Introduction

In today’s world, gone are the days when businesses and corporations stored everything IT-related on site. This includes the servers, databases, any backups and any sensitive information with regards to company assets and customer information and data. Just about all of this has now moved over to the cloud infrastructure.

We all have heard of the cloud, but just what exactly is it? It can be specifically defined as follows:

“The cloud is not a physical entity, but instead is a vast network of remote servers around the globe which are hooked together and meant to operate as a single ecosystem. These servers are designed to either store and manage data, run applications, or deliver content or a service such as streaming videos, web mail, office productivity software, or social media. Instead of accessing files and data from a local or personal computer, you are accessing them online from any Internet-capable device—the information will be available anywhere you go and anytime you need it.” (Source)

There are many advantages to using the cloud, including:

  • Scalability of resources
  • Fixed, affordable monthly pricing
  • All of the maintenance to your cloud infrastructure is carried by the Internet service provider

But just as advantageous and convenient as it is to use the cloud, it too is prone to many cyberattacks and threats. In fact, the cloud itself can be used to leverage security breaches towards other organizations in a botnet-style attack. Thus, highly-trained IT professionals are needed to help safeguard and protect the assets that reside in a cloud-based Infrastructure — such as those that possess the coveted “Certified Cloud Security Professional” certification, or “CCSP” for short.

In this article, we will review the job prospects for those IT professionals that possess this cert.

Some Details About the CCSP

Before delving into the actual job prospects, it is important to briefly review the scope of the CCSP cert, as it is currently being offered by (ISC)2:

  • It was first introduced in 2015, so it is still a relatively new exam
  • There are already well over 125,000 cybersecurity professionals that have this cert
  • The average salary with people with the CCSP (with substantial experience) is well over $134,000
  • The CCSP has been named as the #1 cloud cert to have
  • There is a total of 125 multiple choice questions on the exam
  • You have four hours to complete the exam
  • You need to have a minimum score of at least 700/1000 (70%) in order to pass the exam
  • In terms of requirements to take the exam, you must have 5 years of work experience, broken down into:
    • Three years of information security
    • One year in cloud security
  • It costs $549.00 to take the CCSP exam
  • The exam covers the following topics with the assigned weightage:

Topic      % Weighed on Exam

Architectural Concepts & Design Requirements 19%
Cloud Data Security 20%
Cloud Platform & Infrastructure Security 19%
Cloud Application Security 15%
Operations 15%
Legal & Compliance 12%

NOTE: Specific details on the exam can be seen here.

The Overall Job Outlook

The good news is that overall, the prospects for landing a security-related cloud position are very strong and only expected to grow exponentially into the future. The main catalyst for this, of course, is the adoption rate of the cloud, both by individuals and corporate America. Just consider these statistics:

  • There has been at least a 28% year-over-year (YoY) growth rate of cloud-related job postings across all of the major online recruiting sites, such as Indeed, Dice, Career Builder, Glassdoor, Simply Hired and so forth
  • Spending on the cloud computing infrastructure is expected to grow at least 6.5 times annually through 2020
  • The demand for cloud-related services will continue to grow at least by 22% per year through 2020 and will have a market cap of $236 billion by then
  • Out of all the cloud platforms (which includes IaaS, SaaS and PaaS), it is expected that the latter will have the highest demand for jobs. For example, the adoption rate of this platform will be at 56% by 2020 versus the adoption rate of 32% it experienced back in 2017

Given that the cloud infrastructure is such a gargantuan platform, there are two key ways in which you can gain employment in this area:

Work Directly for a Cloud Computing Company

The main companies that are hiring in this area include the following:

  • Amazon Web Services (AWS)
  • The Google Cloud platform
  • Zerto
  • Cloudera
  • FusionOps
  • Microsoft Azure

Of particular interest right is the AWS. Keep in mind that when you get a job with them at first, you could end up very likely having a role like a UX designer, software solutions architect or even being a Linux security engineer. But after having gained enough experience in one of these positions and earning your CCSP, you could very quickly land a cloud security role.

Work for a Company That Is Not a Cloud Provider, But Uses the Cloud in Its Daily Business

The number of businesses and corporations that could fit into this category are countless. For instance, this broad category can range all the way from banks to IT companies to even the federal government. You could work directly as a cloud security professional with one of these companies or even have another role in which there is a security interface, such as:

  • Cloud computing analyst
  • Cloud administrator
  • Cloud architect
  • Cloud engineer

But keep in mind that in order to land one of these positions, you should have skills in the following as well:

  • Python
  • Java
  • Ruby on Rails
  • Solid experience in either Windows or Linux
  • Database programming language like SQL

It is also important to keep in mind that many of these companies are still in the planning process of building out their cloud infrastructure, so there is a very good chance that you could be involved in being responsible for the security of various types of cloud platforms. This will include the following:

  • A public cloud
  • A hybrid cloud
  • A private cloud

Sample Jobs

Wherever you route you take, listed below is a sampling of some job titles that require the CCSP and their associated job description:

Information Security Architect

  • Provide connected asset security expertise and leadership in defining and prioritizing Connected Asset Security Program initiatives
  • Integrate the Connected Asset Security Program into the relevant stages of the product development life cycle
  • Perform design and architecture reviews, validating information security artifacts are created and aligned with industry standards and regulations

Penetration Tester

  • The tester will be responsible for developing and abiding by approved rules of 
    behavior documents
  • During testing, the tester will need to pinpoint methods that attackers could use to exploit weaknesses and logic flaws
  • The tester will be expected to research, document and discuss security findings with client stakeholders. Findings may be documented in independent reports or incorporated into security assessment reports

Cloud Security Specialist

  • The candidate will apply their experience by implementing reliable, scalable, secure data-driven process automation for managing the access life cycle of cloud services
  • Establish and maintain role management based on least privilege access and separation of duties approach for entitlements across all cloud services, including recertification meeting compliance guidelines
  • Perform key management and implement cloud application architecture and technical design
  • Partner with engineering and architecture groups to troubleshoot access issues

Information Security Analyst

  • Assist in all information-security-related education and awareness activities
  • Measure, track and report the security vulnerability status of IT assets
  • Configure and operate vulnerability management systems
  • Consult with IT teams on remediation of vulnerabilities
  • Track and monitor vulnerability status and report risks
  • Contribute to the creation of security principles, technical reference architectures, standards, baselines blueprints
  • Monitor threat management systems and identify incidents
  • Investigate, analyze and escalate resolution of security incidents
  • Perform end user device threat containment and access control enforcing security policies and restrictions using network security technology

CCSP Job Titles and Salaries

The matrix below reviews other job titles that are associated with the CCSP and their corresponding salaries:

     Job Title                                                                                         Salary Breakdown

Principal Information Security Analyst $135,000.00-$190,000.00
Cyber Security Specialist $51,000.00-$91,000.00
Infosec Network Specialist $52,000.00-$89,000.00
Senior Information Security Specialist – Azure $74,000.00-$113,000.00
Federal – Security Engineers – Splunk or Linux Network $108,000.00-$143,000.00
Information Security Engineer, Cloud Specialist $88,000.00-$138,000.00
Cloud Information Security Specialist $65,000.00-$101,000.00

(Source)

Upon further examination of this matrix, we can see that the job titles that command the highest salaries at the lower end are those with a managerial title, or those titles that are affiliated with jobs at the federal government.

CCSP Geographic Cities and Salaries

The matrix below reviews those cities in the United States with the highest demand for CCSP cert holders:

   Geographic Area              Salary

New York City, NY $135,000.00
Philadelphia, PA $112,000.00
Washington, DC $90,000.00
Dallas-Fort Worth, TX $85,000.00
Shreveport, LA $82,000.00

(Source)

Upon further examination of this matrix, we can see that the highest-paying cities are on the East Coast (NYC and Philadelphia).

CCSP Experience and Salaries

The matrix below reviews other the levels of CCSP experience (n terms of years), and their corresponding salaries:

Years of Experience  Salary

1-3 years $85,584.00
4-6 years $100,094.00
7-9 years $111,343.00
10-14 years $117,822.00
15+ years $124,526.00

(Source)

Here, we can see that the highest- paying jobs are for those CCSP cert holders that have at least 15 years of experience.

Conclusion

Overall, this article has reviewed the job prospects for those IT professionals who currently have the CCSP cert, or those that are aspiring to achieve it. In order to command the highest levels of salary, you should:

 

  • Have a managerial or director job title and/or work for the federal government
  • Work in a large city, especially those on the East Coast
  • Have at least 15 years or more of work experience

 

In terms of what the exact salary increases you can expect after obtaining the CCSP depends on many factors, such as:

  • Your current level of education
  • How many years of experience you have
  • Your current job title
  • The city you work in
  • If possess other security-related certs as well, as the CISSP or CISA

But it’s safe to say that the more experience you have, the more you will make. Also, after earning the CCSP after about five years of solid work experience, you should be able to command a six-digit salary level.

But apart from having the financial rewards of having a CCSP cert, there are other numerous other ones that you will receive, primarily through the (ISC)2, such as:

  • Free webinars
  • Great networking opportunities
  • Free security events that you can attend
  • Most importantly, industry recognition!

Sources

What is the cloud?, Microsoft Azure

Certified Cloud Security Professional, (ISC)2

The Ultimate Guide to the CCSP, (ISC)2

Top trending technologies and careers of 2018, The Princeton Group

Roundup of Cloud Computing Forecasts, 2017, Forbes

Why it’s a great time to get a job in cloud computing, Monster

CCSP Jobs, indeed

Cloud Computing Specialist – SME, Glassdoor

Average CCSP Salary for 2017, Security Boulevard