Skip to main content

5 surefire cloud security certifications to boost your career

If you're bucking for a new job that requires cloud security skills, here are the five technical certifications most likely to get you noticed, along with a bunch more money.

Cloud computing is remaking IT. Data centers are not going away, but all aspects of information processing are acquiring a cloud component. As a result, cloud career opportunities are growing insanely. And because the cloud is a shared resource under third-party control, cloud security becomes an even more pressing—and thus valuable—technical competency.

If you need convincing, look at this chart from Statista showing the total size of the global public cloud market from 2008 to 2020:

Size of Global Cloud Market 2008-2020 (Statista)

Size of Global Cloud Market, Statista

The market size and scope beggars belief. At nearly $130 billion for 2017, the global cloud market is expected to grow to $160 billion by 2020 (a compound annual growth rate of 7.17 percent for that period, but 28.99 percent for the entire time range). That implies incredible career opportunities all over the cloud computing sector, such as the 11 cloud certifications employers are seeking.

But one facet of cloud computing is heating up faster than all the rest: cloud security. It offers even more amazing career- and salary-enhancing opportunities, and is gaining incredible attention and momentum.

Why cloud security is the bomb

Normally, describing something as “the bomb” is a positive and complimentary thing, evocative of high value or pulchritude. In this case, it’s a bald recognition that managing security is a primary concern.

It’s a side effect of two opposing forces. Any move into the cloud requires giving up some degree of control over the data and services that move beyond organizational boundaries; in fact, that’s often an advantage. However, none of the liability for things like privacy, confidentiality, and compliance moves outside the organization. Sure, companies work carefully with cloud providers to establish service-level agreements in which they nail down the providers’ promises for security, performance, availability, reliability, and other concerns. They may even acquire various forms of liability coverage, such as data breach insurance, to help spread that risk to third parties. But they cannot escape that liability entirely, nor can they mitigate security risks completely.

We live and work in an era in which the General Data Protection Regulation (GDPR) is set to take effect and HIPAA, Sarbanes-Oxley, PCI, FISMA, and SSAE 16 already figure heavily into IT governance, compliance requirements, and risk assessments.

This is the minefield upon which cloud security professionals ply their trade. As in all walks of life with active hazards, demand is high for qualified people—and so is the pay. Thus, savvy cloud security professionals are in constant demand at organizations of all sizes and scales.

Get a handle on how to better use multiple clouds. Check out Multicloud Storage for Dummies

What cloud security professionals must know

Cloud security is something of a technology trifecta. Professionals must have detailed knowledge of three major subject matters, namely:

  • Cloud computing: This usually means fair mastery over one or more cloud computing platforms—such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform—along with the specifics involved in acquiring and using SaaS, PaaS, IaaS, and more. By itself, this is a large and complex field of study and work. My article on 11 in-demand cloud certifications can help you find your way into it.
  • Cybersecurity: This requires a strong working knowledge of general-information security topics, concerns, tools, technologies, and processes. Cloud security professionals need to be especially savvy in the areas of access control, identity management, authentication, encryption, and data loss protection, among the usual security domains addressed in a certification like the CISSP. I maintain a cybersecurity certification survey for TechTarget that’s updated every 12 to 18 months; this December 2017 version may be a useful resource.
  • Risk management, compliance, and governance: This is an area where interested candidates must focus their interests into specific industries, services, or regulatory environments. Those interested in healthcare IT would focus on HIPAA, for example, while those interested in e-commerce and e-payments would focus on PCI DSS. The number of regulatory frameworks or regimes is so large that mere mortals can’t hope to cover everything, so they must zero in on a small number of niches in which they plan to work for some time. I maintain a best certifications list in this area for Tom’s IT Pro; here’s a link to the 2018 edition.

So, IT professionals who wish to practice cloud security must cover a lot of ground. This is not an idle pursuit, nor one that someone could knock out easily or quickly. Some significant time and effort goes into such an endeavor.

OK, so what are the rewards?

Digging into salaries for cloud computing in general yields eye-popping numbers, as this August 2017 Forbes story clearly shows. At the highest levels, median salaries top $120,000, which puts the top end above $200,000. Such jobs usually go to senior architects who have upwards of a decade of experience, and they don’t reflect the field upon which cloud security professionals typically play.

My study of the top five cloud security certifications shows that they come with median salaries that average out at just over $65,000. But this lumps together midrange credentials along with more senior items. It’s fair to observe that the base salary for the area is respectable, and that you can expect pay to increase along with experience and seniority.

Here’s my table of salary data. This data was compiled in February 2018 by searching job listing sites (SimplyHired, Indeed, LinkedIn, and Linkup) using certification names, acronyms, and synonyms. I scraped salaries for jobs whose contents included a reasonable-enough match to assume a good fit between cert holders and job requirements; where a salary range was provided, the average was used.

Table 1: Salary data for top 5 cloud security certifications

Credential

Minimum

Median

Maximum

Certificate of Cloud Security Knowledge (CCSK) 

$31,355

$60,550

$116,931

Certified Cloud Security Specialist (CCSS)

$35,911

$67,581

$127,181

CCNP Cloud/CCNP Security

$49,531

$74,553

$143,590

(ISC)2 Certified Cloud Security Professional (CCSP) 

$34,537

$63,558

$116,692

Professional Cloud Security Manager (PCSM)

$45,766

$61,106

$129,211

In compiling these top cloud security certifications, I ran numbers on 23 certifications, all of which either focus exclusively on cloud security or whose cloud computing coverage includes a security component of not less than 20 percent of exam objectives and content. In choosing the top five, I picked certifications that focus exclusively on cloud security over the general certifications that appear in the companion article I cited earlier. I also include a sidebar for relevant HPE certifications later in this story.

The job counts

So, how many jobs are open in these fields? My searches at SimplyHired, Indeed, LinkedIn, and LinkUp used certification names, acronyms, and synonyms, capturing counts of jobs with relevant requirements. The vast majority of the certifications that provided the initial basis for this analysis came from “A guide to cloud security certifications for infosec pros,” a June 2017 TechTarget article.

Table 2: Job counts for leading cloud security certifications

Credential

SimplyHired

Indeed

LinkedIn

LinkUp

Total

CCSK

180

224

145

132

681

CCSS

132

14

165

75

386

CCNP Cloud/CCNP Security

374

421

533

206

1,534

CCSP

564

606

842

622

2,634

PCSM

27

18

145

199

389

You certainly can get a job in cybersecurity without a degree or certification. Plenty of people have gotten cybersecurity jobs through an untraditional route. However, lots of employers are impressed by paper credentials, especially in larger organizations. If you’re looking for a way to break into the field—or to demonstrate your competence—one of these may make sense.

In the sections that follow, I march through the top 5 certifications in the order in which they appear in Table 2.

Certificate of Cloud Security Knowledge (CCSK)

As I evaluate certifications, I like to include a foundational, vendor-neutral element. As far as I can tell, the CCSK is the only foundational and vendor-neutral certification that has a specific focus on cloud security. It comes from the Cloud Security Alliance, an industry trade group with the same focus. Though it’s an “entry-level cloud security” credential, the CCSK took the top spot in Certification Magazine’s Average Salary Survey 2016. For the record, that salary number is significantly higher than what emerged from the data-driven job posting analysis I performed to put together Table 1 in this story, and is a staggering figure for this kind of certification, at nearly $150,000.

The CCSK helps to validate professional skills and knowledge derived from actual experience with cloud security. It also confirms cert holders’ technical skills, knowledge, and ability to develop cloud security programs that take cognizance of global security standards and compliance regimes.

Earning the CCSK requires passing a single 90-minute exam that consists of 60 multiple-choice questions. And while the CCSK has no formal recertification requirements nor expiry dates, the CCSK page opines, “It is good to stay current,” which I assume means re-taking the exam periodically. The exam costs $395 for single-unit purchases; volume discounts are available to organizations that may wish to purchase in quantity. Training is available to prepare candidates for the certification, but it is not required. See the CCSK Schedule page for partner providers, dates, and pricing (budget $2,000 and up).

Certified Cloud Security Specialist (CCSS)

The CCSS is the brainchild of the Global Science and Technology Forum (GSTF), a Singapore-based training and certification organization. The CCSS is just one of a number of the GSTF’s cloud-related certifications, which march through the traditional associate, specialist, professional sequence. Unlike the other offerings in our list, the CCSS requires attendance at a three-day training session, which culminates in a written exam, and it requires submission of a project report within two weeks of course completion to earn the credential.

The CCSS focuses on skills and knowledge related to security risks in a cloud computing environment, with coverage of risk assessment, analysis, mitigation, and management. Participants learn about security issues from an architectural design perspective, including a taxonomy of technological and architectural security. Process and governance are also included as they relate to cloud security. Additional topics include security as a service, security and risk management, perimeter defense security systems for cloud infrastructures, and cloud security administration. Industrial case studies are dissected to illuminate key cloud security issues and their appropriate handling.

Currently, GSTF training is available only through the organization’s Singapore outlets, but it is working with Global Knowledge to introduce the cloud certifications into its global training network in 2018 and 2019. That explains its current spot at No. 5 in the rankings in our job board survey. But with its introduction to a broader global market coming soon, I expect that to change dramatically.

Cisco Certified Networking Professional (CCNP) – Cloud and Security

Cisco’s professional certifications need little introduction. Suffice it to say that by combining two of the company’s professional-level certifications—namely the CCNP Cloud and the CCNP Security—one can cover these subjects in considerable depth and breadth, albeit with a primary focus on Cisco products, platforms, and technologies.

Earning a CCNP Cloud requires passing four exams, as described on the certification’s homepage, including coverage of the Cisco Cloud Infrastructure, Designing the Cisco Cloud, Automating the Cisco Enterprise Cloud, and Building the Cisco Cloud with Application Centric Infrastructure. Likewise, the CCNP Security certification also requires passing four exams: Implementing Cisco Secure Access Solutions, Implementing Cisco Edge Network Security Solutions, Implementing Cisco Secure Mobility Solutions, and Implementing Cisco Threat Control Solutions. Each exam costs $300. Given the number of exams involved, this combination cert easily could take two years to complete. The professional-level Cisco certifications are good for three years, after which recertification is mandatory to maintain the credential.

For obvious reasons, this combination makes sense only if you work (or plan to work) in Cisco-oriented computing environments, most likely for an enterprise-scale operation or a cloud service provider. Training for these credentials is readily available from Cisco and training partners, along with a plethora of self-study options, practice tests, and more.

Certified Cloud Security Professional (CCSP)

Another credential with strong input from the Cloud Security Alliance, the CCSP also brings the (ISC)2, a cybersecurity heavyweight organization, into the mix. CCSPs are said to possess deep understanding and knowledge of cloud security, architecture, design, operations, and service orchestration, with hands-on experience to match. According to the CCSP page, the credential fits the following individuals best:

  • Experienced IT professionals involved with IT architecture, web and cloud security engineering, cybersecurity, governance, risk and compliance, and IT audit. (Remember that trifecta?)
  • Those involved with the cloud at a global level and responsible for or heavily engaged in migrating to, managing, or advising on cloud software integrity (Salesforce, Office 365, SharePoint, Optum, and so forth).
  • An early adopter on the leading edge of technology who is passionate about cybersecurity.
  • Those who work with organizations invested in DevSecOps, agile, or bimodal IT practices.

This isn’t a book-learning certification. To earn a CCSP, candidates need five years’ full-time paid work experience in IT, of which three years must be in information security and one year in one or more of the six domains of the CCSP common body of knowledge (CBK). Earning the CCSK discharges that final one-year experience requirement.

The CCSP exam, which costs $599, consists of 125 multiple-choice questions and can take up to four hours to complete. CCSP training is available through both the (ISC)2 and Cloud Security Alliance partner networks (costs start at $3,000) but is not required. CCSPs must abide by the (ISC)2 code of ethics, meet continuing education requirements, and pay an annual maintenance fee to keep their certifications current.

Professional Cloud Security Manager (PCSM)

The PCSM is part of the certification portfolio from the Cloud Credential Council (CCC), an international organization whose members include governments and other public sector bodies, academic and research institutions, cloud service providers, cloud users, professional associations, and international certification bodies. A vendor-neutral credential, the PCSM seeks to identify individuals who can understand, explain, and put to work the following skills and knowledge:

  • Secure various cloud computing services and deployment models
  • Define and apply best security principles and practices to cloud infrastructures, configurations, and applications running within cloud computing environments
  • Manage and control access to cloud computing
  • Secure data, operating systems, applications, and the overall cloud computing infrastructure

The PCSM is aimed at full-time IT security professionals in engineering, analyst, or architect roles, along with IT risk and compliance professionals who work in risk management, audit, or compliance management roles. Auditors who work with cloud computing services, network engineers and administrators, and email system administrators should also find the PCSM of value.

The PCSM has no formal prerequisites, nor is training required. However, the CCC recommends training (available from a network of training partners). It also states that candidates should earn its Cloud Technology Associate (CTA) credential (or some equivalent) before tackling the PCSM “to demonstrate that the participants are conversant with cloud concepts and vocabulary.”

Earning the PCSM requires passing a one-hour exam that consists of 40 multiple-choice questions. The exam can be booked online through Exin, and costs $305. I can’t find any recertification or continuing education requirements associated with this exam.

HPE cloud certifications

Hewlett Packard Enterprise has slimmed down its certification portfolio substantially of late. Right now, only three certifications with cloud components come up in its certification search tool. None of them are explicitly or exclusively security-focused (based on the search criteria “Career Professional,” “Omit Upgrade Paths,” and “Software-Defined Infrastructure and Cloud”).

Here’s the list, with some attendant numbers, all in tabular form. Follow the links in column 1 to learn more about these various credentials.

Table 3: HPE cloud certifications

Certification

Job Totals

Minimum

Median

Maximum

HPE ASE – Hybrid Infrastructure and Cloud Architect

95

$38,407

$69,115

$125,551

HPE Product Certified  OneView

45

$37,493

$67,881

$122,897

HPE Product Certified  Synergy Solutions

121

$91,021

$126,055

$174,574

Note: The HPE ASE certification is scheduled to switch into inactive status as of June 2018, as per the certification search page.

Now go get a cloud security job!

It’s indisputable that there are ample opportunities for individuals seeking work in cloud security. Using “cloud security” as a search string in our four job posting services produces in excess of 150,000 current active job listings.

But which certification will get you a job soonest? At the highest salary? The job posting numbers don’t tell the whole story. Take the PCSM certification, for example. The job posting numbers were the second lowest in the group. But when I attended the Logical Operations security conference in Baltimore last November, the CCC’s credentials generated lots of buzz, and CCC representatives indicated strong uptake of the credential. Word on the street is likewise bullish that the CCC portfolio is solid, well put together, and eminently worth pursuing.

The job numbers put the Cisco CCNP Cloud/Security combination in second place, but I have to believe that vendor-neutral credentials are worth more despite that reading. Why? Because the cloud is inherently and universally heterogeneous, and brings tools, technologies, and platforms together from numerous providers. That’s why “cloud integration” is a big deal, and why a catholic, vendor-neutral approach to cloud computing is the only one that makes any real sense.

Indeed, one could do a lot worse than to focus on cloud security as a primary direction for career development and enhancement. We’ve not even begun to take full advantage of what the cloud has to offer. The willingness to make that leap depends in large part on being able to fulfill reasonable expectations that cloud computing should be safe and secure. Providing the expertise and know-how to meet those expectations can’t help but be a great hook upon which to hang one’s IT future.

Related links:

The Big Leap Transitioning your cloud career—before you’re automated out of a job for good.

Meet HPE Master ASE and Aruba Expert, Steven Hawkins, Jr. with Kindred Healthcare

Prepare for HPE Certification Exams with new Practice Tests

This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.