Early last year, I spent my Chinese New Year long holiday with something productive: pursuing the learning path for Google Professional Cloud Security Engineer (PCSE). While I did that, I compiled my learning process along with some useful resources related to the exam, stored deep in a multi-layered folder somewhere in my Google Drive. One and a half years later --last Sunday--, I stumbled upon this note and thought: this might help whoever to conquer the PCSE exam. Although the modules might be different today, the big concept should stay relevant.

PCSE certification validates your expertise in designing, implementing, and managing secure workloads on Google Cloud Platform (GCP). This certification demonstrates your ability to safeguard sensitive data and ensure regulatory compliance within the GCP ecosystem.

My learning notes consist of exam outlines, video resources, and practice questions, which I compiled into a list of related topics you can learn to prepare for the exam. I also put useful resources that I used when I pursued the learning path.

Module 1: Configure Access Within a Cloud Solution Environment

This module emphasises configuring secure identities and access for layered security, using GCP’s recommended approaches and best practices. Some relevant topics in this module are:

• Organization Policies

• Cloud Identity

• Service Accounts

• IAM

• Cloud Directory Sync

• SAML

• Least Privilege

Module 2: Configuring Network Security

Securing network resources using GCP tools, with a main focus on designing a secure network while implementing protection & monitoring. Encompass topics:

• HTTPS Load Balancing

• Cloud Armor

• Cloud VPN

• Cloud DNS

• Identity-Aware Proxy

• VPC & network segmentation

• Google Private Access

• Cloud NAT

• VPC Peering, Shared VPC

• Cloud Direct Interconnect

Module 3: Ensuring Data Protection

Focus on securing data and start from classifying sensitive data to protecting it.

• GCP Data Loss Prevention (DLP)

• Classify sensitive data

• Enforce access controls

• Prevent data exfiltration

• Least Privilege

• Cloud Storage

• BigQuery

• Cloud Key Management Service

• VPC Service Control

• Data lifecycle

• Secret Manager

• HSM

Module 4: Managing Operations in a Cloud Environment

This module focuses on automating security operations.

• Terraform

• Packer

• Logging

• Audit Logs

• Monitoring & Alerting

• CI/CD Pipeline

• Binary Authorization

Module 5: Ensuring Compliance

Gain a thorough understanding of relevant security standards like ISO, PCI DSS, HIPAA, NIST, FedRAMP, SOC 1, and SOC 2, and how to implement them into GCP.

Useful Resources

• Official Resources:

• Google Cloud Certification page for PCSE 

• Google Cloud Security Foundation guide 

• Learning Material:

• Security Engineer Learning Path from Qwiklabs <- I spent most of my preparation time following this learning path as it provides a good learning flow for many GCP tools and its recommendation

• Official PCSE sample exam

• Supplement your studies with practice questions which are available online so you’ll be familiar with the questions’ style

• Take advantage of GCP's free tier to experiment with the platform and solidify your understanding of security concepts.

Tips

• When I took the exam, it had 50 questions. From what I read online, you’ll require around 70-75% of the answer right which is around 35. Thus:

• Focus on questions that you can answer first

• Flag questions that you still unsure with

• Revisit the flagged questions after you meet the 50th questions

• Prepare a comfortable, tidy & soundproof place for the exam if you pick online exam - I almost lost my gut & focus because my personal working desk (which has various toys and decorations placed) was deemed not suitable by the proctor. I ran into an unused storeroom in my house and spent there almost 1 hour without proper air circulation.

• Don’t forget to eat and have some water before, the exam is scheduled for 2 hours (you can finish earlier if you have done so).

• Check exam app compatibility on your PC/laptop - You’ll be required to install and use the defined exam app. 

• You’ll also require camera and microphone to be active. In my case, the proctor asked me to show my surroundings, so I needed to rotate my laptop since the camera is embedded in it.

• Ensure you have a stable internet connection since the exam will be proctored & conducted online

• Find the most suitable exam date and book it before it runs out. The latest you can book a time is 15 minutes before the exam, but a slot is not guaranteed.

• Folks in Indonesia: after you passed the exam, you'll get email to choose your merchandise perks to be sent to your address. While this is a gift, our Customs (Bea Cukai) will put significant fee to release the package. You can send an email to the merchandise sender (available on the merchandise selection website) to get the customs fee refund.

By effectively utilising my notes, the provided resources, and a commitment to comprehensive preparation, you'll be well-equipped to conquer the PCSE exam. Best of luck, The Final Boss Awaits!