Organizations worldwide are facing new security challenges presented by cloud computing, as most legacy security tools fail to meet the requirements of dynamic, distributed, virtual cloud environments. In fact, 81% of organizations say traditional security solutions don’t work at all in cloud environments or have only limited functionality, according to the 2021 Cloud Security Report by Cybersecurity Insiders.

To fill those gaps, global opportunities for cybersecurity professionals specializing in cloud security are many. But with so many certifications out there, which option most effectively demonstrates the broad knowledge and skills required to secure any cloud environment? Let’s compare three leading certifications: ISC2 Certified Cloud Security Professional (CCSP) vs. AWS Certified Security - Specialty.

CCSP is a vendor-neutral certification that demonstrates the broad knowledge to successfully secure any cloud environment, regardless of vendor affiliation. It proves expert skills and experience in cloud security design, implementation, architecture, operations, controls and compliance with the full range of regulatory frameworks. The globally recognized certification is available from ISC2, the creators of the Certified Information Systems Security Professional (CISSP) Common Body of Knowledge.

AWS Certified Security – Specialty is a vendor-specific certification that shows expertise specifically and exclusively in the Amazon Web Services cloud platform.

Why is vendor-neutral cloud certification favored by many organizations?

For higher levels of security, the standard for many organizations today is multi-cloud, which uses multiple providers for IaaS, PaaS and SaaS environments. Multi-cloud strategy allows organizations to work with cloud providers and environment types best-suited to their workload or application.

Fifty-five percent of companies use at least two public clouds in addition to their own data centers, according to IDG’s 2020 Cloud Computing Study. IT managers make choices based on the performance and services a platform offers, which vary according to application type. And because the public cloud is a dynamic environment, a multi-cloud strategy allows organizations to avoid the limitations and potential expense of vendor lock-in and take advantage of innovations as they are introduced.

What is each cert’s emphasis on cloud security?

CCSP turns the focus on cloud security, testing candidates’ skills and knowledge across six cloud security domains. It validates your ability to design, manage and secure data, applications and infrastructure in any cloud environment, while also following the best practices established by ISC2.

AWS Certified Security - Specialty validates a candidate’s ability to effectively demonstrate knowledge about security specifically in the AWS cloud platform.



AWS Certified Security - Specialty

Cloud Concepts, Architecture and Design

Incident Response

Cloud Data Security

Logging and Monitoring

Cloud Platform and Infrastructure Security

Infrastructure Security

Cloud Application Security

Identity and Access Management

Cloud Security Operations

Data Protection

Legal, Risk and Compliance

What if my employer uses AWS?

CCSP complements AWS Certified Security – Specialty certification by elevating your expertise in the cloud. CCSP expands upon vendor-specific cloud certifications with comprehensive knowledge and skills in security frameworks. Its vendor-neutral certification deepens your proficiency with a broader mastery of cloud security.

What level of professional experience is required?

CCSP candidates are expert-level professionals. They are required to have at least five years of cumulative, paid work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the ISC2 CCSP Common Body of Knowledge. A candidate who doesn’t yet have the required experience to become a CCSP may become an Associate of ISC2 after successfully passing the CCSP exam. The Associate of ISC2 will then have six years to earn the experience needed for the CCSP certification.

AWS Certified Security - Specialty candidates are recommended but not required to have five years of IT security experience in designing and implementing security solutions, as well as two or more years of hands-on experience securing AWS workloads.

What’s the earning potential?

Certification Magazine’s 2021 salary survey ranks CCSP highest of the three credentials at No. 8 on its list of most lucrative certifications with an average annual salary of $150,400 USD in the U.S. and $96,820 USD in all non-U.S. countries. AWS Certified Security - Specialty ranks No. 13 in the same ranking with an average annual salary of $149,190 USD in the U.S. and $76,230 USD in all non-U.S. countries.

What is required to maintain certification?

CCSP-credentialed professionals must participate in continuing professional education (CPE) to stay current on emerging threats, technologies, regulations, standards and practices. They are required to earn and submit a minimum of 30 CPEs each year; 90 CPEs by the end of the 3-year recertification cycle.

AWS Certified Security - Specialty certification is valid for three years, after which recertification is required. To recertify, candidates can take the current AWS Certified Security – Specialty exam.

Certification and Maintenance Details



AWS Certified Security - Specialty

Length of Exam

3 hours/125 multiple-choice questions

170 minutes/65 multiple-choice or multiple-response questions

Passing Score

700 out of 1,000

750 out of 1,000

Exam Fee

$599 USD

$300 USD

Annual Maintenance

$135 USD



90 credits over 3 years


How CCSP Certification Can Help You Succeed

Earning the globally recognized CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity member experts at ISC2.

Achieving CCSP certification provides the added benefit of membership in ISC2, the world’s largest nonprofit association of cybersecurity professionals, more than 150,000 members strong. ISC2 provides members with professional development courses through the Professional Development Institute (PDI); technical webinars covering evolving cybersecurity trends; and benefits, such as the ISC2 Community.

Download your copy of The Ultimate Guide to the CCSP and get started toward certification today.