While the standard (Security+), specific (Certified Ethical Hacker), and executive/manager (Certified Information Systems Security Professional or CISSP) will still be very in demand by employers, there are several areas of cybersecurity certifications that will see growth this upcoming year.
Cloud Security
One area I am asked about frequently by students and faculty is the specialty of securing the cloud – that mega storage concept that was hardly a common cyber term 10 years ago. Cloud security has a mystical aura about its name, like something that requires expertise in metaphysics and conquering fears of the unknown. It simply means all of the storage you are using in the cloud is located somewhere else and accessible by the internet. It is why you can download thousands of pictures you take with your phone, not using its precious memory and access them at will. You are outsourcing that storage to a third party. Because this really promotes the mobility aspect of computing, needless to say, it has turned into a $300 billon business. With the onus of storing data on someone else, there must be assurances that data is safeguarded and can only be accessed by the provider and the user, which has caused an employment boom in the field of cloud cybersecurity.
Key Certifications to Consider in 2022
There are several options in the cloud security certification realm, ranging from very basic to complex and free to expensive. Here are a few choices, based on prerequisites, cybersecurity education levels, experience, or prior certifications that could be helpful. The information provided is free of any incentive and based on my desire to provide cyber candidates with different career options.
The Vendor Certifications
By vendors, I mean the big three public cloud storage giants: Amazon AWS, Microsoft Azure, and Google Cloud Platform. They all offer certifications specifically in their platform’s security that are relatively inexpensive. However, while AWS does not have a prerequisite listed, it would be wise to get a basic cloud certification from them if for no other reason than to understand their methods and philosophies. The same holds true for the others – Google Cloud and Microsoft Azure actually suggest prerequisite training. So if you are working for a company or agency that uses these vendors for cloud services, or desire to do so, these certifications are worthwhile to achieve.
The Basic
Cloud Security Alliance is a type of professional organization promoting cloud security awareness and certifications. They offer a Certificate of Cloud Security Knowledge (CCSK), which gives one a general foundation of such topics of cloud control, risk management and architecture. My research seems to indicate it goes into a lot of detail about cloud principles not necessarily dealing with security, which is ideal for someone just starting out in this area. Oh, and did I mention, their test is open book?
The Crossover
By this, I mean the person that has some experience and previous certifications in cybersecurity but wants to make themselves a candidate for cloud security positions. An example of a solid certification is CompTIA’s Cloud+, which is actually required for many positions in cloud security.
The Top of the Line
(ISC)2 is a leading professional cybersecurity organization. They offer a certification titled Certified Cloud Security Professional (CCSP), which would be a great complement to the CISSP for someone with an already impressive list of certifications and years of experience. The test requires prior experience in both cybersecurity and the cloud, although if you have the CISSP already, that should not be an issue. This is a certification for the seasoned cybersecurity leader who is involved in strategic decisions about cloud management and architecture.
While the above is not definitive and may not include other great choices, it is based on a consensus of research I have done to include visiting with industry professionals. If you have other suggestions or would like more information, do not hesitate to reply or contact me at my information below.