Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, Security Journal, Secure Cloud Computing, Java in the Cloud

Blog Feed Post

Review of Certificate of Cloud Security Knowledge

The bulk of the CCSK covers the Cloud Security Alliance’s guidance document

By Bill Mathews

Recently (well, last night) I had the opportunity to take the Certificate of Cloud Security Knowledge exam and just wanted to put out some of my thoughts while they were fresh in my head. I always like to take a random sampling of certifications. It’s fun to challenge myself (some are more challenging than others) and it gives me a good idea of what sorts of training and certificates I’d like my guys to have (if any). I’ve never been the biggest fan of some of the bigger ones out there, but we’ll save that for another post.

The bulk of the CCSK covers the Cloud Security Alliance’s guidance document and the rest can be found on their exam FAQ. They break down “cloud security knowledge” into 13 so-called domains and two areas – one focused on a ENISA report and one based on applied knowledge. Don’t let the ENISA stuff steer you off though as the principles are perfectly applicable here in the US (where I am based anyway). The domains are general enough so they include some very good guidelines, but they’re not too in-depth in any one area, which is okay, they’re not supposed to be. It really is just a guided tour of things you need to know before going “cloud.” The price is a little steep ($295 US) but is reasonable when compared to a few others and includes two attempts (in case you fail). The test is web-based so of course you could cheat but then what would your conscience think of you?

Overall I actually liked the exam. It asked some good questions that will steer folks who are just getting into “cloud stuff” in the right direction. They do have a couple of courses that go more in-depth into the various domains and probably provides a lot more detail than their guidance report does. I didn’t take the class because, well, I just didn’t and probably won’t since I’ve been doing cloud stuff for a while and was already familiar with the ENISA report. I loved the noticeable lack of any vendor “spin” or marketing and the focus on actual implementation issues. If I were training someone to build out more cloud security or just deploying a cloud project I would recommend the training and certification. Just my $.02, but I almost never have anything good to say about certifications or infosec training programs. So I wanted to put some positive things out there while I had one.

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.