Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is the Certified Cloud Security Professional certification worth pursuing?

The Cloud Security Alliance and (ISC)2 recently introduced the Certified Cloud Security Professional certification, but is it a must-have? Expert Dan Sullivan explains.

The Cloud Security Alliance (CSA) and International Information Systems Security Certification Consortium (ISC)2...

recently introduced a new cloud security certification. How does the Certified Cloud Security Professional (CCSP) certification stack up against other certs? Is it something cloud security pros should be looking to add to their portfolios sooner rather than later?

The Certified Cloud Security Professional or CCSP is a fairly new certification that was announced last spring at the RSA conference. It is designed to complement and build on two existing certifications: (ISC)2's Certified Information Systems Security Professional and CSA's Certificate of Cloud Security Knowledge.

The certification is designed for experienced IT professionals with at least five years of experience in the industry, including three years in information security and one year in cloud computing. Requiring this type of experience is important to ensure those who hold certification have exposure to functioning IT environments. Knowledge learned from organized training material is essential to learn best practices, but there is no substitute for having to address real world problems over the course of several years to truly develop an understanding for the complexity and vulnerability of IT systems.

Test takers will need to demonstrate knowledge of six established cloud security areas:

  1. Cloud data security
  2. Architecture and design
  3. Operations
  4. Infrastructure security
  5. Application security
  6. Compliance

Certifications can certainly help demonstrate proficiency in a specific domain of knowledge. Those with limited experience may find certifications help support their claims about knowledge of the domain. Those with extended tenures in information security but little cloud experience may also find certifications help demonstrate the breadth of their knowledge.

Security certifications, like other certifications, can help motivate us to study more broadly than we might otherwise do. For example, some interested in network security might also delve deeply into operating system security, but spend less time learning the intricacies of legal and compliance issues. In this way, certifications can be good motivators to expand our horizons.

The best way to advance your career is to develop domain expertise through a combination of experience, training and various forms of study. A certification such as the Certified Cloud Security Professional can be a good motivator for that. At the same time, it offers IT managers and executives a baseline for comparing candidates. Certifications are not ideal ways of assessing experience and knowledge, but they are one factor worth considering when hiring.

Ask the Expert:
Perplexed about cloud security? Send Dan Sullivan your questions today. (All questions are anonymous.)

Next Steps

Take a look at the various vendor-neutral and vendor-specific cloud certifications

This was last published in August 2015

Dig Deeper on Cloud Computing Frameworks and Standards

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

The gold rush is clearly on for certifications, and high-level buzz terms like 'cloud' can look like valuable nuggets. I'm sure the information in the cert is valuable, I just suspect that by going generic, it will be too high level to offer much actionable information, focusing instead of models and generic practices. A feather in your cap, perhaps, but i'm not quite sure who the audience is, or what they can do differently after taking the test.
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close