New Cloud Security Professional Certification to Address Skill Shortage

Add Your Comments

To meet the need for an international standard for cloud security, (ISC)2 and the Cloud Security Alliance (CSA) announced the creation of a new Certified Cloud Security Professional (CCSP) certification on Tuesday. The CCSP standard reflects the advanced skills and knowledge of design, implementation and management necessary to secure cloud environments.

In light of a shortage of qualified cloud security professionals, the move provides a way of telling those with the valued skill set from convincing pretenders. The shortage of skilled cybersecurity professionals, not just in the cloud but in general, was noted by a Cisco study in early 2014, and reiterated by a RAND report in June. Earlier this month, a Websense Security Labs threat report made the case that hacking is becoming easier, due to the same shortage, combined with the Dark Web and flawed infrastructure.

To meet CCSP certification standards, an IT professional must possess the knowledge, skills, and abilities to audit, asses, and secure cloud infrastructures. It compliments and builds on related certifications such as (ISC)2’s Certified Information Systems Security Professional, and CSA’s Certificate of Cloud Security Knowledge.

“Many enterprises have told us that cloud computing is becoming their primary IT system,” says Jim Reavis, CEO, Cloud Security Alliance. “An effective cloud security strategy and architecture adds several nuances to traditional security best practices; which is why it’s critical to accelerate efforts to address the cloud security skills gap. CCSP helps to set the highest standard for cloud security expertise. The program we have developed with (ISC)² creates strong incentives for information security professionals to obtain both the CCSK and CCSP, which will create a workforce of experts who possess a mastery of the broadest cloud security body of knowledge.”

Certification is awarded to applicants who meet experience minimums of five years in IT, three in security and one in the cloud. Candidates must also demonstrate capabilities in six areas: Architectural Concepts & Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance.

Cloud computing is considered likely to have the greatest demand among information security areas for new education and training over the next three years, according to (ISC)2’s 2015 Global Information Security Workforce Study. The study also shows that most IT professionals believe cloud computing will require information security professionals to develop new skills.

The skills shortage is likely one of the factors behind a lack of cloud strategy at most US financial companies, according to a CSA report from March.

Add Your Comments

  • (will not be published)