAM Identity Center (formerly SSO), Cognito user and identity pools, STS temporary credentials, cross-account access patterns and permissions boundaries.

AWS security services for auditing and compliance — some based on Machine Learning, such as Amazon GuardDuty and Amazon Macie. Inspector for vulnerability assessment. Security Hub for aggregation.

CloudWatch, CloudTrail, VPC Flow Logs, S3 access logs. Use the different AWS services to monitor and track log data and use it to help find vulnerabilities. CloudWatch Logs Insights queries and Athena analysis.

Different encryption mechanisms across a range of common AWS services. KMS keys, key policies, grants. CloudHSM. Client-side vs server-side encryption. Secrets Manager, Parameter Store, ACM.

Different services and techniques to protect Web Apps and VPC infrastructure from both internal and external threats. WAF, Shield Standard and Advanced, Network Firewall, security groups, NACLs and Route 53 DNSSEC.

Detective controls, isolation playbooks, forensic capture, EventBridge automation, SSM Run Command for IR. Walk through real incident scenarios — compromised credentials, exposed S3 buckets, public RDS — and the response.

Security best practices, governance and risk. Organisations SCPs, Control Tower, AWS Config rules and conformance packs. Multi-account guardrails and the AWS Security Reference Architecture.

Conduct a full security review of a sample workload — produce findings, remediation plan and a hardened reference architecture. Two full-length SCS-C02 mock exams with proctored scoring and gap analysis.

№ 04 / Faculty

Practitioners who teach.

Not adjuncts. Working AWS security engineers from our consulting practice.

Lead Instructor · AWS Security · CISSP

Senior Cloud Security Engineer

Twelve years across penetration testing, incident response and cloud-native security architecture. Holds AWS Security Specialty, CISSP and OSCP.

Mentor · AWS Security · SA-Pro

Lead Mentor, Security Practice

Background in financial-services compliance. Specialises in multi-account guardrails, KMS at scale, and the operational mechanics of running GuardDuty and Security Hub in anger.

№ 05 — From a graduate

"The threat-model framing in every module is what made KMS click. I stopped memorising and started reasoning."

Chiamaka K.

AWS Security Specialty Graduate

№ 06 / Questions

The questions we hear most.

AWS recommends two years of hands-on AWS workload experience and five years of IT security experience for the SCS-C02. In practice, we ask for our AWS SAA-C03 course (or equivalent) plus working familiarity with general security concepts (TLS, PKI, OWASP Top 10).

Yes — with security services pre-enabled (GuardDuty, Macie, Inspector, Security Hub) so you spend your time investigating findings, not turning things on. After-course sandbox included.

Sit in on the next cohort free of charge. The Specialty exam is genuinely deep — most students pass on first or second attempt with focused mentor review of any weak domains.

No — AWS charges the Specialty exam fee directly ($300 USD at time of writing, billed through Pearson VUE). We'll walk you through scheduling and proctoring options.

Two evening sessions per week (Tuesday and Thursday, 6:30–9:00pm CT) plus a weekly Saturday lab workshop. Designed for working professionals. All sessions recorded for lifetime access.

Yes — we partner with Mia-Share / Meritize for tuition financing with monthly payment plans. See Financial Aid for full details.

№ 07 — Enroll

Cohort opens in weeks, not months.

Hold your seat with a deposit. Speak to admissions if you'd prefer a quick fit-check first — no high-pressure pitch, just a candid conversation about whether the SCS-C02 path is right for you.

Hold My Seat Call Admissions