The Cloud Security Alliance (CSA) and International Information Systems Security Certification Consortium (ISC)2...
recently introduced a new cloud security certification. How does the Certified Cloud Security Professional (CCSP) certification stack up against other certs? Is it something cloud security pros should be looking to add to their portfolios sooner rather than later?
The Certified Cloud Security Professional or CCSP is a fairly new certification that was announced last spring at the RSA conference. It is designed to complement and build on two existing certifications: (ISC)2's Certified Information Systems Security Professional and CSA's Certificate of Cloud Security Knowledge.
The certification is designed for experienced IT professionals with at least five years of experience in the industry, including three years in information security and one year in cloud computing. Requiring this type of experience is important to ensure those who hold certification have exposure to functioning IT environments. Knowledge learned from organized training material is essential to learn best practices, but there is no substitute for having to address real world problems over the course of several years to truly develop an understanding for the complexity and vulnerability of IT systems.
Test takers will need to demonstrate knowledge of six established cloud security areas:
- Cloud data security
- Architecture and design
- Infrastructure security
- Application security
Certifications can certainly help demonstrate proficiency in a specific domain of knowledge. Those with limited experience may find certifications help support their claims about knowledge of the domain. Those with extended tenures in information security but little cloud experience may also find certifications help demonstrate the breadth of their knowledge.
Security certifications, like other certifications, can help motivate us to study more broadly than we might otherwise do. For example, some interested in network security might also delve deeply into operating system security, but spend less time learning the intricacies of legal and compliance issues. In this way, certifications can be good motivators to expand our horizons.
The best way to advance your career is to develop domain expertise through a combination of experience, training and various forms of study. A certification such as the Certified Cloud Security Professional can be a good motivator for that. At the same time, it offers IT managers and executives a baseline for comparing candidates. Certifications are not ideal ways of assessing experience and knowledge, but they are one factor worth considering when hiring.
Ask the Expert:
Perplexed about cloud security? Send Dan Sullivan your questions today. (All questions are anonymous.)
Take a look at the various vendor-neutral and vendor-specific cloud certifications
Dig Deeper on Cloud Computing Frameworks and Standards
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading