GCP Professional Cloud Security Engineer
Preface
Let me begin by stating that I want to keep it real by not inflating the meaning of earning this or any other certification.
Having said that I do believe that the preparation for this exam can amplify the learning process and spare you the trial and error route.
Passing this exam won’t automatically make you a great Cloud Security Engineer but it will help facilitate a common language and a strong intuition on how Google approaches security.
Prerequisites
There are no prerequisites to taking this exam. In terms of the skills and knowledge baseline that one should poses Google offers a rather vague advice.
Recommended experience: 3+ years of industry experience including more than 1 year designing and managing solutions using Google Cloud.
Listed below is a set of arbitrary hints that I think might be helpful in determining whether this exam won’t be too much of a hassle at given point in your journey.
Cryptography: I think that a good rule of thumb to assess if you won’t struggle with this section is to perform a little exercise.
If you’re able to explain what’s the purpose of each or most parameters used in a TLS 1.2 cipher suite then I think you’re good to go.
Example: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Networking: Let me first that assure you won’t need a subnetting calculator when preparing for this exam.
Having said that Networking is a big part of the curriculum. You’ll need to understand the difference between private vs public ranges, how CIDR works and what is achieved by using the NAT mechanism just to name a few.
IAM: Least privilege in all shapes and forms. Understand the resource hierarchy and inheritence.
Application Security: No practical ability to execute any kind of attacks/techniques will be required of you.
In general a basic understanding of Layer 7 vulnerabilitity classes covered in OWASP TOP 10 should suffice.
Cloud-Native (GKE & Serverless): If it weren’t for the exam guide I would say spend the bulk of your time learning all there is about securing containerized workloads. But in reality it won’t help you much in passing the exam - more on that later.
Prep
I created a repository on GitHub that contains all the resources that I found valuable and used for my own studies so I’ll keep this part brief. In general I recommend to pick one interactive course to get started (Coursera would be my top pick followed by A Cloud Guru. Then I would focus mostly on going through the docs and taking practice exams (A Cloud Guru one comes in real handy). If I were to pick one resource that I found particularly useful then that would be the recently updated Prep Notes by Ammett Williams.
Exam experience
I had to wait an hour for the proctor to show up so there’s that 🙃
The test was of good quality. Some of the scenario-based questions were quite tricky and I must admit that on few occasions I relied on an educated intuition. Overall I would rate the difficulty as a 7/10. What I find surprising is the apparent neglect of GKE in the syllabus and the exam itself. I suppose that this is a conscious decision but I’d be curious to know why that is. From what I recall basic GKE knowledge was required for the ACE certification. Based on the exam guide alone it seems that the Professional Cloud DevOps Engineer might cover it to some extent as well.
Final thoughts
In retrospect preparing for this certification and taking the exam was definetly worth it.