What does it mean to say you’re an expert in cloud security? Until recently, not much—anyone could say they had expertise in cloud security and there was no certification, license or degree available to prove it. Now, the International Security Council (ISC) had teamed up with the Cloud Security Alliance (CSA) to create a Certified Cloud Security Professional (CCSP) certification as of April 21, 2015 (coincidentally the same day Google made a big algorithm update, making this a monumental date for the IT industry). This might all be a mouthful, but it’s a great step towards tackling the skills shortage in the cloud industry and helping businesses hire the best fit pros for the job.
In order to get this certification, a person much showcase the knowledge of management, implementation and design required to create safe cloud environments. There are plenty of unqualified cloud security “experts” around, so a certification was in dire need in order to separate the great from the poor—or merely the adequate. Cisco recently discussed the shocking lack of skills amongst cybersecurity professionals both in the cloud and beyond. That 2014 Cisco report was mentioned in a RAND report last June, solidifying the need for higher skilled professionals. Finally, in early April, there was a Websense Security Lab threat report which showed just how much easier hacking had become, and blamed a lack of skilled experts mixed with subpar infrastructure.
Making the Grade
A cybersecurity pro must show that they can assess, audit and secure a cloud infrastructure to get certification. This certification is best mated with other, existing certifications such as the ISC Certified Systems Security Professional certification as well as the CSA Certificate of Cloud Security Knowledge certification. According to the CEO of Cloud Security Alliance, Jim Reavis, “Many enterprises have told us that cloud computing is becoming their primary IT system. An effective cloud security strategy and architecture adds several nuances to traditional security best practice, which is why it’s critical to accelerate efforts to address the cloud security skills gap.” He goes on to explain that, “CCSP helps to set the highest standard for cloud security expertise,” which is why many in the IT world—especially working in cloud landscapes—are eager to get their team certified.
You also need at least five years of experience in IT, which must include at least three years in security and a minimum of one year in cloud. Certification requires six areas of capabilities including Cloud Application Security, Cloud Data Security, Cloud Platform and Infrastructure Security, Architectural Concepts and Design Requirement, and Legal and Compliance.
Proud to Be in the Cloud
Industry experts agree that “cloud computing” is slated to be one of the most in-demand skills in IT throughout 2020 (and likely beyond). The ISC’s 2015 Global Information Security Workforce Study shows that most in the industry think cloud computing will require constantly learning new skills, so it’s possible that this certification may soon require continuing education and re-certification. As the CSA reports that skills shortage remains one of the biggest threats to cloud, it’s no wonder that everyone is hustling for a means to see who has what it takes and who’s lacking.