GitHub Certified: Advanced Security Resources

After passing the GitHub Administration exam, I started studying for the GitHub Advanced Security exam. I chose the Advanced Security exam based on topics I was discussing with my customers at the time. I wanted to prove that the effort I put in learning about this subject had given me the knowledge to pass the exam. Full disclosure - I was able to take this exam at no cost through my employer.

Disclaimer: GitHub reviews certifications regularly to help ensure that they remain relevant, technically accurate and that they assess the skills needed to thrive in a cloud-based world. Exams evolve over time and may change without notice. This post represents my best knowledge of the GitHub Advanced Security exam as of Q2 2023, but you should always consult the GitHub Certifications Page for the contents of the exam.

What is the GitHub Advanced Security Certification?

As an experienced professional in the field of software development and security, you will want to secure your code with advanced security features at every stage of your development lifecycle. The Advanced Security exam will highlight your code security knowledge and validate your expertise in vulnerability identification, workflow security, and robust security implementation—elevating software integrity standards

GitHub Advanced Security (GHAS) is an add-on to GitHub Enterprise that allows you to use security features, such as secret scanning, code scanning, and dependency management on your private repositories.

The exams covers the following objective domains:

• Describe the GHAS security features and functionality (10%)
• Configure and use secret scanning (10%)
• Configure and use dependency management (15%)
• Configure and use code scanning (15%)
• Use code scanning with CodeQL (20%)
• Describe GitHub Advanced Security best practices (20%)
• Configure GitHub Advanced Security tools in GitHub Enterprise (10%)

How Did I Prepare?

As mentioned in previous posts I am not a developer by trade. Development of Git was not even started until I was five years into my professional career. I honestly don’t even remember if I learned anything about a specific version control system while attending college for my B.S. in Computer Science. To say my knowledge and experience using GitHub was limited would be a massive understatement. I knew enough to get by and not look like a fool in front of customers.

I continued working in GitHub for another month, focusing specifically on the Advanced Security features.

What Resources Did I Use to Prepare?

I used the following resources to get ready:

• Microsoft Learn – GitHub Advanced Security Collection
• GitHub Docs
• GitHub Skills

I worked through as much of the content above as I could in my second month of study to learn as much as I could.

Since taking the exam, GitHub has released (and will be releasing) additional study material that I would highly recommend you have a look at as part of your study for the exam:

• GitHub Advanced Security Study Guide
• LinkedIn Learning - Prepare for the GitHub Advanced Security Certification - Coming Soon

My Challenge Area

While I cannot talk about exam specifics for obvious reasons, I do want to point out the area that I struggled with the most:

Describe GitHub Advanced Security best practices related questions were the most challenging for me on this exam. I honestly don’t know why I scored the lowest on this domain, but I have to go with how they scored the exam. At least I know where I need to focus when I need to renew.

The Test

This was my second exam taken through PSI. I took the exam remotely again rather than drive to an onsite testing facility. I gave myself a month to prepare and study when I scheduled the exam. I continue to find that giving myself a deadline forces me to study and prepare for exams.

Same exam procedure that I’ve used for taking Microsoft exams through Pearson VUE. I took the exam in our guest bedroom which worked out well as I did not have to take down pictures, remove paperwork, disable technology, etc. I set up my laptop on a folding table, provided pictures of the room, my driver’s license, and face, then sat in front of my computer while the proctor verified that everything was good to go. I never had to talk with them at all, the exam launched, and I spent the next 120 minutes working through questions. I finished with 10 minutes remaining.

Immediately after the test, I received my detailed score breakdown in various areas and was told that I passed. An e-mail showed up no more than an hour later with details on getting my certificate, claiming it on Credly, sharing it on LinkedIn, etc.

I felt more comfortable this time around. I didn’t have any issues and I still don’t have a preference of Pearson VUE or PSI.

What’s Ahead?

The GitHub Advanced Security exam covers a lot of material and you will really need to know the material if you want to pass the exam.

Here are a handful of other exams to consider if you’ve passed the GitHub Administration exam:

• GitHub Actions
• GitHub Foundations

As for me, I moved on to the GitHub Actions exam to expand my GitHub platform skills.