The CCSP (Certified Cloud Security Professional) certification is for IT leaders looking to validate their understanding of cybersecurity and securing critical assets in the cloud. Passing the rigorous (ISC)2 exam proves that security professionals have the advanced technical skills and knowledge needed to design, manage and secure data, applications and infrastructure in the cloud, according to (ISC)2.
To qualify for the CCSP, (ISC)2 said candidates must pass the exam and have at least five years of cumulative, paid work experience in information technology, of which three years must be in information security, (ISC)2 said. A candidate who doesn’t yet have the required experience to become a CCSP may become an Associate of (ISC)2 after successfully passing the CCSP exam.
From its application in practical situations such as multi-cloud environments to the opportunities it unlocks for increased earnings and consulting engagements, here’s what four education and training experts said are the most significant perks of getting CCSP-certified.
8. Can apply knowledge in practical situations
The CCSP shies away from general knowledge and instead forces practitioners to determine how their learning can be applied in specific situations, according to Toni Hahn, content development manager for the (ISC)2 Examinations team. The test looks at how practitioners can apply the knowledge they’ve accrued rather than just having them regurgitate the key findings, Hahn said.
As a result, Hahn said it’s easy for practitioners to go out into the real world after passing the CCSP exam and use what they’ve learned to demonstrate cloud security expertise. The CCSP goes well beyond book-based knowledge to ensure practitioners have a comprehensive understanding of how the concepts can be applied, Hahn said.
Questions on the CCSP exam tend to be more scenario-based than knowledge-based to assess how the practitioner would respond to a particular set of circumstances, according to Hahn.
7. Complements vendor-specific cloud certifications
Security generalists or analysts looking to get into cloud security typically get certified in whichever public cloud platform their current or prospective employer uses, according to Brad Puckett, global portfolio director at IT training company Global Knowledge. But the CCSP puts a security professional on a different career vector or trajectory since it’s not tied to any particular employer, Puckett said.
Vendor-based certifications allow security professionals to work at a specific organization, Puckett said, but their applicability is limited since being certified in Microsoft Azure isn’t useful if the organization uses AWS. As a vendor-neutral certification, Puckett said the CCSP is more complementary than competitive with the platform-based certifications, and it can actually be ancillary to certifications for Azure, AWS or GCP.
Practitioners holding the CCSP tend to work in the following cybersecurity or IT security roles, according to Global Knowledge: incident response/forensic analyst; CISO/CSO/ISO; security manager or director; or security engineer or analyst.
6. Signifies cloud proficiency and professionalism
The CCSP was introduced in 2015, and it has been the fastest of any (ISC)2 certification to reach 5,000 people certified, according to (ISC)2’s Hahn. The certification gives businesses confidence that the practitioner knows industry best practices for securing a cloud environment, Hahn said.
Having a CCSP certification signifies a level of proficiency and professionalism, and can be a big differentiator when competing against another security practitioner for a job, Hahn said. The CCSP is updated every three years to reflect changes on the ground, and has recently put more emphasis on making sure practitioners know the differences between Software as a Service and Infrastructure as a Service.
The CCSP is more senior to the Cloud Security Alliance’s CCSK (Certificate of Cloud Security Knowledge) since the CCSP requires industry experience as well as continuing education credits to remain certified, Hahn said. The CCSP is broader than the CCSK, Hahn said, covering all types of cloud security rather than just introducing certificate-seekers to a couple of key documents.
5. Demonstrates hands-on expertise
Even though the CCSP is vendor-agnostic, practitioners should make sure they’re getting hands-on experience with AWS or Azure while preparing for the exam to help with retaining classroom material and understanding how security misconfigurations can be attacked, according to Ken Underhill, a master instructor at Cybrary.
The hands-on practice ensures that security professionals know what to do in the field with the skills they’ve gained from passing the CCSP exam that extends well beyond book smarts, Underhill said. The CCSP pairs well with (ISC)2’s signature CISSP (Certified Information Systems Security Professional) exam, which helps practitioners understand how security risks pan out across other areas of the organization.
The CSSP goes down into architectural and design concepts in the cloud, addressing topics such as auditing, virtualization, identity and access management, and cloud platform and infrastructure security, according to Leif Jackson, Cybrary’s vice president of content and community. This covers tasks such as avoiding unauthorized access and analyzing infrastructure in the cloud, Jackson said.
4. Can build clouds either in-house or as consultant
The CCSP prepares practitioners to go in and securely build a cloud security solution as either a consultant or a cloud architect, according to Global Knowledge’s Puckett. Being a certified security practitioner for cloud positions certificate-holders well for consulting on secure ways organizations can architect and build their cloud infrastructure, Puckett said.
In addition to being brought in as a consultant to vet and secure cloud buildouts, Puckett said CCSP certificate-holders are well-positioned to work in-house managing an organization’s security themselves. Learners would have to advance to the senior or executive level before they’d have the competencies, knowledge and skills to perform the job the CCSP accreditation qualifies them for, according to Puckett.
All cybersecurity functions require distinct knowledge of IT concepts ranging from programming, incident response and forensics down to troubleshooting, risk management, business continuity and disaster recovery, according to Puckett. Many of the competencies require distinct knowledge of how the network works in the technical world, Puckett said.
3. Applies well to multi-cloud environments
Most organizations are multi-cloud and don’t just rely on Amazon Web Services or Microsoft Azure to meet all of their needs, according to Cybrary’s Underhill. Since the CCSP is vendor-agnostic, Underhill said the information can be applied to most organizations, making it possible for security professionals to get a role within any cloud organization since they’re not limited to any single environment.
The CCSP is laser-focused on security and goes into how strategy and risk should be evaluated in the cloud, according to Cybrary’s Jackson. That’s a big contrast as compared with Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK), which Underhill said provides a more general and holistic view of the cloud without going too deep into security.
Obtaining the CCSP helps with career advancement, Jackson said, providing a salary bump that boosts compensation above what most other roles in cybersecurity pay.
2. Boost to earnings potential
Practitioners going for the CCSP certification typically have a high earnings potential since more than 80 percent of them have been in the industry for at least 11 years, according to Global Knowledge’s Puckett. The CCSP definitely isn’t a foundational or midcareer certification since it requires a significant body of work experience, Puckett said.
Professionals coming into the security industry today would probably gain midlevel experience and pursue vendor-neutral certifications like CompTIA Security+ and the EC-Council’s Certified Network Defender that accredit them as an experienced professional before even thinking about going for the CCSP, according to Puckett.
1. Sought by tech vendors, hospitals & Starbucks alike
The CCSP shows potential employers that the practitioner has senior-level management ability and knowledge to ensure that what’s going into the cloud is secure, according to (ISC)2’s Hahn. The CCSP is great for any job that requires knowledge of cloud security such as being a cloud manager or engineer, Hahn said.
Not everybody who obtains the CCSP works for a major public cloud provider like Amazon Web Services or Microsoft, Hahn said. One of (ISC)2’s subject matter experts for cloud security works in IT at a hospital, Hahn said, while others pursuing the certification are part of the technology team at Starbucks.
The vendor-agnostic approach of the CCSP ensures that the certificate-holder will have relevant knowledge regardless of which cloud platform or platforms the organization actually uses, according to Hahn. And the broad-based approach of the CCSP means that a business can switch cloud providers and still leverage the knowledge of its CCSP certificate-holder, Hahn said.