As a massive amount of data, applications and workloads increasingly move to the cloud, an expertise in this area has never been more advantageous. Among IT’s highest priorities when it comes to cloud adoption is security. And cloud security specialists are finding themselves in great demand today.
Two of the industry’s most highly regarded cloud security credentials are the ISC2 CCSP and the CCSK from Cloud Security Alliance (CSA). Both offer a comprehensive education on cloud security fundamentals, but there are key differences. Here’s a breakdown of each.
CCSP (Certified Cloud Security Professional)
The CCSP is for IT and information security leaders seeking to prove their understanding of cybersecurity and securing critical assets in the cloud. It shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud.
Cost: $599
Number of questions: 125 multiple choice items
Time to complete: 3 hours
Exam venue: ISC2 Authorized Pearson VUE Testing Centers
Who should get it?
Roles that typically require a CCSP include Cloud Computing Analyst, Cloud Administrator, Cloud Architect, Cloud Engineer, Enterprise Architect, Security Administrator, Security Architect and Systems Engineer.
Other jobs that also use the skills and education this certification offers include Chief Information Security Officer, Information Security Analyst, Cybersecurity Specialist, Information Security Network Specialist, Information Security Engineer, Cloud Specialist and Cloud Information Security Specialist.
What kind of experience do I need?
To qualify for the CCSP, you must have a minimum of 5 years cumulative paid work experience in information technology, of which 3 years must be in information security and 1 year in 1 or more of the 6 domains of the CCSP CBK.
A candidate who doesn’t yet have the required experience to become a CCSP may become an Associate of ISC2 after successfully passing the CCSP exam. The Associate of ISC2 will then have 6 years to earn the experience needed for CCSP certification.
Topics covered on the CCSP exam include:
Domain 1. Cloud Concepts, Architecture and Design
Domain 2. Cloud Data Security
Domain 3. Cloud Platform and Infrastructure Security
Domain 4. Cloud Application Security
Domain 5. Cloud Security Operations
Domain 6. Legal, Risk and Compliance
Other factors to consider
The CCSP certification also recognizes the value of CCSK and has a provision that CCSK can be substituted for 1 year of experience in one of the six domains of the CCSP Common Body of Knowledge (CBK).
Takeaway
CCSP is for the experienced security professional and obtaining it signals a senior-level understanding of and experience with cloud, as well as with traditional information security. Candidates who seek the CCSP are often established cybersecurity professionals who want to demonstrate advanced knowledge of both cloud and data center security concepts.
CCSK (Certificate of Cloud Security Knowledge)
Cost: $395
Number of questions: 60
Time to complete: 90 minutes
Exam venue: Open book and taken online
Who should get it?
Roles that typically use the knowledge gained through the CCSK include Cloud Computing Analyst, Cloud Administrator, Cloud Architect, Cloud Engineer, Enterprise Architect, Security Administrator, Security Architect and Systems Engineer.
What kind of experience do I need?
CCSK has no experience requirements. The test asks participants to demonstrate knowledge of three key documents: the CSA Guidance, the CSA Cloud Control Matrix and the ENISA report.
Other factors to consider
One important distinction to note is that the CCSP is a certification and the CCSK is a certificate.
A certification recognizes a candidate’s knowledge, skills and abilities typically as framed by a job role. A certificate scope is narrower, and only provides proof of a training course completion.
A certification grants a candidate access to a membership organization, and almost always requires an annual continuing professional education (CPE) commitment to maintain the certification. But a certificate does not often associate one with any membership organization, and the body of knowledge gained does not evolve over time or require a CPE.
Takeaway
The CCSP and CCSK credentials in many ways complement one another. Because the CCSP recognizes the value of CCSK and has a provision that CCSK can be substituted for 1 year of experience, the CCSK is often viewed as a good start along the path to earning a CCSP later. CCSP truly demonstrates excellence and commitment to the discipline.
Achieving CCSP certification provides the added benefit of membership in ISC2, the world’s largest nonprofit association of cybersecurity professionals. More than 140,000 members strong and growing, ISC2 offers its members professional development courses through the Professional Development Institute (PDI); continuing professional education through industry events such as the global Security Congress; technical webinars discussing areas of developing cybersecurity trends; and benefits such as Member Perks, the ISC2 Community and the bimonthly InfoSecurity Professional magazine.
When deciding which credentials to pursue, carefully consider how they align with your immediate and long-term professional goals. Download the Ultimate Guide to the CCSP as part of your journey.