AWS Certified Security Specialty (SCS-C02) Training

Strengthen Your Cloud Career with AWS Security Mastery

  • Gain in-depth expertise in identity, monitoring, infrastructure, data protection, and incident response.
  • Covers 30+ Core AWS Services & Real-World Scenarios
  • Learn directly from seasoned AWS and security professionals
  • Get Post-training Support till Exam, Career Guidance & Mentorship

Program Highlights

This AWS Certified Security – Specialty training blends live instructor-led sessions with real-time industry use cases to ensure practical learning. Learners gain hands-on experience through demos on 30+ AWS services, covering IAM, data protection, logging and monitoring, incident response, and infrastructure security. Interactive flashcards and dynamic discussions reinforce core concepts, while recorded sessions provide flexible revision. Guided by industry experts, participants receive career mentorship, exam-focused preparation, and post-training support, enabling them to confidently secure AWS environments and excel in certification.

  • 32 Hours LIVE Instructor-Led Training
  • Interactive Flashcards
  • Career Guidance and Mentorship
  • Real-time Industry Use Cases
  • Learn from Industry Experts
  • Post Training Support
  • Live Demos on 30+ AWS Services
  • Highly Interactive and Dynamic Sessions
  • Access to Recorded Sessions

AWS Certified Security Specialty (SCS-C02)

The AWS Certified Security – Specialty training by InfosecTrain provides in-depth knowledge of securing AWS environments through advanced security concepts and hands-on practices. The course covers critical areas such as threat detection, incident response, logging and monitoring, infrastructure protection, IAM, and data security. Participants will also explore multi-account management, governance, and compliance strategies using AWS services. Designed for professionals with existing AWS experience, this course equips learners with the skills to design and implement robust security solutions on AWS.

  • Domain 1: Threat Detection and Incident Response
    • Design and implement an incident response plan
      • Incident Response Strategy
      • Roles and responsibilities in IR plan specific to cloud incidents
        • Use case 1: Credentials compromise
        • Use case 2: Compromised EC2 Instances
      • Playbooks and Runbooks for IR
      • AWS Specific services helpful in Incident Response
      • Third-party integration concepts
      • Centralize security finding with Security Hub
    • Detect security threats and anomalies by using AWS services
      • Threat detection services specific to AWS
      • Visualizing and Detecting anomalies and correlation techniques
      • Evaluate findings from security services
      • Performing queries for validating security events
      • Create metrics filters and dashboards to detect Anomalous activity
    • Respond to compromised resources and workloads
      • AWS Security IR Guide
      • Automating remediation by using AWS services
      • Compromised resource management
      • Investigating and analyzing to conduct root cause and log analysis
      • Capturing relevant forensics data from a compromised resource
      • Protecting and preserving forensic artifacts
      • Post-incident recovery
  • Domain 2: Security Logging and Monitoring
    • Design and implement monitoring and alerting to address security events
    • Key AWS services for monitoring and alerting
    • Monitoring metrics and baselines
    • Analyzing environments and workloads to determine monitoring requirements according to business and
      security requirements
    • Setting up tools and scripts to perform regular audits
    • Troubleshoot security monitoring and alerting
      • Configuring monitoring services and collecting event data
      • Application monitoring, alerting, and visibility challenges
    • Design and implement a logging solution
      • Key logging services and attributes
      • Log destinations, ingestion points, and lifecycle management
      • Logging specific to services and applications
    • Troubleshoot logging solutions
      • AWS services that provide data sources and logging capabilities
      • Access permissions that are necessary for logging
      • Identifying misconfigurations and remediations specific to logging
      • Reasons for missing logs and performing remediation steps
    • Design a log analysis solution
      • Services and tools to analyze captured logs
      • Identifying patterns in logs to indicate anomalies and known threats
      • Log analysis features for AWS services
      • Log format and components
      • Normalizing, parsing, and correlating logs
  • Domain 3: Infrastructure Security
    • Design and implement security controls for edge services
      • Define edge security strategies and security features
      • Select proper edge services based on anticipated threats and attacks and define proper
        protection mechanisms based on that
      • Define proper protection mechanisms based on threats
      • Define layered Defense (Defense in Depth) mechanisms
      • Applying restrictions based on different criteria
      • Enable logging and monitoring across edge services to indicate attacks
    • Design and implement network security controls
      • VPC security mechanisms, including Security Groups, NACLs, and Network Firewall
      • Traffic Mirroring and VPC Flow Logs
      • VPC Security mechanisms and implement network segmentation based on security requirements
      • Network traffic management and segmentation
      • Inter-VPC connectivity, Traffic isolation, and VPN concepts and; deployment
      • Peering and Transit Gateway
      • AWS Point to Site and Site to Site VPN, Direct Connect
      • Continuous optimization by identifying and removing unnecessary network access
    • Design and implement security controls for compute workloads
      • Provisioning and maintenance of EC2 instances
      • Create hardened images and backups
      • Applying instance and service roles for defining permissions
      • Host-based security mechanisms
      • Vulnerability assessment using AWS Inspector
      • Passing secrets and credentials security to computing workloads
    • Troubleshoot network security
    • Identifying, interpreting, and prioritizing network connectivity and analyzing reachability
    • Analyze log sources to identify problems
    • Network traffic sampling using traffic mirroring
  • Domain 4: Identity and Access Management
    • Design, implement, and troubleshoot authentication for AWS resources
      • Identity and Access Management
      • Establish identity through an authentication system based on requirements
      • Managed Identities, Identity federation
      • AWS Identity Center, IAM, and Cognito
      • MFA, Conditional access, STS
      • Troubleshoot authentication issues
    • Design, implement, and troubleshoot authorization for AWS resources
      • IAM policies and types
      • Policy structure and troubleshooting
      • Troubleshoot authorization issues
      • ABAC and RBAC strategies
      • Principle of least privilege and Separation of duties
      • Investigate unintended permissions, authorization, or privileges
  • Domain 5: Data Protection
    • Design and implement controls that provide confidentiality and integrity for data in transit
      • Design secure connectivity between AWS and on-premises networks
      • Design mechanisms to require encryption when connecting to resources
      • Requiring DIT encryption for AWS API calls
      • Design mechanisms to forward traffic over secure connections
      • Designing cross-region networking
    • Design and implement controls that provide confidentiality and integrity for data at rest
      • Encryption and integrity concepts
      • Resource policies
      • Configure services to activate encryption for data at rest and to protect data integrity by
        preventing modifications
      • Cloud HSM and KMS
    • Design and implement controls to manage the data lifecycle at rest
      • Lifecycle policies and configurations
      • Automated life cycle management
      • Establishing schedules and retention for AWS backup across AWS services
    • Design and implement controls to protect credentials, secrets, and cryptographic key materials
      • Designing management and rotation of secrets for workloads using a secret manager
      • Designing KMS key policies to limit usage to authorized users
      • Establishing mechanisms to import and remove customer-provider key material
  • Domain 6: Management and Security Governance
    • Design a strategy to centrally deploy and manage AWS accounts
      • Multi-account strategies using AWS Organizations and control tower
      • SCPs and Policy multi-account policy enforcement
      • Centralized management of security services and aggregation of findings
      • Securing root account access
    • Implement a secure and consistent deployment strategy for cloud resources
      • Deployment best practices with Infrastructure as a code
      • Tagging and metadata
      • Configure and deploy portfolios of approved AWS services
      • Securely sharing resources across AWS accounts
      • Visibility and control over AWS infrastructure
    • Evaluate compliance of AWS resources
      • Data classification using AWS services
      • Define config rules for detection of non-compliant AWS resources.
      • Collecting and organizing evidence by using Security Hub and AWS audit manager
    • Identify security gaps through architectural reviews and cost analysis
      • AWS cost and usage anomaly identification
      • Strategies to reduce attack surfaces
      • AWS well-architected framework to identify security gaps

This course is ideal for:

  • Candidates with an understanding of IT security and Cybersecurity concepts.
  • Those who are working in cloud computing and security domains.
  • Those who want to build their career in AWS Security Architecture.
  • Anyone interested in gaining the AWS Security Specialty Certification.
  • Anyone wishing to enhance deep security knowledge related to AWS.
  • Knowledge of IT/Cyber Security concepts.
  • Basic understanding of networking and OS concepts.
  • Basic understanding of Virtualization fundamentals and Virtualization concepts.
  • The ideal applicant should have 3-5 years of expertise in designing and implementing security solutions. Furthermore, the ideal applicant should have at least 2 years of hands-on experience securing AWS workloads.

By the end of this training program, participants will be able to:

  • Understand AWS security architecture and core protection mechanisms in depth.
  • Implement identity and access management controls for secure environments.
  • Apply encryption techniques to safeguard data at rest and transit.
  • Design monitoring strategies using AWS CloudTrail, GuardDuty, and Security Hub.
  • Configure secure network architectures with firewalls, VPC, and subnets.
  • Evaluate compliance requirements and implement governance controls on AWS workloads.
  • Prepare effectively for the AWS Security Specialty certification with real-world practice.
Exam Code SCS-C02
Exam Pattern Multiple Choice, Multiple Response
Number of Questions 65
Exam Duration 170 minutes
Passing Score 750/1000
Language English, French, German, Italian, Japanese, Korean, Portuguese, Simplified Chinese, and Spanish.

Still Confused About Course?
Talk to Our Experts!