Look to the CCSK certification to gain cloud-specific security expertise (and use it to vet your consultants)

With 300,000 unfilled security jobs in the US alone, there's an urgent need for qualified security professionals (1). But yesterday's security expertise isn't enough any more. The ubiquity of the cloud means that credentials such as the CISSP, while still important, no longer cover the needs of today's cloud-dependent organizations.

The solution is a more specialized certification focusing specifically on cloud security: the Certificate of Cloud Security Knowledge offered through the Cloud Security Alliance (https://cloudsecurityalliance.org/). It's a wise investment for internal staff, and it's a necessity when evaluating external consultants. 

I received my CCSK (Certificate of Cloud Security Knowledge) in November 2017. It was invaluable in leading the SOC 2 project for Citrix Workspace, as well as for work I do in my company, Clinical Security. Because the CCSK is cloud agnostic, it's useful in developing the cloud security skills needed at any company.

For my training, I took a 3-day class in Virginia. After careful research, I used a company called Intrinsec Security; my instructor was Graham Thompson.

https://intrinsecsecurity.com/training/courses/ccsk/

If your company offers external certification training as a benefit, I would go with Graham at Intrinsec. The course provides the opportunity to focus -- and to network. If your company won't pay for training, you can download the free certification training kit from CSA. The cost to take the certification exam is only $350 – and you get two tokens so you can take the exam twice! For more information see the overview at https://cloudsecurityalliance.org/education/ccsk/#_overview, and the class description at https://cloudsecurityalliance.org/education/.

For both the CCSK certification and general security training, my business partner at Loptr LLC, David Newell, recommends Pluralsight. At $299-449/year, it's a cost-effective path to a lot of cybersecurity training. See https://www.pluralsight.com/browse/information-cyber-security

Explore the CSA site and these training sites and let me know what you think. Please share this article with any of your colleagues or friends that are interested in cloud security.