CCSP - Certified Cloud Security Professional

ajs1976

New cert from ISC2 with CSA.

https://www.isc2.org/ccsp/default.aspx

dave0212

Interesting, I work with a lot of cloud providers and this should align with CSAStar processes

Interestingly, looking at the information it would seem holding a CISSP removes any need to submit experience information

"Earning (ISC)²’s CISSP credential can be substituted for the entire CCSP experience requirement. "

ISACA have just announced a load of new certs as well
http://www.firstpost.com/business/isaca-introduces-portfolio-new-cybersecurity-certifications-2205322.html

ajs1976

I'm not sure if Cloud Security should have its own cert or should have been a new domain in the CISSP and SSCP.

I'm not very interested in the new certs from ISACA, but I may be forced down that path. Federal regulators are increasing the pressure and requirements on financial institutions and since a lot of those regulators are CISAs, ISACA has be to aware of what is occurring and is trying to cash in on a perceived need for more training and certification options. The have a niche certifiation in the CISA and are trying to move into areas that are already covered by Sec+, CASP, SSCP, CISSP, and others.

dave0212

I think its probably a move on the part of the CSA as they already have a Cloud Security Certification (CCSK) but it doesn't get much visibility. So alignment with ISC2 and CISSP helps them push it more.

The ISACA ones are on the "Cyber Security" bandwagon, no plans to take but work may push me that way. The CCSP however does align with what I do, we work with a few clients who offer cloud services so might add value but probably only take the exam if I can get company funding

rickberr

This is good information, going to start researching...thanks.

matai

I'm interested, will wait until there is a book or something for it though.

FYI 125 questions and $549

beads

Its an interesting direction but at what time do all these smaller sub-certifications become too much background noise? Is the (ISC)2 going down a path of having an individual cert for each domain as well? Can you imagine the eight sub-domains, each with an individual cert along with healthcare, cloud, audit, forensics and whatever else you could throw in there?

After awhile its going to be death by a thousand paper cuts.

- b/eads

mjsinhsv

It's all about money.

If there was a market for someone to be certified to install paper in printers, there would be a cert for that.
Probably from Microsoft.
MCPI - Microsoft Certified Paper Installer.

seigex

mjsinhsv wrote: »

it's all about money.

if there was a market for someone to be certified to install paper in printers, there would be a cert for that.
Probably from microsoft.

MSPCLL?


EDIT: In case this doesn't make sense, it's an Office Space reference.

TechGuru80

I see great confusing coming down the pipe...maybe Cisco will go after them. On a lot of req's CCSP still shows up for Cisco Certified Security Professional.

dave0212

TechGuru80 wrote: »

I see great confusing coming down the pipe...maybe Cisco will go after them. On a lot of req's CCSP still shows up for Cisco Certified Security Professional.

I thought this but remebered Cisco rebranded their paths, I think it isn't called CCSP any more it's CCNP Security

Cyberscum

Interesting. I might look into this. Thanks for the info.

Chivalry1

I am interested. I deal with these Cloud areas day-to-day. Also, I think many Security Professionals/Corporations have been asking for a Cloud Security Cert from ISC2; so there is a market. At the minimum, I will be purchasing the book.

TechGuru80

dave0212 wrote: »

I thought this but remebered Cisco rebranded their paths, I think it isn't called CCSP any more it's CCNP Security

Correct but the confusion will exist at least with HR departments.

riyan

Cyberscum wrote: »

Interesting. I might look into this. Thanks for the info.

We can start one more certification. CTBS (Certified in Techexam Blogging with Style).

beads

Originally posted on the -ISSAP LinkedIn group. I think two of actually pay attention. I think he hits all my pain points pretty well.

Another New Cloud Certification? | Expanding Security – Certification & NICCS training

- b/eads

beads

ajs1976 wrote: »

I'm not sure if Cloud Security should have its own cert or should have been a new domain in the CISSP and SSCP.

I'm not very interested in the new certs from ISACA, but I may be forced down that path. Federal regulators are increasing the pressure and requirements on financial institutions and since a lot of those regulators are CISAs, ISACA has be to aware of what is occurring and is trying to cash in on a perceived need for more training and certification options. The have a niche certifiation in the CISA and are trying to move into areas that are already covered by Sec+, CASP, SSCP, CISSP, and others.

ISACA has been in existence far longer than (ISC)2, 1967 versus 1993 (sic). I'd hardly refer to ISACA as being lightwieght or a newcomer to the field of security. (ISC)2 simply carved out a niche not being serviced properly by ISACA. Which is really too bad as they (ISACA) really held back the industry as a whole by not acknowledging such until recently. Now it feels like they are late to the party.

From a personal experience I can safely say I find ISACA to be much better run organization from my experiences. Nothing I don't say every year when they send surveys so don't bother going there this time. Its old and can stay that way.

CISA is a "niche" certification? Really? Do you practice in the security field? I ask because 99% of what security is really doing is thoroughly examining records of various sorts and remediating the findings through the MAC process or enterprise architecture.

- b/eads

Spin Lock

ajs1976 wrote: »

New cert from ISC2 with CSA.

https://www.isc2.org/ccsp/default.aspx

This is very interesting. Thank you for sharing it. I literally just got home from the RSA Conference. I had to work my company's booth so I couldn't attend any training or keynotes, but everyone company and their grandma was pushing a solution that protected the cloud, was (partially) deployed in the cloud, or my personal favorite, "leveraged" the cloud.

I'm not saying just because cloud security is the "it" term, everyone should get this cert, but if this cert forces you to focus on understanding cloud infrastructure and the unique security challenges it posses, then that's not a bad thing.

Chuzpah

Already have the exam outline. As a member of the Cloud Security Alliance (CSA) this is something I'm interested in since I have many customers who are concerned with cloud security.

dustervoice

Is there a book for this?

mjsinhsv

No books yet.
The ISC2 exam outline is fairly detailed and extensive though.

6 Domains:

Architectural Concepts and Design Requirements.
Cloud Data Security
Cloud Platform and Infrastructure Security
Cloud Application Security
Operations.
Legal and Compliance

rickberr

I took the plunge and emailed my manager today regarding this certification so I have a meeting in a few days to make the pitch; hopefully, it goes well. My plan is to tackle a cloud certification later this year or early next followed by the ISSAP either late 2016 or early 2017. I have just started the Cloud+ course from Cybrary as a primer and will be attending an AWS Enterprise Summit in a few weeks. Anyone else planning to go after this certification in the near future?

chanakyajupudi

I might get the book. But cert maybe not.

Chuzpah

Hey Rick, now that I've passed the CISSP exam I will probably study for this one over the summer.

rickberr

I checked the CSA (CCSK) website and their certification exam is online and open book so I am going to wait until the details from ISC2 are provided.

This is from the CSA website regarding the CCSK exam.

https://cloudsecurityalliance.org/education/ccsk/#_about

"The examination consists of 60 multiple choice questions selected randomly from our question pool, and must be completed within 90 minutes. A participant must correctly answer 80% of the questions to receive a passing score. Because the exam is online, it is open book."

I talked with my manager and this is one that I can pursue next year if I choose so I am going to keep it on my radar. A number of my group's connections are cloud based but overall we are not moving to the cloud. I am slowly building my portfolio towards taking the ISSAP exam so cloud an ethical hacking are both areas of interest for me.

rickberr

According to the ISC2 website, there is only 1 person in the world holding this certification as of 05/01/2015. I plan to check the site periodically to see how the numbers increase to determine whether to pursue it later this year.

https://www.isc2.org/member-counts.aspx

CCSP - United States 1

renacido

The new ISACA certs may be worth a look because they are practical exams in a lab instead of a multiple guess, er, choice exam. These may turn out to be useful for determining that the cert holder has hands-on skills not just the ability to memorize study guides.

chickenlicken09

Guys, is there a book for this cert? I would be interested.

CountRock

eddo1 wrote: »

Guys, is there a book for this cert? I would be interested.

Not yet!

Overcertified

TechGuru80 wrote: »

I see great confusing coming down the pipe...maybe Cisco will go after them. On a lot of req's CCSP still shows up for Cisco Certified Security Professional.

Although the CCSP (Cisco) was discontinued, if you kept renewing it, you were supposed to be able to keep it. However, in the world of certifications, many acronyms get reused by different associations. What was interesting was that ISC2 supposable trademarked or service marked the CCSP.

Overcertified

rickberr wrote: »

According to the ISC2 website, there is only 1 person in the world holding this certification as of 05/01/2015. I plan to check the site periodically to see how the numbers increase to determine whether to pursue it later this year.

https://www.isc2.org/member-counts.aspx

CCSP - United States 1

I may have just recently met that person at a OWASP meeting in NJ. I asked him whether that was the ISC2 cert, and he said yes. So I then asked: How did you get the cert when the exam hasn't been released yet? He said he was on the exam development team, and they gave him the cert for his participation. I assumed/guess this was an equivalence to what other certs do called grandfathering, yet I know certs will automatically be given to the people who develop the cert/exam as recognition.