CCSP Certification – Introduction and eligibility

CCSP stands for Certified Cloud Security Professional, and as the name suggests, this certification is for cybersecurity professionals working with cloud infrastructure and services. As we all can relate, the cloud is now gradually leaking into every field we can think of that involves data in one way or another.

The International Information Systems Security Certification Consortium (ISC)² is the organization that runs and governs this certification. The CCSP certification was developed in partnership with the Cloud Security Alliance.

It has 6 areas of study (domains) you are supposed to be aware of or learn about. They are –

1. Cloud Concepts, Architecture, and Design (17%)
2. Cloud Data Security (19%)
3. Cloud Platform & Infrastructure Security (17%)
4. Cloud Application Security (17%)
5. Cloud Security Operations (17%)
6. Legal, Risk, and Compliance (13%)

To be eligible for the CCSP certification, one must have a minimum of 5 years cumulative work experience in IT of which they are supposed to have at least 3 years of work experience in Information Security and, one year of work experience in one or more of the six domains mentioned earlier.

You can bypass the requirement of having one year of experience in any of the domains by clearing CSA’s CCSK certification. Also, if you have cleared CISSP certification, it will provide you a waiver on any kind of experience required for the CCSP certification.

So, if you are looking for a track to follow, CISSP may seem like a better option before appearing for CCSP. However, even CISSP has a strict requirement of a minimum of 5 years of cumulative work experience in two or more of its own eight domains, even if you have cleared a basic certification like CompTIA Security+ or CompTIA CySA+, it only gives you a waiver of 1 year. So, you still need 4 years of work experience. Interestingly, if you appear for CCSP before CISSP, then also you get a waiver of just 1 year for CISSP. Even though one can argue that if you satisfy requirements for CCSP, you can easily justify your experience for CISSP, to save yourself from the hassle of justifying your experience twice, appearing for CISSP before CCSP makes more sense.

To provide proof of the experience claimed by you, you will need to send your profile/resume to an (ISC)² certified professional in good standing, who will then verify your claim to confirm that your experience meets all the requirements. It is relatively easy if you can find someone in your current or past work or if you know someone who can do it for you. If you cannot find someone, (ISC)² will carry out this process for you which means it will take more time and you will have to be ready to fill out a lengthier form. Another reason why you should appear for CISSP before going for CCSP.

If you somehow do not have enough experience, or relatively new to the field, it still makes sense to go ahead with these certifications. Even if you don’t satisfy the experience requirements immediately, you can clear the certification exam to become The Associate of (ISC)², and you will then have six years to earn the five years required experience.

Who should go for it – Whether or not you are a cybersecurity professional, but your work includes cloud infrastructure or services in any capacity, you should go for it. Or If you are someone who wants to get involved in cloud security but aren’t currently working in that domain already, this will be a good way to gain some prior understanding and also show interest in working in this domain.