The author of this blog post shares his certification roadmap for the year 2024, which focuses on Azure cloud security. He plans to obtain four certifications: Azure Fundamentals (AZ-900), Security, Compliance, and Identity Fundamentals (SC-900), Azure Security Engineer Associate (AZ-500), and Cybersecurity Architect Expert (SC-100). He explains the rationale behind his choices and provides some reference links for each certification. He also intends to write a post for each learning path and exam he completes.
Copilot Summary
I recently decided to change my focus in cybersecurity from red team to blue team. Though I am not abandoning the increasing of my knowledge and understanding of TTPs, the change is more in the “why” as opposed to the “what.” I can use my offensive skills for defensive purposes.
With this modification of professional direction, the pursuit of new certifications is in order. Since one of my main job responsibilities currently is the security of our cloud environments, it would make sense that I should invest in certificates related to cloud security. The year 2024 will be a focus on Azure, and if all goes well, the year 2025 will be a focus on AWS.
For the upcoming year, I have mapped out which certifications I want to get. So here is my certificate roadmap.
Azure Fundamentals (AZ-900): As the name states, the training for this certification is on the fundamentals about the Azure platform. At the time of writing, I have already begun the learning path for this. For me, a lot of this so far has been review of what I already know, though I have learned some new things. Not only do I have experience specifically with Azure, but I also have a background as an SRE and system administrator in AWS and GCP. I wanted to start with this certificate since it really is the start of any other Azure learning pathways.
Security, Compliance, and Identity Fundamentals (SC-900): You had me at “Security.” This certificate is another foundational one which I think will be beneficial for me to earn since it takes what I already know about security and puts it into the scope of Azure and Microsoft products and platforms.
Azure Security Engineer Associate (AZ-500): This is the certificate that I’m most looking forward to getting. I could have just started on this learning path, but I wanted to build for myself a solid foundation with the other two certifications so that I could focus on just the security topics for this learning path and not have to backtrack on the basics. If I’m only able to get this certification by the end of next year, then that will be good enough for me, though I don’t plan to stop here.
Cybersecurity Architect Expert (SC-100): Do I need this one? No. Is it going to be a great benefit to me in my current position? I have no idea, but I’m a sucker for achievements that have prerequisites. The AZ-500 is one of the certifications that is needed to get the SC-100, so sign me up. In all honesty though, I love architecting things, and that those things would be security related is even better.
In theory, I should be able to earn each of the four certificates in a year, given that I intend on going through each learning path fully, and I can only invest so much time each day for professional development.
I also plan to write a post as I complete each of the learning paths and attempt related exams.
Reference links just for fun:
- https://learn.microsoft.com/en-us/credentials/certifications/azure-fundamentals/
- https://learn.microsoft.com/en-us/credentials/certifications/security-compliance-and-identity-fundamentals/
- https://learn.microsoft.com/en-us/credentials/certifications/azure-security-engineer/
- https://learn.microsoft.com/en-us/credentials/certifications/cybersecurity-architect-expert/
A handy pdf for these and other certifications: