Updated in April 2026: This post was rewritten from the original 2025 version for the new site. The original date has been preserved so it stays in the right place in the blog timeline.
PL-900 is probably the most niche certification on this site.
It was not a natural extension of my core path in cybersecurity the way Security+, CySA+, Network+, or Linux+ were. It made sense for a very specific role and a very specific set of responsibilities. At the time, I was building automation and dashboards inside the Microsoft ecosystem, and that made the certification relevant in a practical way.
Why I took PL-900
At the time, my organization had me leading Power BI and Power Automate work for the InfoSec team. The goal was to turn operational data into something leadership could actually use.
That meant building dashboards, automating reminders and workflows, and creating visualizations that made security and risk information easier to interpret. In that context, PL-900 was useful because it gave me a structured understanding of how the different parts of the Power Platform fit together.
I could have just learned the pieces I needed on the fly, but the certification gave me a clearer baseline across Power BI, Power Automate, Power Apps, and the broader Microsoft ecosystem. For that role, that context helped.
Where this actually showed up in real work
What made this certification meaningful was not the exam itself. It was the work behind it.
In one role, I built Power BI dashboards and automation that supported the InfoSec function in a more operational way. That included things like reminders, tracking, and making large sets of raw information easier for leadership to interpret. The point was never to build dashboards for the sake of building dashboards. The point was to support decision making.
An earlier example in my career was building a Power BI dashboard to visualize global monkeypox infection data using official reporting from government health agencies. Thankfully, that was only crucial for a relatively short period of time, but it was a good example of why this kind of work matters. Raw data by itself does not drive decisions very well. Clear visualizations often do.
That same principle applies in security. Leaders usually do not want a pile of unstructured data. They want to understand what is happening, what matters, and what needs action.
What the certification gave me
PL-900 did not make me a deep Power Platform engineer, and I do not want to oversell it.
What it did give me was a better high level understanding of how Microsoft’s automation and data tooling fits together. That mattered when I was building workflows, connecting data sources, shaping outputs for dashboards, and helping move information into a form that people could actually use.
It also reinforced a broader point that still matters now: technical people benefit from understanding the surrounding business tools, not just the narrow security tools. Security work does not happen in a vacuum. It touches reporting, workflow, communication, and decision support.
The exam itself
The exam was much more straightforward than most cybersecurity certification exams I have taken. It was not especially difficult, but it still required understanding the vocabulary and purpose of the different platform components. You needed to know what each product did, how they related to each other, and where they fit in real use cases.
For preparation, I used practice tests, Microsoft material, and John Savill’s content. I also had the advantage of already using Power BI and Power Automate in a real work setting, which helped anchor the concepts.
That hands on context mattered more than the exam itself.
Why it still matters to me now
I have not spent much time building Power BI dashboards since then, and this is not a certification I would present as central to my identity.
But I still think the experience was useful.
Knowing how people built dashboards, automation, and workflow driven processes before the current AI boom gives useful context for evaluating where AI fits now. A lot of what is being presented as new still builds on older ideas around data shaping, reporting, automation, and decision support. Understanding the earlier tooling helps make sense of the newer wave of AI driven products and claims.
That does not remove the concern people have about automation replacing human work. If anything, it makes the shift feel more real. But it also reinforces the value of understanding the systems underneath the hype. If you know how the old workflow operated, you are in a better position to judge what the new workflow is actually improving and what it is just relabeling.
Final thoughts
PL-900 was niche, but it was not random.
It made sense for the role I was in, the work I was doing, and the kinds of dashboards and automation I was expected to build inside the Microsoft ecosystem. It is not the most important certification I have earned, and it is not one I use often today, but it was useful at the time and it helped ground some real work in a more structured understanding.
That is enough for me to consider it worthwhile.