Leading Cloud Security Certification Options
Are you looking for cloud security certification and training options? Hopefully this page will help you gain clarity of the various cloud security certifications available in the market. I?m only covering the big ones here. Quite honestly, if it?s not listed here, it?s because it isn?t bringing anything special that the ones listed already do.
Let me say one thing right now. When I first started in cloud security way back in 2010, there was a pretty consistent baseline of 10-15 cloud security jobs available across the board. As part of this exercise, I just looked up ?cloud security? on indeed. There are 1,489 ?cloud security? positions open at the time of writing. Note, there is a massive difference between search terms ?cloud security? with and without quotes. Take the quotes out, and there?s 23,484 open positions. Here?s my interpretations of the data, feel free to check out indeed and use the terms yourself, look at some of the descriptions and come to your own conclusions:
Search term and open positions:
Cloud = 72,453
Cloud Security = 23,484
?Cloud Security? = 1,489
After some looking at the actual postings, I?m going with the expression ?cloud security? (with quotes) through the rest of this document. It seems this is a more targeted search for positions that are specifically cloud security jobs as opposed to jobs that involve security and cloud is a nice to have or even non-applicable keyword hit. I believe getting a cloud security certification can only helping in your pursuit of getting into this hot field.
Certificate of Cloud Security Knowledge (CCSK)
The first cloud security certification up is the Certificate of Cloud Security Knowledge (CCSK). The CCSK certification was created by the Cloud Security Alliance (CSA). The CSA is a highly regarded non-profit organization that is referenced and used by most, if not all Fortune 500 companies and Government agencies around the world. A bunch of information regarding the CCSK contents can be found here.
I?m going to go with risk managers, directors, audit, legal and other higher-level positions. Deep technical skills will not be obtained by taking this certification. Technical people greatly would benefit from the managerial aspects covered by the course to become a ?well rounded? professional.
The CCSK certification is vendor-neutral. This is to say there is no focus on any cloud service provider, rather, it takes a holistic view of cloud security across a wide area of bodies of knowledge, ranging from governance through to virtualization security. That makes this cloud security certification applicable to any organization in the world that has adopted cloud, or is in the process of doing so.
Hard. It earns this rank through the wide body of knowledge that is tested. The depth of each area tested is not the issue, it is the diverse knowledge an individual must possess in order to pass the test. Technical people will get caught by the governance and enterprise risk material, and the managers may be caught by the technical aspects.
The Cloud Security Alliance doesn?t disclose numbers, but there are many individuals that have undergone the exam. The expression CCSK ?Cloud Security? had 70 listings on indeed.
I?m listing this with a massive caveat (and this applies for the other cloud security certifications as well. Just because a company lists CCSK in a job listing doesn?t mean having a CCSK certification and a smile is going to get you the job! Many of the positions listed for CCSK are advanced positions.
That said, indeed has a salary estimate for searches (which I think is awesome!). The search CCSK ?Cloud Security? has a bottom salary estimate of $90,000 and tops out at $130,000.
Certified Cloud Security Professional (CCSP)
The second cloud security certification is the CCSP certification by ISC2. The CCSP was created by both the ISC2 and the CSA. This course covers much the same material as the CCSK but extends into areas such as physical security and privacy being the two big areas that come to mind. This link has a bunch of information regarding the CCSP.
Same as the CCSK, but mainly CISSP holders would choose the CCSP certification over the CCSK certification. Many reasons why, least of which is the doubling of Continuing Professional Education credits that apply to both CISSP and CCSP. Also, the ISC2 has a very strong reputation in the industry. Unlike the CCSK certification, there are strict minimum experience requirements in order to obtain this cloud security certification.
The CCSP certification is vendor-neutral just like the CCSK. This is to say there is no focus on any cloud service provider, rather, it takes a holistic view of cloud security across a wide area of bodies of knowledge, ranging from governance through to virtualization security. That makes this cloud security certification applicable to any organization in the world that has adopted cloud, or is in the process of doing so.
Very Hard. Just like the CCSK, it earns this rank through the wide body of knowledge that is tested, but is significantly wider than the CCSK. Candidates without a CISSP or detailed knowledge of the CISSP CBK are going to find this exam almost impossible to pass. In my opinion, if you meet the work experience to get your CISSP, get that first then get this one.
The ISC2 lists 1,265 as being a CCSP holder. The expression CCSP ?Cloud Security? had 60 listings on indeed.
The search CCSP ?Cloud Security? has a bottom salary estimate of $100,000 and tops out at $135,000.
Amazon AWS Certified Architect – Associate
The AWS architect certification is being listed here because it is the ?base? certification that will lead to the upcoming AWS Security Specialist certification that is currently in beta. A word of warning for the ?pure play? security professional ? Although this certification does have a security angle, you may be fighting a confusion complex by obtaining this to prove your AWS skills. It really is meant for people who will architect complete AWS solutions, not security experts. Many companies looking for AWS architects are also looking for people with solid DevOps and automation skills in AWS. If you?re going to get this and want to stay in security, make sure AWS security specialist is done shortly (well, once out of beta that is) after to dispel any confusion this certification may bring to your application.
Unlike the two others, this is a highly technical exam focused exclusively on AWS technologies. Systems engineers and systems architects are the target audience for this one. Security professionals who want to demonstrate they have knowledge of AWS security would also benefit (with caveat above).
It?s all in the numbers of companies using AWS. After all, AWS is by far the gorilla of the IaaS space today. You?ll be in high demand by any company relying on AWS.
Some can say this is a general cloud certification, but I would say that?s like saying an MCSE is a general IT certification. Not sure if I would be looking for an MCSE to build a Linux box for me, just like I?m not sure I?d hire an AWS architect to design an Azure environment. I?m also not sure I?d hire an AWS architect to assess security of my SaaS security (I?d look to CCSK or CCSP for that).
Hard. I?m ranking this exam as being hard. I have written in the past about my experience here.
People on Quora seem to think the number is higher than 23,000. They base this off the number assigned to an individual holder. I just looked at mine and I?m AWS-ASA-4621 (November 2014). More recent ones show AWS-ASA-23200, so I guess that sounds about right.
This is a wild one that really fluctuates based on what the employer is actually looking for. For example, DevOps engineers are worth a lot more than a ?generic? AWS engineer. Searching for AWS architect resulted in a range of $65,000 to $120,000. The search AWS ?cloud security? ranged from $100,000 to $130,000, more in-line with the CCSK and CCSP certified job postings.
I hope this posting helps you in your decision making regarding the CCSK, CCSP or AWS certified architect decision. In all honesty, you can?t go wrong having any of these three cloud security certifications under your belt.