AWS Security Fundamentals Training

AWS Security Fundamentals 2nd Ed Certificate For Tim Layton @

I recently took the AWS Security Fundamentals Training course and passed the exam.

The AWS Security Fundamentals Training course is a great place to start if you are interested in earning your AWS Security Speciality Certification and this fundamentals training will help point you in the right direction in terms of what AWS Services you need to be learn and understand for securing your AWS environment.

The course is produced and hosted by AWS and it is also free. I have taken a lot of AWS training and I thought this course could have been a lot better based on the quality of their other courses. The delivery of the course was definitely sub-par as compared to the majority of other AWS training. I find this sort of odd because AWS is very vocal about security being priority number one for them. I shared my feedback and hopefully they will revise the course in the future. As a whole, I have been very impressed with the majority of AWS training that I have taken.

AWS Security Fundamentals 2nd Ed Certificate For Tim Layton @

In this course, you will learn fundamental cloud computing and AWS security concepts, including AWS access control and management, governance, logging, and encryption methods. You will also learn about security-related compliance protocols, risk management strategies, and procedures related to auditing your AWS security infrastructure. You will also be exposed to some key security offerings. You will need to dig a little deeper and do some reading and research on your own, but the overall direction is good.

Get My Free Cloud Security Risk Management Journal


  • Identify the security benefits and responsibilities when using the AWS Cloud 
  • Describe the access control and management features of AWS 
  • Understand the different data encryption methods to secure sensitive data 
  • Describe how to secure network access to your AWS resources 
  • Determine which AWS services can be used for security logging and monitoring 


In this self-paced course, you will learn fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured. We will address and your security responsibility in the AWS cloud and the different security-oriented services available. 

  • Introduction to AWS Security Fundamentals 
  • Security of the Cloud 
  • AWS Global Infrastructure 
  • Data Center Security 
  • Compliance and Governance 
  • DDoS Mitigation 
  • Security in the Cloud 
  • Entry points on AWS 
  • Identity and Access Management 
  • Detective Controls 
  • Infrastructure Protection 
  • Data Protection 
  • Incident Response 
  • Well Architected Tool Overview 
  • End of Course Assessment

Tim Layton specializes in demystifying the complexities and technical jargon associated with cloud computing security and risk management for business stakeholders across the enterprise. Tim is a cloud security thought leader defining actionable and defensible strategies to help enterprise stakeholders make risk-based decisions and prioritize investments in the new digital frontier.

Stay Connected With Tim Layton



Get My Free Cloud Security Risk Management Journal


Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. (NIST 800–30)

Threat: a potential cause of an unwanted incident that can result in harm to a system or organization. (ISO 27001)

Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. (NIST 800–30)

Vulnerability: weakness of an asset or control that can be exploited by one or more threats. (ISO 27001)

Likelihood: A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities. (NIST 800–30)

Likelihood: chance of something happening. (ISO 27001)

Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. (NIST 800–30)

Risk: effect of uncertainty on objectives. (ISO 27001)

Security Controls: The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. (NIST 800–30)

Compensating Security Control: A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system. (NIST 800–30)

Impact Level: The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. (NIST 800–30)

Residual Risk: A portion of risk remaining after security measures have been applied. (NIST 800–30)

Security Posture: The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. (NIST 800–30)

Get My Free Cloud Security Risk Management Journal

Tim Layton

Tim Layton

Get Tim Layton's Free Cloud Security Journal so you can remain current with the latest cloud security trends and updates. Tim is a cloud security thought leader defining actionable and defensible strategies to help organization's make risk-based decisions and prioritize investments.

Recommended Articles