CCSK in the Wild: Survey of 2018 Certificate Holders

CCSK examEven as more organizations migrate to the cloud, there’s still a concern as to how well those cloud services are being secured. According to an article by Forbes66% of IT professionals say security is their greatest concern in adopting a cloud computing strategy.”

As you embark on your quest to fill this skills gap, you may benefit from learning how other professionals have used certificates to expand and validate their cloud knowledge. In this blog we are going to explore how Certificate of Cloud Security Knowledge (CCSK) is being used in the wild. As the first step into this exploration we surveyed current holders to ask them how their certificate impacted their job, career and overall professional development. A summary of findings from the survey, job board postings and testimonials is shared below.

Topics we’ll discuss in this blog:

  • Survey Findings
  • CCSK in Job Postings
  • Overview of Testimonials

Survey Findings

Of the individuals who had successfully passed the exam, over 40 percent reported that the CCSK helped directly progress their career- either via a salary increase, promotion, or new job/role.

Graph showing How has your career progressed since earning your CCSK

In some cases CCSK holders were given new responsibilities and moved from a more generic security role into a cloud-focused position. Specialization is a key, whether it be through a certification or other learning program. Mike Rosa, Sr. Director Public Sector Security at Salesforce affirmed this saying, “The CCSK sets me apart as an expert in Cloud Security, not a security generalist. The world is moving to cloud, and my resume should reflect this change.

Another common way the certificate helped was building credibility with clients, and helping individuals work within more specialized roles. Since it offered proof of knowledge and established trust, respondents reported being able to better serve their clients’ needs.

One of the more tangible benefits of a certificate is the possibility of a salary increase. Taking a look at those who reported a salary increase, we saw that 15.61 percent saw an increase between 8 percent to 10 percent. Below you can see the distribution of individuals who received an increase in salary of some kind.

Graph showing salary increase since earning CCSK

Types of Jobs

What types of jobs do a CCSK holders have? We found that 22 percent of the people who received a promotion were promoted into a managerial, VP/Director, or Executive role. Titles varied, but the graphic below lists the top keywords listed in respondent’s job titles.

job titles available to CCSK holders

Complementary Certifications

What types of complementary certificates did they hold or pursue? Of the people who took our survey, 52.46 percent also have their CISSP. Certificates and certifications focus on a select area of knowledge, and earning complementary certificates can be valuable. Below are some of the other certifications commonly held.

graph showing which certifications respondents hold

The flipside of this question also yielded interesting results. When asked which other certifications people intend to pursue we received mixed results. The percent interested in earning their CCSP was over 30 percent compared to the 15 percent who already held their CCSP when they took the exam.

Graph asking which certifications people will pursue

As you may already be aware, one year of experience for the CCSP is covered by earning your CCSK since the two certificates complements each other. Whereas the CCSK is more tactical, the CCSP has more of a strategic focus. You’re free to draw your own conclusions, but if you’re interested in learning more about the differences between the two, you can read CCSK vs CCSP: An Unbiased Comparison.

Job Board Searches

A question we often get is whether or not employers are looking for the CCSK and how frequently it shows up in job boards. For job postings, HPE recently conducted a search of posts listing cloud certifications as a credential. They conducted the search for the CCSS, CCSP, PCSM and several other cloud certifications on the market. Below is a summary the results they gleaned for the CCSK.

February 2018 Job Search

Certificate SimplyHired Indeed LinkedIn LinkUp Total
CCSK 180 224 145 132 681

These results vary depending on location and time of year, however, it gives a good estimate of what to expect. In an informal search during October, we discovered the following results for the United States.

October 2018 Job Search

Certificate SimplyHired Indeed LinkedIn LinkUp Total
CCSK 89 321 231 258 899

The amount of postings went up, but the actual number of listings varies throughout the year. As with all things, it is best to do your own research before determining if the CCSK is right for you. Job titles listed included: Network Security Engineer, Security Consultant,  Information Security Cloud Governance Engineer, Cloud Security Architect and Sr. Security Engineer, to name a few.

Overview of Testimonials

Last but not least we collected written feedback on how earning the cloud certificate specifically helped in people’s jobs or career. To make it easier we grouped the responses into the following categories.

Survey Testimonials Revealed

  • How their career progressed
  • How CCSK helped build credibility with clients
  • What makes the CCSK unique from other certificates.
  • How it helped them on the job
  • Benefits of a vendor-neutral certificate

In following blog posts we will be exploring some of these topics more in-depth. For now we’ve listed snippets from testimonials we received that give you an idea of what people said.

How has the CCSK helped progress your career?

Answers to How as CCSK helped progress your career

Whether or not you opt for a cloud certification there are plenty of ways to learn more about cloud security. A couple of free resources that CSA has available for you to use include: CloudBytes webinars, research artifacts and the CCSK Prep-Kit.

Interested in going deeper? Learn how to earn your Certificate in Cloud Security Knowledge by visiting our website.

CSA Releases New Whitepaper on Virtualization Security Best Practices

At this year’s RSA Conference, the Cloud Security Alliance released a new whitepaper entitled: “Best Practices for Mitigating Risks in Virtualized Environments” which provides guidance on the identification and management of security risks specific to compute virtualization technologies that run on server hardware.

The whitepaper was developed by CSA’s Virtualization Working Group which is co-chaired by Kapil Raina, of Elastica, and
Kelvin Ng of Nanyang Polytechnic and sponsored by TrendMicro. The 35 page paper identifies 11 core risks related to virtualization, including:

  1. VM Sprawl
  2. Sensitive Data within a VM
  3. Security of Offline and Dormant VMs
  4. Security of Pre-Configured (Golden Image) VM / Active VMs
  5. Lack of Visibility Into and Controls Over Virtual Networks
  6. Resource Exhaustion
  7. Hypervisor Security
  8. Unauthorized Access to Hypervisor
  9. Account or Service Hijacking Through the Self-Service Portal
  10. Workload of Different Trust Levels Located on the Same Server
  11. Risk Due to Cloud Service Provider API

The report is free and can be downloaded in full here.

 

 

 

 

The Dark Side of Big Data: CSA Opens Peer Review Period for the “Top Ten Big Data and Privacy Challenges” Report

moonBig Data seems to be on the lips of every organization’s CXO these days. By exploiting Big Data, enterprises are able to gain valuable new insights into customer behavior via advanced analytics. However, what often gets lost amidst all the excitement are the very real and many security and privacy issues that go hand in hand with Big Data.  Traditional security schemes mechanisms were simply never designed to deal with the reality of Big Data, which often relies on distributed, large-scale cloud infrastructures, a diversity of data sources, and the high volume and frequency of data migration between different cloud environments.

To address these challenges, the CSA Big Data Working Group released an initial report, The Top 10 Big Data Security and Privacy Challenges at CSA Congress 2012, It was the first such industry report to take a holistic view at the wide variety of big data challenges facing enterprises. Since this time, the group has been working to further its research, assembling detailed information and use cases for each threat.  The result is the first Top 10 Big Data and Privacy Challenges report and, beginning today, the report is open for peer review during which CSA members are invited to review and comment on the report prior to its final release. The 35-page report outlines the unique challenges presented by Big Data through narrative use cases and identifies the dimension of difficulty for each challenge.

The Top 10 Big Data and Privacy Challenges have been enumerated as follows:

  1. Secure computations in distributed programming frameworks
  2. Security best practices for non-relational data stores
  3. Secure data storage and transactions logs
  4. End-point input validation/filtering
  5. Real-time security monitoring
  6. Scalable and composable privacy-preserving data mining and analytics
  7. Cryptographically enforced data centric security
  8. Granular access control
  9. Granular audits
  10. Data provenance

The goal of outlining these challenges is to raise awareness among security practitioners and researchers so that industry wide best practices might be adopted to addresses these issues as they continue to evolve. The open review period ends March 18, 2013.  To review the report and provide comments, please visit https://interact.cloudsecurityalliance.org/index.php/bigdata/top_ten_big_data_2013 .

Tweet this: The Dark Side of Big Data: CSA Releases Top 10 Big Data and Privacy Challenges Report. http://bit.ly/VHmk0d

CSA Releases CCM v 3.0

The Cloud Security Alliance (CSA) today has released a draft of the latest version of the Cloud Control Matrix, CCM v3.0. This latest revision to the industry standard for cloud computing security controls realigns the CCM control domains to achieve tighter integration with the CSA’s “Security Guidance for Critical Areas of Focus in Cloud Computing version 3” and introduces three new control domains. Beginning February 25, 2013 the draft version of CCM v3.0 will be made available for peer review through the CSA Interact website with the peer review period closing March 27, 2013, and final release of CCM v3.0 on April 1, 2013.

The three new control domains; “Mobile Security”, “Supply Change Management, Transparency and Accountability”, and “Interoperability & Portability” address rapidly expanding methods cloud data is accessed, the need for ensuring due care is taken in the cloud providers supply chain, and the minimization of service disruptions in the face of a change to cloud provider relationship.

The “Mobile Security” controls are built upon the CSA’s “Security Guidance for Critical Areas of Mobile Computing, v1.0” and are the first mobile device specific controls incorporated into the Cloud Control Matrix.

The “Supply Change Management, Transparency and Accountability” control domain seeks to address risks associated with governing data within the cloud while the “Interoperability & Portability” brings to the forefront considerations to minimize service disruptions in the face of a change in a cloud vendor relationship or expansion of services.

The realigned control domains have also benefited through changes in language to improve the clarity and intent of the control, and, in some cases, realigned within the expanded control domains to ensure the cohesiveness within each control domain and minimize overlap.

The draft of the Cloud Control Matrix can be downloaded from the Cloud Security Alliance website and the CSA welcomes peer review through the CSA Interact website.

The CSA invites all interested parties to participate in the peer review and the CSA Cloud Controls Matrix Working Group Meeting to be held during the week of the RSA Conference, at 4pm PT on February 28, 2013, at the Sir Francis Drake Hotel
Franciscan Room
450 Powell St in San Francisco, CA.

Your Chance to Influence Cloud Security Research!

By Zenobia Godschalk

The Cloud Security Alliance needs your help! We are conducting a survey to help us better understand users current cloud deployment plans and biggest areas of security and compliance concern. The feedback generated here will assist the CSA in shaping our educational curriculum and areas of guidance over the coming months. So, if you’re concerned about cloud security, let your voice be heard!

http://www.surveymonkey.com/s.aspx?sm=VqH8jHHwc9GhANj3EzDl1g_3d_3d

(Survey takes just a few minutes, and you will receive a complimentary copy of the results)

Cloud Security and Privacy book by CSA founding members

By Jim Reavis

I wanted to let everyone know about the new book release, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. This book was written by three experts, two of whom are CSA founding members. I had the opportunity to read the book prior to its publication and I can personally recommend it as a great resource for those seeking to learn about and securely adopt cloud computing. The book URL is below:

http://oreilly.com/catalog/9780596802769/