Here’s the truth about security certifications and courses: For those who are serious and want to put the time, money, and effort in to the coursework, they all have something to offer. While some require more prerequisites than others and still others are certifications versus certificates, each person has to be honest with themselves and recognize if they are beginners, or are they ready to make a more aggressive step.
Keep in mind that cloud computing security now ranks as the skill set in the shortest supply, according to the results of the fifth annual ISSA/ESG survey of cybersecurity pros, said Candy Alexender, board president of ISSA International. Prospective students and professionals should look to advance their careers through a mix of training in the form of formal cloud courses, online webinars and certification classes as well as on-the-job training.
“They should focus on an understanding of SaaS models and how they integrate into security platforms and in-house protocols,” Alexander said. “Other skills that are important are an understanding of how to ask for and write contracts with a guarantee of security as well as an ability to test the protocols of the vendors that they choose.”
Because cloud technology is so dynamic, employers also do like to see current expertise in some of the more popular vendor services and related technologies, such as the major cloud provider offerings, containers, identity systems, zero trust, and key management, said Jim Reavis, CEO of the Cloud Security Alliance.
“Some developer skills are also valued, even for non-developer roles as you see an increase in techniques such as scripting to enable automation,” he added.
Most experts will tell people just starting out to get a certificate from the Cloud Security Alliance or start by taking the Security+ certification course from CompTIA (see details below). Rank beginners should start with CompTIA’s IT Fundamentals+ course. It only makes sense, because security pros need to develop a good grounding in information technology and security before they specialize in any one cloud platform over another. Students will learn the basics of cloud security by taking the Security+ course.
So what's out there? Below are seven training programs from reputable organizations dedicated to the IT and security field. This is not, of course, an exhaustive list. But it's a solid start.
Identity and access management with the big 3: Amazon Web Services, Azure, Google Cloud Platform
SEC488: Cloud Security Essentials from SANS covers Amazon Web Services, Microsoft Azure, and Google Cloud, as well as the other cloud service providers (CSPs). The program starts by focusing on one of the most critical cloud topics: identity and access management. From there, the course moves on to a broad range of security topics through discussion and practical, hands-on exercises related to several important cloud topics in the different major cloud platforms: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).
Prerequisites: A basic understanding of TCP/IP, network security, and information security principles are helpful, but not required. SANS considers familiarity with Linux command lines a bonus.
Details: One proctored exam with 75 questions over two hours. The minimum passing score is 61%. Cost is $7,640; GLCD certification: $949
From DevOps to solution deployment: Cloud security best practices
The Certified Cloud Security Professional (CCSP) course from (ISC)² has been geared for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration, including those in the following positions: cloud architect, cloud engineer, cloud consultant, cloud administrator, cloud security analyst, cloud specialist, auditor of cloud computing services, and professional cloud developer.
Prerequisites: To qualify for the CCSP, candidates must pass the exam and have at least five years of cumulative, paid work experience in IT, of which three years must be in information security and one year in one or more of the six domains of the (ISC)2 CCSP Common Body of Knowledge (CBK). A candidate who doesn’t yet have the required experience to become a CCSP may become an Associate of (ISC)2 after successfully passing the CCSP exam. The Associate then has six years to build the experience to earn a CCSP.
Details: The CCSP has 125 questions and is a three-hour exam. Students need a score of 700 out of 1,000 to pass the exam. CCSP exam: $599; CCSP online instructor-led training: current retail price, $2,409.75; CCSP self-paced training: current retail price, $836.45
Establishing a foundation: Vendor neutral cloud security basics
The Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance has been widely recognized as one of the leading standards of expertise for cloud security and gives students a cohesive and vendor-neutral understanding of how to secure data in the cloud. Think of the CCSK credential as the foundation to prepare students to earn additional cloud credentials specific to certain cloud vendors or job functions.
Prerequisites: CCSK has no experience requirements. The test asks students to demonstrate knowledge of three documents: the CSA Guidance, the CSA Cloud Control Matrix and the ENISA report.
Details: The CCSK is an open-book, 90-minute online exam with 60 multiple choice questions. The exam costs $395 and comes with two chances that the student has up to two years to use. The minimum passing score is 80%. Students can study on their own or enroll in training.
Microsoft Azure: A deep dive
Infosec’s Microsoft Azure Dual Certification Bootcamp teaches students important Microsoft Azure administration and security skills through hands-on labs and expert instruction. The intensive training prepares students to pass the two exams necessary to become Microsoft Certified: Azure Administrator Associate and Azure Security Engineer Associate.
Prerequisites: A basic understanding of cloud computing is recommended, but not required.
Details: Program covers seven days of live, expert Azure instruction, an exam voucher, unlimited practice exam attempts, a free annual Infosec Skills subscription ($599 value), one-year access to all boot camp video replays and materials. Cost is $4,399.
Amazon Web Services: A deep dive
The AWS Certified Security – Specialty trains people to develop the skills to run secure workloads in AWS environments. Much like the aforementioned training for Azure, this goes deeper on one of the most dominant platforms in the market today.
Prerequisites: AWS recommends that students have the following before taking this course:
- Five years of IT security experience in designing and implementing security systems and at least two years of hands-on experience in securing AWS workloads.
- Working knowledge of AWS security services and features of services to deliver a secure production environment and an understanding of security operations and risks.
- Knowledge of the AWS shared responsibility model and its applications.
- Understand specialized data classifications and AWS data protection mechanisms, data-encryption methods and AWS mechanisms to implement them, and secure internet protocols and AWS mechanisms to implement them.
Details: Includes 65 questions, either multiple choice or multiple response. Students have 170 minutes to complete the exam. Exam costs $300; three-day virtual prep course, Security Engineering in AWS; $2,095.
Google Cloud: A deep dive
The Professional Cloud Security Engineer exam from Google can design and implement secure workloads and infrastructure on Google Cloud. Through an understanding of security best practices and industry security requirements, these students learn how to design, develop, and manage a secure infrastructure using Google security technologies. The course covers all aspects of cloud security: identity and access management, defining organizational structure and policies, using Google technologies to provide data protection, configuring network security defenses, collecting and analyzing Google Cloud logs, managing incident responses, and demonstrating an understanding of regulatory considerations.
Prerequisites: While there are no specific prerequisites, Google does recommend three or more years of industry experience, including more than one year designing and managing solutions using Google Cloud.
Details: The exam takes two hours and the registration fee is $200; consider the two-day Managing Security in Google Cloud course. Cost is $15 for 15 credits or $29 monthly subscription with Google for unlimited credits.
Hybrid IT: Cloud security in the broader landscape
The Security+ Certification from CompTIA describes Security+ as a global certifications that validates the baseline skills necessary for a person to perform core security functions and pursue an IT security career. Security+ is widely considered the first security certification an IT pro should earn. Many also believe that students should take the IT Fundamentals course from CompTIA to get a good background in operating systems, networks and security concepts before diving into Security+. Students who earn the certification have acquired the following skills:
- Assess the security posture of an enterprise and recommend and implement appropriate security solutions.
- Monitor and secure hybrid environments, including cloud, mobile, and IoT.
- Understand the applicable security laws and policies, including the basic principles of governance, risk, and compliance.
- Identify, analyze, and respond to security events and incidents.
Details: The exam runs 90 minutes and has a maximum of 90 questions. The questions are multiple choice and performance based. The exam voucher costs $381. The full eLearning Bundle prep course complete with exam voucher and an exam retake costs $949.