Cloud Security Certification Path for 2022 — What to choose
Cyber-security professionals often have a love/hate relationship with certifications. Some scoff at them and consider them no substitute for experience while others believe they are a necessary validation of knowledge for every security pro. I personally believe cloud security certifications can be very useful in helping professionals getting a foot in the door and give a good baseline on which you can build your experience. However one problem new entrants into this field face is what Cloud Security Certification path should they choose ?
Cloud Security Certification Path ?
If you are planning to enter the cloud security field then getting certified is the best way to get a foot in the door. It demonstrates to managers that are you serious about a cloud security career and have done the necessary hard work to prove it. It is also a great way to build a foundation of cloud security knowledge which will help you when starting out. I mentioned this in one of my videos for how to get started in cloud security :
But the question comes , which Cloud Security Certification should you look at ?
One key point to remember is that Cloud Security certifications generally fall under two categories. Platform agnostic and Platform specific
- Platform Agnostic : Certifications like CCSK and CCSP which are not bound to any specific platform like Google, Azure or AWS and instead focus more on technical concepts and creating a strong foundational knowledge of the cloud
- Platform Specific : Certifications like AWS security specialty or Azure Security Engineer which are specific to a particular platform. These usually assume you have knowledge of the platform you are trying to secure
If you have ZERO knowledge of cloud concepts then I would definitely suggest going with a platform agnostic cert first before attempting the platform ones. You need to make sure your foundation is rock solid before focusing on a specific cloud provider. Lets take a look at the most popular certs in the market
1. Platform agnostic Certs ( CCSK or CCSP )
When talking about platform agnostic cloud certs, the discussion usually boils down to either the CCSK or CCSP . Lets look at each in detail:
CCSK ( Certificate of Cloud Security Knowledge )
Offered by the Cloud Security Alliance ( CSA ), the CSK gives a great indepth overview of Cloud Security concepts such as Cloud Architecture , Identity and Access Management, Key Management etc. The exam can be taken online and has around 60 questions. It requires you to show knowledge of the below topics :
You can read more details here
CCSP ( Certified Cloud Security Professional )
ISC2 is famous for introducing the gold standard in security certs which is the CISSP so everyone was quite excited when they introduced their own cloud security cert. The CCSP similar to the CISSP has become well respected in the industry for demonstrating cloud security expertise and is meant for people who have a few years experience in the field.
- Domain 1. Cloud Concepts, Architecture and Design
- Domain 2. Cloud Data Security
- Domain 3. Cloud Platform & Infrastructure Security
- Domain 4. Cloud Application Security
- Domain 5. Cloud Security Operations
- Domain 6. Legal, Risk and Compliance
The CCSP also benefits from the respect and credibility which ISC already has in the industry and the fact that at least one year of that experience should have been in one of the above domains
CCSK or CCSP .. Which one to go with ?
This one is a toughie to answer as both are excellent certs backed by respected organizations. I have attempted to break it down as per the three criteria below :
- Experience : The CCSK does not have an experience requirement and passing the exam is enough while CCSP requires 5 years of experience in the infosec industry with one of those being in cloud. The CCSK therefore is more suited to those who are at entry level and want to get into cloud security whereas the CCSP is more geared towards experienced professionals
- Cost : The CCSK exam is around USD 395 while the CCSP comes to around USD 699 which can be quite expensive along with those pesky AMF payments which have to be done annually. Sometimes companies are happy to reimburse the costs so do check with your employer before proceeding.
- Industry Standing : Both are respected certs which have a good standing in the industry as can shown here. You really cannot go wrong with either of them when it comes to validating your cloud security expertise
My opinion is that which you should go with depends on where you are in your career. If you are mid to senior level professional then you should go with the CCSP while people new to Cloud security should go with the CCSK.
2. Platform specific Certs
Lets us now move on to platform specific certs which show experience in a specific cloud provider. Cloud platforms like Azure, AWS and GCP can have hundreds of services and companies who have critical workloads in the cloud want assurance that you are able to navigate them. A specialized cert will make you stand out in their eyes. Lets take a look at what cloud security certification path you can take :
AWS Certified Security — Specialty
AWS is the most popular cloud platform in the world today and demand for certified AWS professionals is not going down anytime soon. The AWS Certified Security specialty is a great certification to show you know your way around the huge number of security services that are present and how to configure services like AWS GuardDuty, Config, Security Hub etc. AWS does recommend that you have a few years experience before taking this test so if you do not have any experience of AWS I would recommend first going with the AWS Solutions Architect Associate — Exam as that gives you great overview of the different AWS services and makes the AWS security specialty exam much easier in my opinion.
Microsoft Azure Security Engineer Associate
For those on Microsoft Azure platform , the Azure Security Engineer associate validates your expertise on configuring security services and data protection. You are expected to have a good knowledge of the platform and understand how the different services interact with each other as per Microsoft guide below :
Candidates for this exam should have subject matter expertise implementing Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.
One advantage is that most people are usually familiar with Microsoft Services so the learning curve is not as a steep as those who are new to AWS or Google Platform. You can get certified by passing the AZ-500 exam however one key point to note is that Microsoft have added lab questions to the Az-500 exam so do not try this exam without first having some hands on experience with the platform and the different services which Azure offers
Google Cloud Security Engineer
Similar to the above two and rounding out the top three providers, the Google Security Engineer proves that you have the ability to secure design and implement Google cloud. The foundational elements are similar to Azure and AWS with the requirement to know concepts like Identity and Access Management, Data protection, key management etc.
This is a great cert to have and I would definitely recommend having it if you are planning to work on the Google Cloud. It is also a stepping stone to one of the most in demand certifications which is the Google Professional Cloud Architect Cert ( GPCA ) . Although technically not a security cert this is a very in-demand cert and professionals are required to have a firm knowledge of the Google cloud and it is one of the highest paying certs around. Having the google Cloud Security engineer gives you a great foundation to try this exam also . I have a detailed video here on the same.
Certifications are not the end-goal
I hope you got a better idea of the different cloud security certification path that are present in the market. These are all a great way to show your expertise and give you career a boost but remember they are not the end goal. Certifications get your foot in the door but the cloud is an extremely challenging field and you will not go far without hands on experience. Simply having lots of certs will only help during the interview process but it is your hard work and experience that will make the different in the long run. Make sure that along with the cert you have the required skills also to make your cloud career a long lasting and successful one !
Read the original article on my blog here