Google Cloud Professional Security Engineer Exam Study Guide

Below are some of my initial thoughts and personal opinions on what is needed to be learned to be able to successfully pass the Google Cloud Professional Security Engineer exam.

• Read the exam guide and understand everything in it!! and BTW, YOU MUST read this!
• Also I'd recommend studying at the same time for the Professional Cloud Network Engineer (if you can!) as well since you'll need to know how Google Cloud Networking works to pass this certification.
• As with all platforms knowing what the acronyms means really helps you understand more clearly so The Google Cloud Developer's Cheat Sheet in 4 words or less! is a MUST read!
• Know and understand how DEK's and KEK’s and how they work with KMS.

• Understand OAUTH and SAML and how it works with G Suite/Cloud Identity with GCP along with IAP.
• Understand how Firewall priorities work within GCP.
• Know when to use Shared VPC, VPC Peering, Private Google Access.
• Understand Tokenization and what problems the DLP API’s can solve.
• Know why would would choose CMEK instead of CSEK.
• Understand how PCI DSS, HIPAA and GDPR relate to Shared Responsibility.
• Understand DNSSEC and how it can impact your security within GCP.
• Understand cloud load balancing and how it works and the various use cases for using the different options. Global, Regional, Internal, TCP, SSL Proxy etc.
• Understand when and why you’d need or want to use Forseti, Cloud Security Command Center and Cloud Armor and using existing SIEM products with GCP like Splunk.

Some of the materials I used to prepare for the exam

• Linux Academy - Google Cloud Security Essentials - Great baseline to get started.
• Linux Academy - Google Cloud Certified Professional Cloud Security Engineer - Early Access *Just came out so I didn't have a chance to take the course but I wanted to include it due to the other great courses on Linux Academy.
• Coursera – Security in Google Cloud Platform Specialization. - Wonderful course with some great Qwiklabs to give you hands-on experience.

Google Cloud Next Videos

If you're a fan of watching videos check these out! As they cover several scenarios and topics relevant to GCP Security AND Networking.

• Managing encryption of data in the cloud (Google Cloud Next '17)
• A Security Practitioners Guide to Best Practice GCP Security (Cloud Next '18)
• How Google Protects Your Data at Rest and in Transit (Cloud Next '18)
• Cloud Load Balancing Deep Dive and Best Practices (Cloud Next '18)
• Best Practices for Identity and Authorization With GCP (Cloud Next '19)
• New Crypto Key Storage Options in the Google Cloud Platform (Cloud Next '18)
• Cloud Load Balancing Deep Dive and Best Practices (Cloud Next '19)

Whitepapers

These whitepapers really dive into the GCP Security specifics so jump-in!

• Google Security Whitepaper
• Encryption in Transit in Google Cloud
• Encryption at Rest in Google Cloud Platform
• How Google Uses Encryption to Protect Your Data
• Cloud KMS FAQ
• Application Layer Transport Security
• Customer-managed encryption keys (CMEK)
• Customer-Supplied Encryption Keys (CSEK)

I've always been a fan of actually doing the work! And Qwiklabs gives you the ability to get it done... Be warned once you start you may not stop!

• Networking in the Google Cloud
• Security & Identity Fundamentals

Special Mentions

To all the people below who have created some valuable GCP content that we all can learn from below.

• Google Professional Cloud Security Engineer Certification - John Hanley

• Awesome GCP Certifications - David das Neves

• Google Cloud Professional - Cloud Security Exam prep sheet - Ammett Williams