Welcome to the Azure Security Podcast where we discuss topics relating to security, privacy, reliability and compliance on the Microsoft Cloud Platform. Everybody welcome to Episode 34. This is a slightly different episode than our normal episodes. This one is focused on exams and certification and security on the various Microsoft platforms. Normally we'd have the whole gang here but we don't this week. It's just myself, Eurydia Janus and Sarah's here. We're also going to have no news.
We're here just to talk about one topic which is certification and exams. And there's a good reason for it. Basically Sarah and Eury have got a book coming out which is a study guide for the SC200. So before we get stuck into the book, Sarah why don't you explain briefly what SC200 actually is? Sure. So we have mentioned it on some previous episodes of the podcast. But SC200 is the Microsoft Security Operations Analyst exam. It came out a few months ago now. It was in beta for a little bit.
I think end of April it came out as a fully fledged, real and inverted commas exam. And it's an exam that measures proficiency across Azure Sentinel, Azure Defender and Microsoft Defender. There are a couple of other Microsoft exams that have come out alongside it as well. But we'll stick with my baby SC200 today. So Eury, there are other exams as well or other certifications that are available. So another one is SC900. So how does that compare and contrast with SC200?
So the 900 is more around the entire Microsoft Secure Solutions and Compliance. It's more basic if you think about SC200 is way more advanced. So if you think about taking the exam, the order that you should take is definitely SC900 first. Because it will give you a good foundation of terminologies. There is a lot of terminology that you need to be aware. It talks about zero trust.
It talks about very basic concepts that you need to know in order to, when you move on to SC200, you will not spend time understanding terminologies. So it's a good way to get started going through those. It's very massive as far as content. It goes all over the place because it covers Azure AD. It talks a little bit about Azure Defender. It talks a little bit about Sentinel, but all like 100, not more than 200 level. While SC200 goes up to 311, even for some areas. So it's way more advanced.
So I know we've spoken about this, but one thing that I've been doing over the last few months is trying to take all the 900 level exams available on Azure. So for example, a few months ago, I did the DP900, which is database technologies. That was actually really cool. I enjoyed taking it. I got a 970 on it. But the reason why I enjoyed taking it and the reason why I want to take all the 900, and I will take the SC900 because Sarah told me to take it.
But the main reason why I want to take them is because I think there's another one for like the Power Platform. There's an AI 900 and there's a couple of others. But the reason why I want to take them is to make sure that I have a broad coverage of technologies that I may not actually use on a day-to-day basis. So for example, I don't use the Power Platform on a day-to-day basis. I mean, I kind of do, but I don't really use it in anger.
It's mainly just sort of helping people out with some of their security questions. And that's kind of it. And to be frank, I don't understand a lot of the Power Platform nomenclature and a lot of the wording. So if nothing else, the 900 exams personally will just give me a good, broad understanding of what these different technologies are capable of and what their terminology is.
So I know both of you probably got an opinion on this, but in my humble opinion, I think everyone who is designing and building anything on Azure really should be looking at SC900, at least as a starting point. Is that a fair comment? Yeah, yeah. Because as you said, it covers a vast scope. For example, in SC900, COVID data classification, data loss prevention, sensitive labels.
So areas that you might not go there every day if you are, for example, dedicated to Azure Defender or dedicated to Sentinel, but are things that are important for you to be aware they are there. So I think it's a very good foundational exam. When you look at the outline, you may think it's extremely massive and you may think, how I'm going to learn all that, but don't overthink. It's not deep. The level of questions that the exam offers, I know that's because I also co-authored the SC900
with other folks and it's coming out as well. It's already a bit of a pre-order. But we had to many times step back and remove things from the book because we were going too deep and it was like, no, no, we need to remove that because this is not necessary. We just need to stick 100 level, 200 level at most in some topics. Yeah, I like to think of them as these 900 exams as just being sort of a mile wide and an inch deep.
It's going to give you a broad exposure to the technologies without understanding necessarily how absolutely everything works in those various techniques and technologies. So what's your opinion on SC900 as a starting point? I think it's a good starting point. All the 900 exams are a good place to start. And certainly there's a lot, it's quite broad, but it's definitely a good way of gauging kind of
where your Azure security knowledge is at as well. And just to give you, you can have that tick to say, hey, I actually did this and I have a good foundational knowledge. I mean, it's very easy for us to who work in Microsoft and live and breathe all the products every day, but not everybody does that. So definitely I think it's a good way to make sure that you, to measure yourself against the whole suite of Microsoft security things. And of course, there are lots of
people, security became cool, didn't it? A few years ago, maybe four, five years ago, security became cool. And there's tons of people trying to break into the industry. I talked to lots of students and other people who might be doing career changes. And I think these foundational certificates, Azure security, et cetera, any of the 900 level exams is a really good way to prove that you're keen if you're trying to break into the industry as well.
Because I know there are plenty of people out there who do want to. Thank you. Actually, you bring up an interesting point there. I was speaking to my nephew in New Zealand this about a year ago, and he was looking at sort of moving on to, he basically does Windows server support for a city government. And I'm like, you know, you really should be looking at spreading your wings a little bit. And I said, you know, this cloud thing, this cloud
thing is going to be big. You heard it here first. And so one of the things I suggest that he does is, you know, get first of all, get a free Azure subscription and then look at some of the 900 exams, right? Just to force you to learn certain parts of the environment. So yeah, I think we all agree. SC900 is probably a really good starting point, a mile wide inch deep, but at least it will expose you to the various controls and technologies around security compliance and
identity that we have in Azure. And I will say that is a little bit even beyond Azure, because if if you go for example, for the first domain, because the outline is dividing domain, the first domain talks about some concepts that are almost vendor neutral, such as share responsibility model, defense in death, right? Things that you talk about on your SDL book back in 2006, right? But it's still being used today, but in a cloud model, right? So there are a lot of key concepts that
are covered in this exam as well. Actually, it's funny, you should bring that up. One of the certifications that I'm looking at doing is actually an AWS certification. You know, because a lot of customers that I deal with it, I know you folks are the same. You know, you deal with a lot of customers and they're, you know, they're multi cloud and it's not just Azure. And sometimes you need to understand again, what the terminology is that's used in
different cloud platforms. So I'm actually going to take the, you know, essentially the AWS equivalent of AZ 900, which is our sort of foundational Azure certification. So yeah, I'm doing the same, but you know, across other platforms as well. So while we're talking about SC 900, and we're talking about SC 200 just briefly, so what are the major topics that are in SC 200? What are the major areas? So the exam is dividing three domains and they work
pretty good. Can I also mix a little bit about the book, how we did it? Yeah, because we did, we have three authors in this book and we divide on each domain per author. So Sarah got the entire Sentinel part of it, her specialty where she focused for the most part. So she wrote the entire Sentinel part. I wrote the entire Azure defender part. And then we have Jake from our Microsoft
Defender for endpoint team, writing the Microsoft 365 defender. So it's three domains, where it covers Microsoft Defender for endpoint Microsoft 365 Defender as a whole. And then Azure Defender and then Sentinel is a very well structured exam, to be honest. It's, we had a small update that was released July 23rd on the exam. That's why our book got a little delay because we have to do some minor audacious estimates, but it's really minor.
So the entire structure of the exam is basically the same in the topics as well. Sarah, you have any thoughts there? I mean, obviously you had to write about your baby. I did write about my baby. And unlike yourself and Yuri, this was the first time I have written a book. And yeah, it was an interesting and fun experience. And now I can say I'm a published author or I will be able to in a couple of months, which is quite cool. But yes, I did get to write
about my baby. And because my baby is still relatively new, there's not too many books out there. So hopefully people find it useful and it makes sense. You can tell I have a little bit of imposter syndrome still because I am not an experienced author like you two gentlemen, but it was fun. And I genuinely do hope people find it useful because Sentinel being a pretty new product,
it is, you know, there's not as much material out there as like, oh, for other things. So, you know, hopefully, whether you're taking the exam or you just want to know more about Sentinel, I hope it's actually useful for people because it's quite comprehensive everything that we go through, you know, from considerations for setting up a workspace to analytics rules to doing some logic apps, blah, blah, blah, blah, blah. You know, there's a lot of stuff in there. I mean,
that took me a good solid two months of my spare time to write. But yeah, it was a good it was a good experience. And yeah, I'm looking forward to having a book that I can say I wrote and taking my picture with it and sending it to grandma. Right. That's what you do. Yeah, yeah, exactly. And then just one thing to add, I think Sarah also covered a lot of QKL as well, because there are QKL questions on the exam. So the book, the set, the entire domain that Sarah wrote also
has some examples of QKL. Oh, yeah. KQL is a KQL is just a bit of a beast in itself. You could probably write a whole book on KQL. And so yeah, I mean, in my section, I talk about some of the operators and some examples of the, you know, the KQL that you would need to typically write Sentinel queries. But of course, one of the great things about Sentinel, and I mean, I must have this discussion with customers every day. One of the great things about Sentinel is that we
have a lot of pre-populated things to get you going. But the possibilities of what you want to detect on and your queries and what you want to search for are pretty much endless. And, you know, it depends on each business, what products they have, what security things are important to them. So, so yeah, it's a bit of a beast, bit of a bit of a beast, but hopefully it will get people started. So, you know, the building blocks to make your own KQL things. Yeah. And then the people
who are usually asked, do I need to know that for the exam? I will say, you should know. And you should mainly know the operators and the syntax, because there will be questions that you see the entire query, and you're going to have to select an option that we actually make that query to work. If you select the wrong option, the query is not going to work. So that's a cool thing about this exam is that it's almost like they have practical
questions. You don't have to type because the query is there, but you have to select the right operator to make sure that that query is going to run. Yeah, I'm a huge Custer KQL fan, but like you say, Sarah, it's almost like an endless technology, right? There's so much you can do, there's essentially like full-fledged query language in every possible way. So one other topic I just want to touch on real quick about SC200 is, from my perspective,
know my background. To be frank, I think I may actually struggle with that exam. My background is more about security design, security development, security deployment, least privilege, cryptography, key management, key lifecycle, that kind of stuff. And so this is probably an area where I'm not going to say I'm going to struggle, but I've probably got a lot more to learn than say you two
if I was to take this exam. I mean, I'll take SC900 just so Sarah doesn't yell at me or laugh at me, but SC200 may actually be a bit of a stretch for me because it's just not my background. And that's why we have on the podcast, we have people with different skill sets. On purpose is because security is such a massive area and obviously operations is also a critically important area as well, but it's not an area that I really am exposed to much. So we've covered SC200
and SC900. Let's talk about the gorilla in the room, which is AZ500. So Sarah and I, we actually took it the same week and we didn't even realize that we'd both taken the exam the same week. We both passed. I'm going to be honest with you, I squeaked in. It's a difficult exam. It is a difficult exam. It's got a lot of moving parts, a lot of technology. And basically what it does is it focuses on, as it mentions, Azure security technology. So for example, Key Vault, actually
the Key Vault stuff was easy. PIM, privileged identity management, RBAC controls, network isolation, network security groups, configuration settings for various Azure services. I mean, it's not just wide, it is deep as well. And I don't know about you guys, but I found AZ500 a real struggle. It was a hard exam. It is a hard exam. And I wrote that one with Ory and Thomas. And it was even hard to cover everything on the level of depth that was necessary for the exam.
It's very broad. And there is also a lot of considerations, right? Which option is the best one? So there is a lot of design questions, which is something that the AC200 does not have. So the AZ500 is not only about the technology, but about how to design the best solution based on the different options that the technology offers. And that's tricky many times, because if you do not pay attention to the scenarios, you might select the wrong option.
Yeah. And that's why I'm kind of happy that the AC900 exists. Because if people are sort of dipping their toes in Azure security, I mean, AZ500 is just going to have people screaming for the hills. Whereas AC900 is a really nice, gentle introduction to, like you say, as you mentioned, Uri, not just Azure security compliance and identity. It is Azure security compliance,
and the identity fundamentals in the cloud. It's not just Microsoft. So I think that's a, if someone wants to get into security, then I think AC900 is a really great entry point. AZ500 will just have you running away terrified. So also, Uri, you mentioned earlier before we started this, there's also an identity exam as well. And one thing I want to make sure everyone understands, identity is not security. I mean, obviously, they overlap in some areas,
but they are quite a different set of skills. And I think someone who's a security generalist needs to understand at least the basics of identity as well. So that's another option as well. Yeah, that's the AC300, Microsoft Identity and Access Administrator, which will cover basically identity management solutions, authentication, access management, access management for apps, identity governance. So it's very heavily on the identity solution.
Do both of you want to just chime in quickly about the book, when it will be available, roughly how big is it, let's somehow be interested in. Yeah, and can it be pre-ordered? And if so, where? It can be pre-ordered on Amazon or on MicrosoftPressStore.com. It's available in both places right now to pre-order. The last date that I got from Microsoft Press is that it's going to, whoever order is going to be receiving in October. Because, I mean, Sarah, I and Jake,
we've done reviewing, we already reviewed even the final PDF. But now that is the post-production and then send it over to the printer. And so it takes a little time, but it should be out in October. Very nice. I just had a little story about the very first book that ever wrote back in the day, which was designing secure web applications for Windows 2000. That was the IIS security PM at the time, program manager at the time. And I wrote, you know, I started writing this book
and wrote the first chapter. And I thought, man, you know, this is fantastic prose. You know, this is worthy of a Pulitzer Prize. And it's sent it to the editor and a guy called Devin Musgrave. Fantastic guy. Oh, I work with him the best. Yeah, I know him. He sends it back to me and, oh my God, it looked like a blood bath. I mean, I very quickly learned about passive voice. I very quickly learned about who is the subject. Oh my God, I learned so quickly about just basic grammar.
Yeah, I thought I was really, really good at writing. It turns out I was pretty much sucked. But anyway, let me ask you something just, Sarah, what did you think about the experience, Sarah, of the tech review? It was okay. Do you like it? Yeah, you know what? Because, well, as you well know, Yuri, we have tech review, and then we have like the editorial review for the quality of English. Now, do you know what? The tech review,
well, the tech review was done by both of our boss, Nick. And do you know what really, the tech review just annoyed me because I made some really dumb, there was a couple of things where I was like, yeah, that's wrong. As soon as Nick pointed it out, I was like, why have I written this? And I was like, oh my God, that's quite embarrassing. There were a couple of those. For me, the tech review was fine. I think there was only one point where probably we had to agree
to disagree. But for the review in terms of the quality of the English, now, I always fancied myself as a pretty decent writer. And I can't compare of course with Michael or maybe your first attempt, Yuri. But I think most, it wasn't that bad. And so I was like, cool, maybe I am as good as I thought I was. Or maybe I'm not. But I didn't have change it. Yeah, it was an interesting
experience. And of course, because it is my first go at something like this, I was like fully prepared for it to be absolutely covered in in markups and blah, blah, blah, blah, blah, exactly like you, Michael. But it wasn't too bad. I feel like I feel like my my English teacher at school would be relatively proud of me. And I did do an arts degree. So I did just write essays for three years. So this is one of those rare occasions when my tertiary education comes in
handy. You know, it's funny to say that I only scraped through English in my last year of high school in New Zealand because the book for English was Lord of the Rings. And I actually knew more about Lord of the Rings than the actual teacher. But anyway, so one of the little interesting sort of facts is when David LeBlanc and I were writing Runny Secure Code, the second edition, the crypto chapter, which was 48 pages long, I actually wrote it in one in one sitting.
And it was the the chapter that came back from Devon with the least number of edits. So even though I was exhausted at the end of it, it was just like this flow of consciousness being put down in words. So there's something to be said for just working, you know, working nonstop to get something done. So let's wrap this up. Do either of you have any final thoughts on any of our exams, but most notably the book and SE200? I guess I'll just add, because we talked
about where you can get the book. But if you're not in the US, because of course there's Amazon and Microsoft Press, but if you're not in the US, and not all of those places deliver everywhere, I've had a look online, so places like book depository, even some of the like all the local book shops, the way you might go to look for it if you're not in the US should have it for pre-order as well. I mean, I personally use book depository a lot that have free shipping worldwide, and you
can pre-order it on there too. Just thought I'd mention that just for anyone listening who is not US based. Yeah, that's a good point. And also, since I always receive this question, I just want to emphasize because a lot of friends from Brazil, I'm originally from Brazil, they ask, are we going to have a Portuguese version of the book? And the chances are almost zero that we are going to localize the book. So it'll be English only. I mean, is the exam available in Portuguese? Most of the
exams are localized nowadays. But the book, it's really rare, is going to be localized based on nowadays policy. Well, Yuri, Sarah, thank you so much for dropping by this week. Although, not sure why I'm saying that with Sarah because I get to see Sarah every couple of weeks to do the Azure Security podcast. But thanks again. I think as much as I hate to say, I'll probably end up trying to take SE 200 as well, even though it's way outside of my field of comfort. I will
definitely do SE 900 just so that Sarah doesn't really kill me. And the other thing is, if in 2022 we are back to in-person conference, make sure to follow Sarah, myself, and see where we're going to speak because we definitely want to do book signing sessions next year. Right, Sarah? Oh, I've never done one of those. Yes, I do. That would be kind of cool and make me feel like more important than I really am. But no. Oh, I never even thought of that, Yuri. How cool. Yeah, that's
cool. You're so easily entertained, aren't you, Sarah? I am. Small things, small minds, you know. Let's bring us to a close. Again, thank you, Yuri. Thank you, Sarah. Best of luck with the book. Again, I'll take the exam as well. I'll buy the book, I promise. And to all of you out there, thank you so much for listening. Stay safe, and we'll see you next time. Thanks for listening to the Azure Security Podcast. You can find show notes and other resources at our website,
azsecuritypodcast.net. If you have any questions, please find us on Twitter at Azure SecPod. Background music is from ccmixter.com and licensed under the Creative Commons license.