I recently managed to pass the Microsoft Certified : Cybersecurity Architect (SC-100) exam.
In doing so, this, combined with either of SC-300 or AZ-500 (I have both), earned me a new certification - Microsoft Certified : Cybersecurity Architect Expert.
The path to earning this certification is as below:
This time around I prepared very differently. Some might even say my prep was… sub-optimal!
I started studying for this exam in early 2023, by working through the learning path on Microsoft Learn.
However, in around early March, I opted to apply for a new job role, for a company that is fully multi-cloud, and as well as using Azure, they are also big users of Google Cloud Platform (GCP) - so I knew I was going to have to study up on GCP if I was successful in securing that role.
Fortunately, not long after I accepted a job offer in April, I became aware (via my soon to be new boss) of the Get GCP Certified program that Google run several times per year and so I instead signed up for that (more on that in a future post). This meant I was now spending around 15-20 hours per week in my own time learning GCP and of course that left no time for Azure study.
I rescheduled my exam date for SC-100 to the Friday between finishing my old role and starting my new role and promptly forgot all about it.
Fast forward through my 12 weeks notice period (and it really DID go by FAAAAAAST!), I finished up at my previous employer and figured hey, I have 2 full days to cram for this exam on the Friday - life, as is often the way, had other ideas and I spent all of the Wednesday doing DIY in the house - so that left me only Thursday to cram before the exam on Friday morning - not ideal!
Now, at this point, I could probably be forgiven for rescheduling the exam again, but I figured what the hell, I will either know more than I think and pass, or at least I will know where I need to focus before a resit.
So, I spent basically 14 hours (pretty much solid, barring the odd break for food or a comfort break) working through the 19 modules that make up the 4 learning paths that Microsoft have for this on Microsoft Learn:
- SC-100: Design solutions that align with security best practices and priorities
- SC-100: Design security operations, identity, and compliance capabilities
- SC-100: Design security solutions for applications and data
- SC-100: Design security solutions for infrastructure
Quick note, the content of this exam will change on 25th August 2023, obviously I sat the exam before then, so I will therefore not be tested on the updated content until I have to renew this exam in 12 months time.
Obviously, pay keen attention to the Skills Measured information from Microsoft:
Couple of pointers from me:
- I found this exam easier than I was expecting, but don’t take that as an indication that it is in fact easy - I think for me I found SC-300 and AZ-500 harder because I wasn’t working with every part of the tech stack listed being measured against - whereas for this, a lot of it was things I already knew from working in Enterprise IT for 26+ years and Security for 3.5 years - often just with Microsoft specific terminology.
- Take time to read through a good portion of the following frameworks:
A couple of takeaways though that I think are relevant for all Microsoft exams (this is a repeat from post on the AZ-500 exam, but worth repeating):
- Read the exam outline thoroughly. Pay attention to the weighting given to each section, they are not all of equal value in the exam!
- Work though the Microsoft Learn paths for the exam a few times including the labs using the sandpit environments - its all FREE!
- Use video based learning resources that are available to you - I’m lucky enough to have several via my employer, but you should also check out John Savill’s Technical Training on YouTube - his content is amazing and FREE
- Use any practice tests that you can get access to - WhizLabs and MeasureUp are particularly good and MeasureUp are the official practice test provider.
- Check if your employer is part of the Enterprise Skills Initiative from Microsoft - If so, you’ll benefit from free courses, free exam preparation sessions and free practice tests!
- After each practice test, review the areas you didn’t do as well in - spend extra time studying up in those areas before further practice tests and the exam itself but remember the weightings in the exam outline - prioritise extra study in the areas that will score higher in the exam.
- Take your time - whilst you don’t want to run out of time in the exam, you don’t want to answer a question incorrectly because you misread the question.
- This sounds like a contradiction but don’t spend too long on any one question and run out of time. I have a tactic for that…
- Mark every question for review as soon as the question loads. At the end of a section, you’ll be given the chance to review and change your answers on the questions you marked for review. So those ones that were irking you, you can come back to once you’ve answered every question in that section. Again don’t spend too long, the clock is still running.
I’m really pleased to have passed this (with a score of 815 out of 1000 - 700 required to pass) - especially given the other things I was juggling in my life and the general lack of prep compared to my previous certifications.
To me this also reinforces another point I don’t think is made often enough - you are often much better, and much more knowledgeable, than you know, or give yourself credit for!
I hope these posts are useful to you but if you have questions, please either comment below, email me or reach out to me on the many social platforms.