passed aws solutions architect associate

As a last act of 2019, I took and passed the AWS Solutions Architect Associate certification exam. The AWS SAA is the typical starting point for sysadmins and engineers looking to design, plan, and manage an organization’s presence in the AWS cloud environments. Other exams at this level are the Developer Associate for developers and SysOps Administrator Associate for a more focused dive into managing systems in AWS. (SysOp is such a great, cool term. I hope it makes a comeback over SysAdmin…) Each of those three feeds into more advanced Professional designations and also some advanced specialty designations like Security, Big Data, and Networking. None of these need to be taken in order, but they do build upon each other so it makes sense for students to progress up the chain in order.

In mid 2019 I decided to shore up a gap in my technology knowledge by diving harder into cloud concepts and security topics. I’ve spent about 17 years doing admin and security work, but I’ve not had a large chance to dabble in AWS until my current position. So, I’ve decided to upgrade myself a little bit in this regard. Since then, I’ve earned my AWS CCP and my CCSK designations. I decided to remain aggressive and hoped to get this AWS SAA before 2019 ended.

My goal with this track of study is really to study for and take the AWS Security Specialty certification exam, since…well…I’m a security geek! The CCSP is also on the roadmap, but mostly for its recognition and the fact it won’t really cost me anything additional to keep renewed along with my CISSP.

For study, I really kept to the same blueprint I use for most certifications. I start out by researching the exam, the exam topics, and what other successful students have reported and reviewed over the most recent years. Often, I do this by searching the TechExams forum, reddit, and then also Google. I write down various ideas and resources those students used, research those sources, and start to formulate a plan of attack. Sometimes, I’ll solicit some advice from some peers on Twitter, Reddit, or other media, but often I usually self-research.

I opened up with a 7-day free trial to A Cloud.Guru and blitzed through their AWS SAA 2019 offering as quickly as possible. At 12 hours, this wasn’t too bad. But, also at “only” 12 hours compared to the Linux Academy course at 54 hours(!), I assumed ACG’s offering wasn’t really going to get detailed enough to rely solely upon. Overall, this course at ACG makes a good intro, but the presentation quality and style definitely go up and down. Some sections of the course are recorded with lower quality equipment, which means section to section you can experience very different sound levels. This becomes pretty distracting, even annoying. Likewise, an editor must not have been hired, as there are pauses and even retakes within the audio that are still present. Overall, I felt I could trust the author, but I also somewhat felt like the author rushed to get this out and it’s just not that polished. The material, however, was solid. I did not do any labs on ACG. I did like the meaty quizzes at the end of each section, though the grammar on them is spotty and the reasons for the answers are at times woefully brief, sometimes just repeating the actual answer rather than a reasoning for it

Later on about a week before my exam, I would open another 7-day free trial at ACG just to consume their Exam Simulator, which is just a practice exam whose questions are pulled from some pool of questions. I ran through this twice, and only had maybe 1-3 repeat questions out of the 65 given. That said, the grammar on these questions was outright terrible, and I honestly felt dirty for going through the experience. Still, plenty of questions reflected the sorts of topics and questions I saw on the exam.

I then spent the bulk of my study time on the 54-hour beast of a course, the AWS Certified Solutions Architect – Associate Level (id=341) by Adrian Cantrill and hosted on Linux Academy. This course includes LA-hosted labs which performed very well for me and a supplement, The Orion Papers, hosted on LucidChart. I was initially very lukewarm on the LucidChart materials, but by the end of my study, I was actually referencing them regularly for refreshing and reviewing various topics. The course itself is excellent with a high quality of delivery throughout. I did not like the quizzes nearly as much, but they do reflect the material presented.

I took the practice exam at the end of this course, and also an older LA-based practice exam from the 2018 course. I didn’t like either of these practice exams as they seemed overly specific on various bits of knowledge that go beyond what you are expected to know for the Associate level, like calculating RCU/WCUs. I found both quizzes to be strangely pulling from the same pool of questions (or at least written by the same people and/or borrowing from each other), and overall found it frustrating.

About halfway through the Cantrill course, I signed up for a package of 6 practice exams hosted on Udemy by Jon Bonso (TutorialsDojo). I really liked this set of exams and found them to be challenging at just the right level, both while I was still completing my studying, but also in retrospect after passing my exam and thinking back to where overlaps occurred between the exam and these practice materials. I initially was scoring below 70%, but as I finished up the core of my studying, I was pretty consistently getting 75% on my first attempts on those exams, and 85% on subsequent tries. I reviewed all questions after each attempt, making mental note of reasons for questions I got right, and physically writing down notes on questions I got wrong (or just guessed on). I would then re-attempt one of the practice exams after a week or more. Even if you pay full price for those (which I think is $40), this set of practice exams is definitely worth it.

Despite plans to do so, I never really consulting the official AWS whitepapers, FAQs, or Best Practices for the various services. I would sometimes get into them very briefly when Googling answers/reasons for practice exam questions, but never sat down to comprehensively go over them. I also briefly looked at the TutorialsDojo cheatsheets, but I had expected really quick cheatsheets and charts and diagrams, but instead they were pretty lengthy, so I didn’t really consume them.

I also never really went into depth on my own AWS account or fired up any projects of any merit. I would still say 80% of my AWS hands-on experience before my exam was fueled by the Linux Academy labs. That said, my extensive general IT experience hosting critical web sites helped me with many troubleshooting questions and understanding some difficult concepts like using load balancers, traffic encryption, and network layouts. Someone with less IT experience should probably expect to do a little more hands-on work in AWS to prepare for the SAA exam.

Overall, I somewhat casually studied from mid-September until the end of December en route to my exam date. For other students, I’d highly recommend going through the route I did: ACG course, LA course (Cantrill), and then Udemy practice exams. I’d then suggest looking at the AWS Whitepapers, FAQs, and Best Practices to finish up. If you already know about how AWS works, concepts on why cloud makes sense, how AWS bills you, how AWS support plans are structured, and the general one-line definition of the most common AWS services, I think AWS SAA is the place to start. Lacking that knowledge, first taking the AWS Certified Cloud Practitioner is a great stepping stone into AWS knowledge.

The exam experience wasn’t really out of the ordinary. I scheduled my exam during winter break at the college I usually take exams at, so the whole atmosphere was casual, chill, and pretty dead overall. I spent a full hour on the exam, and that even includes flagging questions and reviewing the first 20 questions over again. I did not feel entirely confident in my attempt after the first 12 questions, but they seemed to ease up in the latter portions. I normally do not review or go back to previous questions in exams, but I did do so quite a bit in this one. Still, I don’t think I changed many answers at all. It is possible to go back and review every question whether you flagged it or not, which is nice. Passing means achieving a score of 720 (possible 100-1000), and I scored 836 for a comfortable pass.

Overall, I think the AWS SAA is a good certification to ensure that someone who does already or wants to start working within AWS to design solutions and troubleshoot issues is prepared for that task. That said, I have next to no practical experience in AWS (that’ll change!) and was able to pass, so I would say this exam is appropriate for people with 0-2 years of experience with AWS services. That also means possession of this cert may not attest to someone’s actual expertise in AWS, but definitely attests to having a grasp of the fundamentals enough to not be a clueless disaster. (And honestly, that can even be said about the CCNA or any other technical cert.) Despite that, I actually feel far more conversant and novice-level competent in understanding and doing things in AWS, especially in comparison to my pre-study state. I’m hoping future projects will fill in further gaps.

As intimated earlier, the AWS SAA is a stepping stone towards my real goal of achieving the AWS Security Specialty certification, so that will be my next step on this journey. I also have the ISC2 CCSP on my radar, but I think I’ll keep with the AWS focus for now, and plug in the CCSP later. Since the CCSP is more theoretical than hands-on technical, I am skeptical what I’ll actually learn from the CCSP, but I may end up surprised!

reviewing my 2019 learning and career goals

I really thought about not comparing what I did in 2019 with what my planned goals were, but then I realized that’s not useful to me at all. And there’s no real need to only restate what I did this year. I see I predicted that I’d be far too aggressive with my planned activities, and I was right! Still, I think it’s normal for me in this regard to over-commit to things and then accomplish what I can, rather than plan to underachieve and coast through another year. I used to do that, and I don’t really want to at this point in my career.

Rather than go through the full list, I figured I’d just pluck out the things I planned to formally pursue.

SANS SEC542 (GWAPT) at SANS East – Success! I ended up going to SANS East, earned a SEC542 coin, got first in NetWars, and later earned my GWAPT.

TBD Second major training: Black Hat USA Trainings or SANS SEC573 (GPYC) Python or SANS SEC545 Cloud – Failed! This one wasn’t really my fault. I aggressively (so to speak) requested budget for this at work, but that never came to fruition.

Linux+ – Success! I took and passed both exams before CompTia refreshed the cert and broke from LPIC-1, meaning I got the lifetime version from CompTia and still also got the limited one from LPI. Not only was this a goal for this year, but this is probably the last “certificate bucket list” item I’ve long had on my wish list from back when I didn’t even do this learning stuff regularly (thanks to a company and manager who didn’t value personal development).

SLAE (+ OSCE prep) – Pushed back! I don’t consider this too bad of a fail. I still want to start this track through to OSCE, but I also understand this is a labor of love more than it will benefit my career/work at this moment. It, again, will get on my list for 2020.

CCSP (Cloud) – Sorta Success! Honestly, this one morphed into something bigger and more formal than just pushing for CCSP. I’ve decided to make a concerted and bigger dive into the cloud security world. I pushed CCSP out to 2020 and instead earned my AWS Cloud Practitioner Certification and the Cloud Security Alliance CCSK. And since then, I have been hitting coursework and labs to attempt the AWS Solutions Architect Associate exam very soon. After that, my plan is to earn the CCSP and then the AWS Security Specialty.

Pentester Academy tracks (+Red Team Lab?) – Low usage! I haven’t given this enough love, just like I haven’t gotten back into HTB or other labs like I want to. I’m considering this a fail, and will be re-prioritizing for next year.

Linux Academy – Success! Hey, I’ve been making heavy use of this this year! I also dropped PluralSight as I wasn’t making heavy use of it.

Splunk Fundamentals & Power User – Dropped! I had wanted to pursue this, but this definitely was chopped off early. This is more of a work item, and my role hasn’t really allowed me to be in Splunk as much as others on the team have been. And that’s OK. I let this one slide to make more room for the cloud focus.

As far as my informal topics go, most of them just didn’t get as much love as I’d like to have given them. I’ve stuck to a few books that weren’t intensive time-sucks like The Phoenix Project, Tribe of Hackers, Tribe of Hackers Red Team, Red Team: How to Succeed By Thinking Like the Enemy, and Infosec Rockstar. I think I may repurpose “informal learning” into two paths: informal topics and maintenance/improvement paths.

I still attend SecDSM and BSides Iowa as expected, but I didn’t hit any other cons this year. I really should try to get to Defcon next year in the new digs…