CCSP certification
Certified Cloud Security Professional (CCSP) is a cloud-focused security certification for experienced security pros responsible for applying best practices to cloud security architecture and design. CCSP is offered by the International Information System Security Certification Consortium (ISC2), a nonprofit focused on training and certifying cybersecurity professionals.
CCSP was rolled out at RSA in 2015 and has grown in popularity ever since, as enterprises increasingly move storage, infrastructure, and applications to the cloud. According to ISC2, CCSP certification demonstrates that “you have the advanced technical skills and knowledge to design, manage, and secure data, applications, and infrastructure in the cloud using best practices, policies, and procedures.”
According to ISC2, CCSP is best for roles such as cloud architect, cloud engineer, cloud administrator, cloud security analyst, and auditors of cloud services, among others.
CCSP vs. CISSP
ISC2 also offers the Certified Information Systems Security Professional (CISSP) certification aimed at upper-level security pros with industry experience. The biggest difference between these two certifications is that the CISSP exam draws from a much broader and more general pool of security knowledge, as it is meant to show that you can design, implement, and manage a cybersecurity program at the enterprise level. CCSP, by contrast, is entirely cloud-focused. It covers less ground than CISSP — and indeed, the CISSP exam is twice as long as CCSP’s. But CCSP is also more in-depth on cloud topics.
A thread on the ISC2 community forums offers insight into how IT professionals who have taken both exams approach the question of which is harder — and in what order you should take the two exams, if interested in both.
CCSP exam
The CCSP exam is a four-hour test taken on a computer terminal at a local Pearson VUE test center. The test consists of 150 multiple-choice questions. Effective August 1, 2024, the CCSP exam will change to 125 questions over a three-hour period. You need to score at least a 700 out of 1,000 points to pass the exam.
The CCSP exam draws its questions from ISC2’s common body of knowledge (CBK) for cloud security professionals — a “peer-developed compendium of what a competent professional in their respective field must know, including the skills, techniques, and practices that are routinely employed.” The CCSP CBK is in turn broken down into six domains, which are weighted on the exam as follows:
- Cloud concepts, architecture, and design: 17%
- Cloud data security: 20%
- Cloud platform and infrastructure security:17%
- Cloud application security: 17%
- Cloud security operations: 16%
- Legal, risk and, compliance: 13%
The questions are multiple-choice, but you may encounter “scenario-based” questions, where you have to answer several multiple-choice questions about an example scenario.
The CCSP exam is available in English, Chinese, Japanese, and German. You can find more details on ISC2’s website.
CCSP exam cost
The CCSP exam costs €555 in EMEA, £479 in the UK, and $599 in the US, Americas, and all other regions, including Asia Pacific.
This is a not an insignificant outlay of cash — and it’s important to keep in mind that this isn’t the only cost involved in CCSP certification. There are more requirements (and associated payments) as well, including training costs should you choose to sign up for courses.
CCSP requirements
Passing the CCSP exam is only one step of the CCSP certification process. Because this isn’t a certification for those at the beginning of their careers, candidates must also demonstrate industry career experience.
In a nutshell, to get CCSP certified, you must have:
- At least five years of paid work experience in IT
- At least three years of which must be in information security
- And at least one year of which must be in one or more of the six CCSP CBK domains listed above
ISC2’s website has more details, including ways alternate experience such as part-time or unpaid work can be counted towards these requirements. If you already have the Cloud Security Alliance’s Certificate of Cloud Security Knowledge, ISC2 considers that equivalent to a year of professional experience. ISC2’s CISSP certification has its own extensive professional experience requirements, and if you already have that cert, that experience also qualifies you for CCSP (more on CISSP here).
ISC2 requires endorsement from another ISC2-certified professional who attests to your work experience, although you can make arrangement with ISC2 to provide an endorser if you don’t know anyone who can serve the role.
Even if you don’t have all the experience needed to achieve certification, you can still take the CCSP exam. If you pass, you can receive Associate of ISC2 status, with access to ISC2 training resources as you work towards your ultimate certification goal, which you have six years to achieve.
Additional CCSP certification costs
In addition to the cost of the exam, candidates aiming to be fully certified must pay ISC2 $135 in Annual Maintenance Fees. (For Associates, these fees are only $50 a year.) Because these fees are for membership in the organization, they are the same no matter how many ISC2 certs you’re maintaining. You’ll also need to fulfill continuing education requirements, which may have associated costs as well.
CCSP training
Even if you think you’re cloud security savvy, you’re still going to want study resources to help you prepare. ISC2 provides its own official material for this purpose, including a study guide and a collection of practice tests, as well as flash cards and a study app.
There are third-party books available as well. Daniel Carter’s CCSP Certified Cloud Security Professional All-in-One Exam Guide is considered the gold standard. You also might want to check out Gwen Bettwy’s CCSP Cloud Guardians.
If you want to go beyond books, there are a variety of fully featured and interactive training courses available. ISC2 offers an online self-paced training course that costs $920 in addition to the exam fee. ISC2 also offers classroom-based training and online instructor-led training, prices available on request.
The Infosec Institute offers a CCSP boot camp that comes with an exam pass guarantee (basically, if you fail the exam after taking their training course, they’ll pay for you to take it again). Simplilearn also offers an online boot camp for CCSP discounted to $2,200 (35% off) as of this writing. As is the case with most certs, there are plenty more training courses out there, and some candidates choose to supplement self-study with the various piecemeal video instructions available from outlets such as Udemy and Cybrary.
CCSP salary
Earning the CCSP signals both that you have demonstrated domain knowledge and that you possess relevant experience to help enterprises security assets in the cloud. It also provides an opportunity to earn more.
How much more isn’t an easy question to answer. Obviously, it’s in the best interest of ISC2 to tell you that you a CCSP will boost your earning power. The org’s website references data from its latest ISC2 Cybersecurity Workforce Study that suggests that CCSP holders make good money, with average salaries of:
- Globally: $114,211
- North America: $148,009
- Europe: $111,665
- Asia Pacific: $83,017
- Middle East and Africa: $51,959
Of course, it’s very difficult to tell whether this is a matter of correlation or causation. After all, in order to achieve CCSP certification, you need to have five or more years of industry experience under your belt, and that alone will boost your value in the job market. You should be wary of anyone who tries to guarantee you that a certification will provide a specific salary boost. That said, in an in-demand domain like cloud security, a certification can only make you stand out more — and CCSP and ISC2 are well respected in the industry.
Other outlets offer average pay ranges between $116,000 and $137,000 for US CCSP holders. According to the most recent Foote Partners “IT Skills Demand and Pay Trends Report,” IT professionals with CCSP certifications are earning a 11% premium over similar experienced IT pros who do not hold the cert.