Typical Cloud Security Career Path
egrizzly Member Posts: 531 ■■■■■□□□□□
I'm considering specializing in cloud security. What do you folks experienced in cloud feel the typical career path is like, and which qualifications are recommended to reach each level?
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Forum Admin at www.techexams.net
Hi Scasc. I noticed that you have both (CCSK, CCSP). Is your day-to-day role in cloud security?
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Usually, cloud has always been appealing to 2 people - developers to create apps and sys admin to script/automate and maintain their workloads - just like you have with an On-Prem environment. I have found that to ensure solid architectural principles are followed and deployed in the cloud the CCSK/CCSP have been valuable, but to validate how this is done/being achieved, a vendor specific cert is valuable.
I see the market for devsecops exploding to where you script/automate and embed security scanning as part of your CI/CD pipeline workloads but throwing containers and Kubernetes into the mix (using services such as ACS/AKS, etc.) has created a lot of opportunity. I myself, have not done a tremendous amount in this space, but I find my role sits within the architecture/risk/advisory space anyway so no issue.
Find an area you reckon you want to develop, get an account in AWS or Azure or even GCP and use some videos you find from linux academy, vendor's own site and see how you can create EC2 instances, internet gateways, static or elastic IP's etc. I hope this helps.