Next cohort starts 1st of next month · only 3 seats left
contact@DevOpsSchool.com · +91 99057 40781 ·
HomeCertificationsSCS-C02
SCS-C02 · DevOpsSchool Certification

AWS Certified Security – Specialty (SCS-C02)

Secure AWS workloads end to end — IAM, KMS, GuardDuty, WAF, and compliance frameworks for cloud-native security. Every session is a live demo in a real lab environment — not slides, not theory. You watch the instructor build it, then you build it yourself.

 4.8 / 5 · 2,300+ ratings 18,000+ certified learners 387 enrolled in last 90 days
Duration
5 weeks
Total content
100+ hours
Per tool
5 hrs · 2 assignments · 1 capstone
Final exam
3 hrs · online · open-book
Enrol now — ₹34,999 Watch 2-min preview Download syllabus
NEXT COHORT · 1st of next month
₹34,999 ₹49,999 SAVE 30%
Live & interactive cohort · GST extra as applicable · EMI available
--
Days
--
Hrs
--
Min
--
Sec
Only 3 of 10 seats left
What's included
  • 5-week program · 100+ hours of content
  • Live & interactive instructor sessions
  • 2 assignments & 1 capstone per tool
  • 3-hour online open-book final exam
  • Recordings, slides & lab repos
  • Industry-recognised digital certificate
  • Lifetime forum support — ask anything, forever
  • FREE 1-year LMS access — entire DevOpsSchool LMS: 20+ courses, 50+ tools, videos, quizzes, assignments & projects.
Cohort-cancellation refund. If we cancel or postpone the cohort (instructor unavailability, low enrolment, force majeure), you receive a 100% refund within 15 days. See refund policy.
Reserve my seat — ₹34,999
Engineers we've trained work at
JPMorgan Chase Bank of America Wells Fargo Verizon Nokia World Bank GE Healthcare VMware Oracle Qualcomm Mercedes-Benz Airbus Datadog Splunk Deloitte Infosys Wipro Capgemini
# career outcomes

Walk in an engineer. Walk out a SCS-C02 who ships.

By the end of SCS-C02, you'll have shipped 14 production-grade artefacts and proven you can:

Design CI/CD for multi-service applications, with branching, gates, and progressive rollout.

Provision infrastructure as code across AWS, Azure, or GCP using Terraform — including drift control.

Automate configuration at scale with Ansible — idempotent playbooks, secret-free roles.

Run containers on Kubernetes — workloads, networking, autoscaling, observability.

Shift security left — SAST/DAST, SBOM, signed images, policy as code with OPA.

Operate SLOs — define error budgets, run incident response, write postmortems.

Median salary after certification
$118K – $165K
Roles our SCS-C02 alumni land: DevOps Engineer · Platform Engineer · SRE · Build & Release Manager · Cloud Automation Lead. Based on alumni reporting, 2024–25.
Start now — ₹34,999
# why this program

It's training built by people who run production for a living.

Taught by senior practitioners

Every instructor has 15+ years operating production systems — our lead instructor, Rajesh Kumar, has 20.

Build your own lab — not a sandbox

We teach you to provision a production-grade environment on your own AWS/Azure/GCP. It's the same skill you'll use day one on the job — and it goes with you when you leave.

100% demo-driven

Every session is a live demonstration in a working lab — never slides, never theory. You watch the instructor build it in real time, then you build it yourself.

Job-ready portfolio

You leave with 14 GitHub-ready projects you can show in interviews tomorrow.

# next cohort

Live cohorts — pick the track that fits your week.

Every cohort is capped at 10 learners by design. That's how the instructor still answers your real production questions in week 4 — not just the rehearsed ones from week 1.

Weekend cohort Most popular

Starts 1st of next month · Sat · Sun · 10:00 AM – 1:00 PM IST
  • 5 weekends · ~8 hrs/weekend live + self-paced
  • Designed for working professionals on IST/EST/GMT
  • Mentor office hours · Sunday 11 AM IST
  • Only 3 of 10 seats left
Reserve seat — ₹34,999

Weekday cohort

Starts 1st of next month · Mon · Wed · Fri · 8:00 – 10:00 PM IST
  • 5 weeks · ~12 hrs/week (live + self-paced)
  • Recorded same-day · always-available replay
  • Mentor office hours · Thursday 7 PM IST
  • Capped at 10 learners — small-batch by design
Reserve seat — ₹34,999

Need a custom corporate cohort for your team? Talk to us →

# curriculum · SCS-C02

Tool-by-tool. Live demos, not slides.

Each tool is taught as a working live demonstration inside a real lab environment — you see it built end-to-end before you build it yourself. The structure is identical for every tool, so you always know what's coming and what you'll have shipped by the end of the week.

5 hours
content per tool
(live + self-paced video)
2 assignments
per tool
graded with feedback
1 capstone
per tool
GitHub-public portfolio
3-hr exam
online · open-book
at the end of the program
01 Threat Detection & Incident Response8 hrs · 2 assignments · 1 capstone
Amazon GuardDuty (findings types, suppression rules, malware protection), Amazon Detective (investigation graphs), Security Hub (standards, custom insights), automated IR playbooks with EventBridge + Lambda + SSM.
Capstone: build an automated incident response playbook that isolates a compromised EC2 instance on GuardDuty finding.
02 Security Logging & Monitoring8 hrs · 2 assignments · 1 capstone
CloudTrail (management events, data events, CloudTrail Lake queries), CloudWatch Logs (log insights, anomaly detection, contributor insights), VPC Flow Logs (analysis with Athena), Macie (S3 sensitive data), Config recording.
Capstone: build a SIEM-like security analytics stack — CloudTrail Lake + Athena + CloudWatch Insights for threat hunting.
03 Infrastructure Security8 hrs · 2 assignments · 1 capstone
Security Groups vs NACLs (stateful vs stateless), AWS WAF (managed rules, custom rules, rate limiting), AWS Shield (Standard vs Advanced, DDoS response team), AWS Network Firewall, PrivateLink, VPC endpoints.
Capstone: implement layered defence — Network Firewall + WAF + Shield Advanced for a public-facing web application.
04 Identity & Access Management8 hrs · 2 assignments · 1 capstone
IAM policy evaluation logic (explicit deny, SCPs, permission boundaries, session policies), ABAC (attribute-based access control), IAM roles for cross-account access, AWS STS (AssumeRole, token broker), federation (SAML 2.0, OIDC).
Capstone: implement a cross-account ABAC model using IAM Identity Center with tag-based attribute policies.
05 Data Protection — KMS & Encryption8 hrs · 2 assignments · 1 capstone
AWS KMS (CMK key policies, grants, key rotation, multi-region keys), envelope encryption pattern, CloudHSM (single-tenant HSM, custom key store), ACM (certificate provisioning, private CA), S3 encryption options.
Capstone: implement envelope encryption for a multi-tier application — KMS CMK + SSE-KMS for S3/RDS + ACM private CA.
06 Secrets & Certificate Management7 hrs · 2 assignments · 1 capstone
AWS Secrets Manager (automatic rotation, Lambda rotation functions, cross-account sharing), Systems Manager Parameter Store (SecureString, hierarchy), ACM certificate rotation, Certificate Manager Private CA.
Capstone: implement automatic credential rotation for an RDS database using Secrets Manager with Lambda rotation function.
07 Incident Response on AWS7 hrs · 2 assignments · 1 capstone
AWS IR playbook framework, automated remediation patterns (SSM Automation, Lambda), forensic investigation (EC2 memory snapshot, disk analysis, network capture), account isolation, evidence preservation.
Capstone: execute a full IR simulation — detect → contain → investigate → remediate → recover for a compromised workload.
08 Compliance & Governance7 hrs · 2 assignments · 1 capstone
AWS Audit Manager (SOC2, PCI-DSS, NIST, HIPAA frameworks), AWS Artifact (compliance reports, agreements), AWS Config conformance packs (CIS, NIST, FSBP), Macie for GDPR data residency, tagging governance.
Capstone: implement a PCI-DSS compliance check using Audit Manager + Config conformance pack with automated evidence collection.
09 Encryption Deep-Dive7 hrs · 2 assignments · 1 capstone
Client-side vs server-side encryption comparison, KMS CMK vs AWS-managed vs customer-provided key types, EBS encryption (default encryption, snapshot sharing), RDS encryption at rest, DynamoDB encryption, TLS everywhere.
Capstone: audit an AWS environment for unencrypted resources using AWS Config + Security Hub + custom Lambda remediation.
10 Container & Serverless Security7 hrs · 2 assignments · 1 capstone
ECR image scanning (enhanced Inspector v2), ECS/EKS task IAM roles, EKS security groups for pods, Lambda permissions (resource policies, execution roles, VPC Lambda), Secrets Manager in containers.
Capstone: harden an ECS workload — ECR scanning in pipeline, task role IRSA, Secrets Manager injection, no plaintext credentials.
11 Supply Chain Security & DevSecOps on AWS7 hrs · 2 assignments · 1 capstone
CodeArtifact (private package repository, upstream proxying), CodeGuru Security (SAST), Inspector v2 (Lambda and ECR scanning in CI/CD), GitHub Actions OIDC to AWS (keyless auth), Sigstore image signing on ECR.
Capstone: build a secure software supply chain — CodeArtifact + Inspector in pipeline + Cosign image signing + OIDC GitHub auth.
12 Penetration Testing & Threat Modelling on AWS6 hrs · 2 assignments · 1 capstone
AWS Penetration Testing Policy (permitted services), test authorisation process, STRIDE threat modelling for AWS architectures, findings management with Security Hub, red team exercise documentation.
Capstone: conduct an authorised vulnerability assessment of a sample AWS environment and document findings in Security Hub.
13 Advanced IAM Patterns VIDEO5 hrs · self-paced
Cross-account role chaining, resource-based policies vs identity-based policies, NotPrincipal and NotAction patterns, permission boundary chaining, complex policy evaluation simulation.
Self-paced video module.
14 SCS-C02 Exam Preparation VIDEO5 hrs · self-paced
Security specialty exam question patterns, common distractors, security service selection decision trees, full mock exam walkthrough and debrief.
Self-paced video module.
Final certification exam3 hrs · 65 questions · scenario-based
Official AWS SCS-C02 exam: 65 scenario-based questions over 3 hours. Security specialty covering threat detection, IAM, infrastructure security, data protection, and compliance. Passing score ~750/1000.
Want the full module breakdown?

Get the PDF syllabus with every tool, sub-topic, assignment brief, capstone spec and reading list.

Download syllabus
# your capstone portfolio

One capstone per module. 14 GitHub-public artefacts demonstrating AWS security expertise.

Every module ends in a graded capstone project. By the end you'll have a portfolio of real-world AWS security implementations — IR playbooks, compliance automation, and hardened architectures. Sample capstones below.

CAPSTONE · INCIDENT RESPONSE
Automated IR — EC2 isolation playbook

GuardDuty finding → EventBridge rule → Lambda isolates instance (SG quarantine) + SSM memory snapshot.

GuardDutyLambdaSSM
CAPSTONE · THREAT HUNTING
SIEM-like security analytics stack

CloudTrail Lake + Athena queries + CloudWatch Insights dashboards for threat hunting scenarios.

CloudTrail LakeAthenaCloudWatch
CAPSTONE · NETWORK SECURITY
Layered defence for web app

Network Firewall + WAF managed rules + Shield Advanced + CloudFront for a public-facing application.

Network FirewallWAFShield
CAPSTONE · KMS
Envelope encryption for multi-tier app

KMS CMK + envelope encryption + SSE-KMS for S3/RDS + ACM Private CA for internal TLS.

KMSACMCloudHSM
CAPSTONE · COMPLIANCE
PCI-DSS compliance automation

Audit Manager PCI-DSS framework + Config conformance pack + automated evidence collection.

Audit ManagerConfigSecurity Hub
CAPSTONE · SUPPLY CHAIN
Secure software supply chain on AWS

CodeArtifact + Inspector in CI/CD + Cosign image signing on ECR + GitHub OIDC keyless auth.

CodeArtifactECR InspectorCosign
# tools you'll master

28+ AWS security services mastered through hands-on attack/defend labs and compliance automation.

Amazon GuardDuty
Amazon Detective
AWS Security Hub
Amazon Inspector v2
Amazon Macie
AWS CloudTrail Lake
AWS WAF & Shield
AWS Network Firewall
AWS KMS / CloudHSM
ACM / Private CA
Secrets Manager
IAM / STS / ABAC
SCPs / Organizations
AWS Config / Audit Manager
AWS Artifact
CloudWatch / VPC Flow Logs
SSM Automation
EventBridge + Lambda IR
ECR Enhanced Scanning
CodeArtifact / CodeGuru
# the final exam

3 hours. Online. Open-book. Built to test what you can ship.

The SCS-C02 examination is intentionally not a memorisation contest. Open-book, scenario-driven, and proctored online — it tests whether you can solve real production problems with the toolchain you spent five weeks practising.

3 hours
total duration
Online
from anywhere
Open-book
notes, docs, the LMS
Scenario-based
real engineering tasks
What it covers
  • Multi-part production scenarios that span the toolchain end-to-end
  • Pipeline design, IaC, configuration, containers, K8s, observability, security
  • Debugging exercises — given symptoms and logs, find the root cause
  • Written reasoning on trade-offs (e.g. blue/green vs canary, push vs pull GitOps)
Why open-book

In a real on-call shift you look things up. The exam mirrors that. We test the skill that actually matters — composing what you know into a working solution under time pressure. Memorising flag syntax wouldn't make you a better engineer.

Pass → certified.

Clear the exam and you'll be issued the SCS-C02 digital certificate within 5 working days, with a verifiable credential ID on our public registry.

  • Two free re-attempt windows if you don't clear first time
  • Detailed feedback report on every section
  • Mock papers + walkthrough during the program
  • Hard copy of the certificate on request
See the credential
# meet your instructor

You're not learning from a content team. You're learning from the person who built it.

RK

Rajesh Kumar

Principal DevOps Engineer and Architect
20 years · DevOps · SRE · Security Early-bird practitioner · MLOps · AIOps Ex-PayPay · SoftwareAG · ServiceNow · Adobe · Intuit · IBM · Accenture 10,000+ engineers trained M.Tech · BITS Pilani 25+ certifications

Rajesh is a working practitioner with 20 years across DevOps, SRE and Security, and an early-bird operator in MLOps and AIOps — he was already running model-deployment and telemetry-driven incident pipelines years before either term became industry vocabulary. He has held principal engineering and architect roles at PayPay, SoftwareAG, ServiceNow (Netherlands), JDA Software, Intuit, Adobe, IBM/Emptoris, Ness, MindTree and Accenture. He has personally trained engineers at JPMorgan Chase, Wells Fargo, Bank of America, Verizon, Nokia, World Bank, GE Healthcare, VMware, Citrix, Oracle, Qualcomm, Ericsson, Splunk, New Relic, Datadog, Airbus, AstraZeneca, Bosch, Mercedes-Benz, Vodafone, Deloitte, EY, Capgemini, Infosys, Cognizant, HCL, Wipro and dozens more. He teaches what he runs — not what he reads.

Connect on LinkedIn rajeshkumar.xyz
# your credential

A certificate engineers actually recognise — and recruiters look for.

Every SCS-C02 certificate is issued with a unique credential ID, a tamper-proof QR code, and a verification URL on devopsschool.com/certificates. Add it to LinkedIn in one click.

  •   Lifetime verifiable on our public registry
  •   PDF + digital badge (Credly-compatible)
  •   Recognised by hiring partners across 50+ countries
  •   Hard copy shipped on request — order here
Get certified — ₹34,999
Certificate of completion
Jane Engineer
has successfully completed
AWS Certified Security – Specialty (SCS-C02)
Credential ID · DS-SCS-C02-XXXX-XXXX
# what learners say

4.8 / 5 from 2,300+ engineers. Here's what a few of them said.

# pricing

Pick the level of support that fits your goal.

Every plan includes the full curriculum, recorded sessions, and access to our learner community.

Every plan includes 1 year of full DevOpsSchool LMS access.
Not just this one course — the entire LMS: 20+ courses, 50+ tools, videos, quizzes, assignments, and end-to-end projects. Worth ₹40,000+ on its own.
See what's in the LMS
Self-paced video ₹833 / month · billed yearly (₹9,996) All recorded sessions, labs & the full LMS — learn at your own pace.
  • Full 100+ hour recorded curriculum
  • 14 hands-on capstones on your own cloud lab (free-tier setup walkthrough included)
  • 1-year access — recordings, labs & updates
  • 3-hr online open-book exam
  • Industry-recognised certificate on completion
  • Lifetime forum support
  • Full LMS access — 20+ courses & 50+ tools
  • Live instructor classes
  • 1-on-1 mentor sessions
Get self-paced — ₹833/mo
MOST POPULAR Live & Interactive ₹34,999 ₹49,999 5-week live cohort + complete LMS bundle. The default for engineers who want to ship.
  • Everything in Self-paced
  • 5-week cohort · 60+ hrs live instructor classes
  • Weekly mentor office hours
  • 6 × 30-min 1-on-1 mentor sessions
  • Cohort Slack + alumni community
  • Capstone code review by instructor
  • Exam preparation & mock papers
  • Lifetime forum support
  • Full LMS access — 20+ courses & 50+ tools
Reserve seat — ₹34,999
1-on-1 Mentorship ₹99,999 full program Dedicated senior practitioner. Pace, schedule and labs tailored to you.
  • Everything in Live & Interactive
  • Private 1-on-1 instructor (your schedule)
  • Custom curriculum & labs for your stack
  • Resume & LinkedIn review
  • Mock interview & salary negotiation prep
  • Capstone & portfolio code review
  • Priority response from instructor
  • Lifetime forum support
  • Full LMS access — 20+ courses & 50+ tools
Enrol 1-on-1 — ₹99,999
Cohort-cancellation refund
If we cancel or postpone a cohort and you decline the rescheduled session, you get 100% refund within 15 days. Refund policy →
Terms & course material
All training material is the IP of DevOpsSchool and for the enrolled learner's personal use only. Terms →
Your data stays with us
We never share your data with third parties. Unsubscribe from communications anytime. Privacy →

Need an invoice for your employer? Request a corporate quote →  ·  Taxes (GST) where applicable are billed in addition to the listed price.

# why us

Why engineers pick DevOpsSchool over the alternatives.

Not slides. Not a 500-seat MOOC. Not a temporary sandbox login. Three things make the difference — then compare us line-by-line.

100% live demo. 0% slides.

Every session is the instructor screen-sharing a real working lab and building the thing in front of you — then you build it yourself. No PowerPoint, no "imagine if…".

You build your own lab.

We guide you through provisioning a free-tier AWS / Azure / GCP environment on day one — the same skill you'll use at work. A temporary sandbox login disappears the day the cohort ends. Your own lab doesn't.

10 learners. By design.

Cohorts are capped at 10 by design. The instructor still knows your name in week 4 — and still has time to debug the weird production thing you brought from work.

What matters YouTube + blogs Generic online course Boot camp DevOpsSchool SCS-C02
Teaching method You piece it together yourself Pre-recorded talking-head + slides Mix of slides & some labs Live demos in a real lab — every session
Cohort size 1 (you, alone) Hundreds to thousands 30–60 per batch 10 by design — instructor knows your name
Lab environment None Throwaway sandbox Shared sandbox login Your own AWS/Azure/GCP, guided setup
Per-tool structure Ad-hoc Inconsistent across modules Theme-based, varies wildly 5 hrs · 2 assignments · 1 capstone for every tool
Final assessment None Multiple-choice quiz Mini-project 3-hour open-book scenario exam
Portfolio at the end What you built solo 1–2 generic toy projects 1 capstone 1 capstone per tool — GitHub-public
Instructor pedigree Mixed (creator-economy) Mixed (often academic) Recent-grad TAs common Rajesh Kumar — 20 yrs, ex-PayPay/ServiceNow/Adobe
Cohort start cadence N/A — pure self-pace Self-paced only Quarterly windows New cohort every 1st of the month
Post-program support None Drip-fed retention emails 30–90 day Slack Lifetime forum + alumni community
LMS bundled No This one course only This program only 1 year full LMS — 20+ courses, 50+ tools
Refund posture N/A Vendor-specific, often none after start Usually none after week 1 100% within 15 days if we cancel
Total cost (full program) Free, slow ₹15K – ₹50K per single course ₹80K – ₹3L+ ₹34,999 · LMS + lifetime forum included

Still on the fence? Talk to an advisor →   — they'll tell you straight if SCS-C02 fits your goal.

# frequently asked

Everything you'd ask on a 1-on-1 call.

Don't see your question? Ask us directly →

Do I need prior DevOps or coding experience?
A working knowledge of Linux command line and basic Git is enough. We'll bring you up to speed on everything else from Module 1. About 30% of every cohort enters from a sysadmin / dev / QA background.
What if I miss a live class?
Every session is recorded and shared with the cohort within 24 hours. You retain access to the recordings and lab repositories for the duration of the cohort and a defined access window after it. Specific access duration is confirmed at enrolment.
How does the certificate work? Is it accredited?
We issue a DevOpsSchool-credentialed digital certificate plus a verifiable badge. Each certificate has a unique credential ID and a public verification URL. While it isn't a vendor exam like AWS or CNCF, every cohort includes coaching toward those external exams as a track-add.
Can I pay in instalments / EMI?
Yes — 3, 6, and 12-month plans are available via our payment partners with 0% interest on the 3-month option. We also support employer invoicing.
What's the refund policy?
Once a training cohort is confirmed, the seat is generally non-refundable. The exception is when we cancel or postpone — instructor unavailability, low enrolment, or force majeure — in which case you receive a 100% refund within 15 working days, or you can join the rescheduled cohort. GST and payment-gateway fees are not refunded. Full details on the refund policy page.
Do you give us a cloud sandbox, or do we set one up?
We do it the way you'll do it on the job — you provision your own AWS / Azure / GCP lab, and we walk you through the free-tier setup step-by-step before module 1 starts. Most labs run at zero out-of-pocket. The point is that the skill of owning your infrastructure goes with you forever; a sandbox login disappears the day the cohort ends.
Do you offer corporate or team enrolments?
Yes — private cohorts for teams of 8+ are our most-requested format. We can run them on your schedule, in your VPC, against your internal toolchain. Request a quote.
What time-zones do the live cohorts run in?
Default schedule is IST-friendly, but the weekend cohort works for EST/CET/GMT engineers as well. Recordings cover the rest. We also run a North America-specific cohort every quarter — ask us for the calendar.
Still on the fence?

Talk to an advisor — they'll tell you straight whether this fits your goal.

Talk to advisor
# ready when you are

Reserve your SCS-C02 seat — or talk to an advisor first.

Next cohort starts 1st of next month. Only 3 of 10 seats remaining. Drop your details and we'll send the full syllabus + book a free 20-min consult to map this cert to your goal.

  • No spam, no auto-dial bots
  • Syllabus PDF in your inbox in 60 seconds
  • One human reply within 4 working hours
By submitting you agree to be contacted by email, phone, or WhatsApp by DevOpsSchool about this program. We don't share your data with third parties and you can unsubscribe anytime. See privacy · terms · refund.
Talk to advisor Enrol — ₹34,999