Google Cloud Professional Cloud Security Engineer

I have been dabbling with GCP for a couple of years now, and though my hands-on experience with the platform is not comparable to that with AWS, I do think I have a good grasp on the basics. During my time at Zettle by PayPal, I took a couple of live training courses focused on Google Cloud and Security. Given my current knowledge, hands-on experience and appetite for a challenge, pursuing the Google Cloud Professional Security Engineer exam made total sense.

Two days ago, I took and passed the exam, and I am now a certified Google Cloud Professional Cloud Security Engineer (yay). This post outlines my experience, some resources, and a couple of thoughts. I hope you find it useful when starting your journey towards taking and passing this exam, but most importantly, your Google Cloud security journey.

Before I tell you more about how I prepared for it, let's discuss the exam itself, and my personal experience taking it.

The Exam

The Google Cloud Professional Cloud Security Engineer exam is a multiple choice exam, but don't let that fool you. Unlike many technical exams, guessing and half-baked knowledge won't do you any good when taking this exam. The questions are often rather specific, and many revolve around complex scenarios that require both solid knowledge of GCP security, and the ability to devise reasonable and effective security decisions. I know that sounds simple, but it really isn't, so prepare well for the exam and hone your skills and knowledge before stepping into an exam centre.

Length: 2 hours
Registration fee: $200 (plus tax where applicable)
Languages: English, Japanese
Exam format: 50-60 multiple choice and multiple select questions
Exam delivery method: Online or at a test centre.
Prerequisites: None
Recommended experience: 3+ years of industry experience including more than 1 year designing and managing solutions using Google Cloud

As mentioned above, you can take the exam via online proctoring or at an exam centre. I really hate online proctoring, so I opted for the latter option and took my exam at a nice exam centre located somewhere near the centre of Stockholm. The check-in process at the centre was smooth and efficient. Fifteen minutes after I arrived at the location, I was sitting in front of an exam terminal ready to start the exam.

The exam itself had no surprises per se. It was moderately tough, and I had to mark about half of the questions for review, but overall, I didn't sweat. At least not before it was time to submit the answers, at that point, I definitely started sweating despite the freezing weather. It was a massive relief when the screen showed that I passed.

Now that we have discussed the exam and my experience with it, let's talk about how I prepared for the exam over the past few months.

The Study Plan

So, how did I prepare for this exam? Well, it goes without saying, hands-on experience is the most important preparation you can do when studying for technical security exams. I have been working with GCP administration and security (to varying degrees) for a couple of years and have a good grasp of the platform basics and the security topics. That being said, I haven't studied much of the Google Cloud documentation and online knowledge, so I had considerable gaps in theoretical knowledge that required filling before I can take the exam. My study plan went something like the following.

Live & On-Demand Courses

As I mentioned earlier, I got to attend a couple of live training courses focused on GCP security. The courses took 2-3days per course and covered a lot of the topics (presented and explained by a remarkable technical instructor) along with numerous hands-on labs to help us cement our newfound knowledge. The courses I attended were:

  • Google Cloud Fundamentals: Core Infrastructure
  • Networking in Google Cloud
  • Security in Google Cloud
  • Professional Cloud Security Engineer-Google Cloud Advanced Skills & Certification Workshop

During my time at Zettle by PayPal, I also had access to the Google Cloud Skillboost platform, which includes dozens of on-demand courses and hundreds of hands-on labs. I completed the learning path for the Google Cloud Professional Cloud Security Engineer, which included the following courses (and their associated hands-on labs):

  • A Tour of Google Cloud Hands-on Labs
  • Preparing for Your Professional Cloud Security Engineer Journey
  • Google Cloud Fundamentals: Core Infrastructure
  • Networking in Google Cloud: Defining and Implementing Networks
  • Networking in Google Cloud: Hybrid Connectivity and Network Management
  • Managing Security in Google Cloud
  • Security Best Practices in Google Cloud
  • Mitigating Security Vulnerabilities on Google Cloud
  • Logging and Monitoring in Google Cloud
  • Build and Secure Networks in Google Cloud
  • Ensure Access & Identity in Google Cloud
  • Google Kubernetes Engine Best Practices: Security
  • Securing your Network with Cloud Armor
  • Mitigate Threats and Vulnerabilities with Security Command Center

I Highly recommend the self-paced on-demand learning path. It covers a wide range of topics and provides invaluable hands-on experience for anyone interested in GCP and cloud security, not to mention a solid foundation for the exam.

Books

Live and on-demand trainings are excellent learning methods, but for me, comprehensive books on technical topics are hands down the best resources. Here are the books I read to better understand GCP and further my knowledge:

Until late last year, there were no books solely focused on this certification, which meant those studying for the exam had to rely on live trainings, on-demand courses (from Google, Pluralsight, etc.) and online documentation and blogs. Thankfully, in August 2023 a book was published by Packet that covers the domains of the exam.
Practise Tests

Let's get one thing clear, you should never, ever, use any of these certifications dumps. Ethical issues aside (and that's a gigantic thing to put aside), you will just be doing yourself a disservice and ruining any satisfaction or real learning you might gain from actually studying for your exams. That being said, practise tests offered by the certification provider are fine to take as they serve more of a benchmark of your readiness and offer almost no advantage when taking the actual exam. Google offers a simple practise test that mimics the actual exam and can give you a good idea of what topics you might need to focus on, it certainly did for me.

The Result

The exam terminal tells you right away if you passed or not. As my mouse pointer hovered over the submit button, I was sweating despite the freezing weather in Stockholm. I was sure of my answers, but as any test taker might tell you, that never helps when pressing that button. Thankfully, I passed. It took a few days before the team at Google reviewed my results and issued my certificate. I am now a certified Google Cloud Professional Cloud Security Engineer, Hurray!!

In true testament to the saying “no rest for the wicked”, I am already studying for my next cloud security exam. Different cloud, same knowledge. I look forward to taking the Azure security exams and might even remember enough to write a blog post about them too.

Resources