Many InfoSec professionals are often approached by people who want to enter the cybersecurity profession. One of the most common questions asked is usually something along the lines of “what should I study?” This is a valid question, as people entering the Information Security field are greeted with an array of options. While it is easy to go down a rabbit hole of great advice to an industry newcomer, one easy way we can narrow the field of possibilities is to answer the question with another question: “What has been the most transformational shift in the InfoSec industry in the last few years?” The answer is clearly cloud security.
While there are many new approaches to security, such as the move towards Zero Trust, Identity Access Management, and Rapid Response, those are only parts of the greater ecosystem under which everything is taking place, that is, the cloud. More than 90% of companies are conducting some form of their business in the cloud. Even if they are not actively storing data in the cloud, most businesses are using one or more services offered through a cloud-based provider.
This indicates that even if your organization is still using an on-premises model, an understanding of cloud security is still an important part of the overall security posture. If your perimeter is touching the cloud then cloud security is vital for the completeness of your security practice. Similarly, new regulatory models require that all aspects of your security program take a risk-based approach. One could not reasonably expect to exclude the cloud because it is not under the same roof as the rest of the corporate infrastructure. Remember, your organization is accountable for its data, and any security lapses to data under its control, regardless of where the event occurs. This makes it more important than ever to have a subject matter expert on staff who can not only guide the cloud adoption, but who can also articulate the cloud security standards for the organization.
Considering that the InfoSec community is usually on the cutting-edge of new technology, the unfortunate reality is that most security professionals are lagging in their trust, especially when considering the move to public cloud services. Another reason for this lack of trust is due to inadequate cloud security training among InfoSec professionals.
While there are many cloud-provider certifications available, those are very specific to each particular cloud provider. These certifications are not substitutable, meaning that one does not apply to another. As a job candidate, knowing a particular vendor’s product is advantageous, yet it can be limiting if your potential employer is not using the “flavor” that you know. A vendor-neutral certification can augment your knowledge, creating a solid foundation upon which you can build specific cloud-provider techniques. A vendor-neutral cloud security certification is also the preferred designation if you are acting as an advisor to a company that is either considering cloud adoption, or actively developing a cloud migration.
Cloud security skills are not only in high-demand; they are also the training that many InfoSec professionals indicated as a primary focus for their own future individual development. There is still a large skills gap in Information Security, yet the hiring of skilled professionals is steadily increasing. One needs both technical, as well as administrative skills in this new environment. Taken as a whole, the picture is clear that a vendor–neutral cloud security certification can serve a person well, not only now, but well into the future.
Recently, we spoke with fifty people who hold the Certified Cloud Security Professional (CCSP) designation. They offered their insights about why they undertook the study to achieve the CCSP, as well as offering their own perspectives on how the certification enriched their knowledge, and advanced their careers.
Members of our interview panel work in diverse areas of cloud security, including:
- Cloud Security Engineering
- Cybersecurity Analyst
- Security Architecture
The interviewees shared their journey; what they studied, and how they studied in order to accomplish the CCSP credential. They also speak about how the certification has added value to their organizations.
ISC2 is acknowledged as the global, nonprofit leader in educating and certifying professionals throughout their careers. Our reputation has earned our cyber and IT security certifications, and our training programs, recognition as the Gold Standard of the industry. When you become certified through ISC2, you earn tested and verifiable proof of proficiency in your field, leading to career advancement and new professional growth opportunities.
If you are considering a cloud security certification, watch our webinar to hear why CCSP may also be the right choice to start you on the path to achieving your career goals.