First of all, job positions that require the professionals to have this (ISC)² certificate are usually paid superbly. An individual with this credential can make an average of six-figure remunerations per annum but it depends on his/her location. Additionally, there is no lack of job roles for the security specialists, which means there is always an opening that you can fill when you have such a certification. For instance, it is estimated that there will be approximately 2 million extra security positions that will require the IT experts to fill them. Of great importance is the number of people who will fulfill these roles, and this is where a strong consideration for CISSP comes in. No doubt, this is a good reason to pursue this certificate but you shouldn’t jump right into it without putting some facts into consideration.

Below we share some objective views on choosing the CISSP certification as your goal.

• CISSP requires paid work experience

Your work experience will showcase whether you should strive to pursue this credential or not. For instance, if you are just starting out in the sector of information security, you won’t be able to do it. This doesn’t mean that if you take the exam, you won’t pass it; it is all about the prerequisite for pursuing this (ISC)² certification. You should have more than 5 years of paid work experience to qualify for this certificate. It is essential to point out that you can actually shorten the time by one year. However, you have four years to contend with, and nothing can be done about it. You just have to wait before you can attempt the CISSP certification test.

There are some other options that the professionals who starting out in the security field can consider. For those who want to earn their first job in the security field, CISSP is not the point to start. At this stage, you should seek to validate your basic skills. CompTIA Security+ and CompTIA CySA+ are two certificates you can consider to confirm your knowledge and skills, as well as increase your chance of landing an entry-level position.

CompTIA Security+ is an entry-level cybersecurity credential that requires a single exam. It is made up of about 90 questions, which must be completed within 90 minutes. The test is created to validate the candidates’ knowledge and skills in basic IT and security domains. CompTIA CySA+ is also an excellent choice for an entry-level IT security specialist. This credential was introduced in 2017 by CompTIA, and it was developed to bridge the gap between the skills required for the foundational CompTIA Security+ and the expert-level CASP+ certificates. You can continue to pursue CISSP after earning either of these certifications. However, you have to fulfill the requirements for years of experience before you obtain it.

• CISSP is great if you want to take up government jobs

For the professionals trying to get a job position in the government, CISSP is a great credential option. It satisfies the IA baseline certification requirements for taking up job roles in this realm. The baseline certificates for the government employees possess four different categories, including IAT, AIM, CSSP, and IASAE. (ISC)² CISSP takes its place in these categories, which means it is a great certification option for those individuals who want to get a government job title.

• CISSP requires recertification

This is actually a great thing because it helps you consistently update your skills so as not to become obsolete. To renew your certification, you have to earn the CPE credits, which are quite easy to achieve. Every 3 years, you have to submit at least 90 Group-A CPE credits, as well as the additional 30 Group-A or Group-B CPE credits to retain your credential. There are different educational activities that make up for these CPE credits. You earn one credit for each hour you spend learning. Some educational activities you can engage in include reading of whitepapers, books, or magazines; attending educational courses, presentations, seminars, or conferences; publishing a whitepaper, an article, or a book. You can also earn the credits by preparing to train or present information associated with information security; volunteering for charitable organizations, public sector, and government; performing special project-related work outside your normal work responsibilities; taking higher academic training courses. Generally, if you learn the topics covered in the eight security domains, you can claim the CPE credit hours. Of course, they should be not within your standard job activity. With an average of 40 CPE credits every year, you can easily meet up with the recertification requirements.

Please note that the Group-B credits cover the general professional and development activities that the certification holders may engage in. These include anything that is not within the scope of the security domains. Additionally, the activities that qualify for the Group-A CPE credits can also be used for the Group-B ones.

Conclusion

Your choice of obtaining the CISSP certificate will be determined by your professional goals, industry, and work experience. If you want to break into the information security field, this (ISC)² certification is the ideal choice. However, if you are an entry-level professional, it will not be a good starting point because you don’t have the prerequisite experience for it at this stage. Instead, you should pursue either CompTIA Security+ or CompTIA CySA+ to begin your journey in the world of information security. With experience you will earn, you can proceed to pursue the CISSP credential. This will be a good foundation for your future career path.

(ISC)² CCSP certification was launched this summer to address multiple information security concerns that come up as more and more organizations take their IT to the cloud. (ISC)² and the Cloud Security Alliance (CSA) have developed a cloud security credential that defines the qualifications and experience level necessary to secure cloud services. The Certified Cloud Security Professional (CCSPSM) validates that professionals have met the highest standard for cloud security expertise, so they can benefit from the power of cloud computing while keeping sensitive data secure.

CCSP is a global credential born from the expertise of the two industry-leading stewards of information systems and cloud computing security, (ISC)² and CSA. The CCSP credential is appropriate and applicable to cloud security in a global environment. This is especially important given the legal, regulatory and compliance concerns that come with multi-jurisdictional housing of personally identifiable information (PII).

For those who qualify, the CCSP exam will test their competence in the six CCSP domains of the (ISC)² Common Body of Knowledge (CBK), which cover:

• Architectural Concepts & Design Requirements
• Cloud Data Security
• Cloud Platform & Infrastructure Security
• Cloud Application Security
• Operations
• Legal & Compliance

Compared to May, we now have more information about the CCSP exam.

To achieve the credential, candidates need to pass a 4-hour long exam which consists of 125 multiple-choice questions. The passing score for the CCSP exam is 700 out of 1000 points, or 70%. The exam is available through Pearson Vue Testing Centers, and the pricing is available here . Full CCSP exam outline can be downloaded here.

Are you planning to take the CCSP exam? Or have you already passed it? Head to ExamCollection forums to share your thoughts!

If you’re looking for a new glowing certification in cloud computing/ cloud security that would really make a difference to your career – it’s coming! The new credential from (ISC)², the provider of the CISSP (one of the best paid IT certifications in the world) has just announced a new certification: The Certified Cloud Security Professional (CCSP)! The CCSP exam will be available this summer at PearsonVUE testing centers worldwide!

Certified Cloud Security Professional (CCSP): What We Know So Far

The Certified Cloud Security Professional (CCSP) certification was announced Tuesday at the RSA Conference in San Francisco by partners (ISC)² and Cloud Security Alliance. (ISC)², a leading industry group, is curator of the widely respected CISSP certification for career information security professionals. The credential would be a perfect fit for Enterprise Architects, Security Administrators, Systems Engineers, Security Architects, Security Consultants, Security Engineers, Security Managers, Systems Architects etc.

The perfect CCSP candidate would have at least 5 years of IT experience, at least 3 of which are in IT security, and at least one – in cloud computing. The new CCSP certification exam will cover the following domains:

• Architectural Concepts & Design Requirements
• Cloud Data Security
• Cloud Platform and Infrastructure Security
• Cloud Application Security
• Operations
• Legal & Compliance

According to the recent press release the CCSP Exam will be 4 hours long and will consist of 125 multiple-choice queries. To pass, candidates need to achieve 70% of correct keys, or 700 out of 1000 points.

The CCSP training courses will also be launched this summer (June-July). At the moment, potential CCSP exam candidates can download the official exam outline from the (ISC)² website. It breaks down the 6 domains listed above, which might be useful for those looking to jump start their preparation.

Maintaining the CCSP

The CCSP credential will be valid for 3 years. During this time, all holders must pay Annual Maintenance Fees (AMFs) of US$100 per year, earn 90 CPEs, with a minimum of 30 each year. Associates of (ISC)² working toward the CCSP must pay US$35 AMFs and earn 15 CPEs each year.

As part of (ISC)²’s and CSA’s collaboration, CCSP and other (ISC)² credential holders can utilize CSA’s education and training, research projects, events, working groups and other programs to stay abreast of cloud security best practices while helping to satisfy their CPE requirements.

How does CCSP compare with CCSK?

Since there is a bunch of other cloud security certifications out there, many people wonder how they compare. It is especially interesting to see how the new CCSP compares with CCSK (CSA’s Certificate of Cloud Security Knowledge).

As (ISC)² puts it on its official website, the CCSK examination tests across a broad foundation of cloud security knowledge. The CCSK body of knowledge includes 14 domains and covers some unique and critical areas of knowledge, such as Security as a Service, which are not covered in other credentials. CCSK also covers the CSA Cloud Controls Matrix, the industry standard security controls framework, which is a requirement for the CSA Security, Trust and Assurance Registry (STAR) program of cloud provider certification. CCSK provides an excellent indicator of baseline cloud security knowledge appropriate for almost any IT position. The knowledge reflected by the CCSK certification program helps employers ensure their teams are better equipped to cope with the increasingly pervasive cloud computing issues they now face.

The CCSP credential builds upon many of the areas covered by CCSK in order to provide deeper knowledge derived from hands-on information security and cloud computing experience. It validates practical know-how applicable to those professionals whose day-to-day responsibilities involve cloud security architecture, design, operations, and service orchestration. As an advanced professional credential, CCSP also reflects more than the knowledge needed to pass an exam. It includes: a) exam and testing meeting ANSI requirements; b) legal commitment to code of ethics; c) endorsement from appropriate certified professionals; and d) commitment to continuing professional education – all of which demonstrate that CCSPs are qualified and committed to tackling the cloud security challenges of today and tomorrow.

While there are other cloud-related certifications available, most are vendor-specific and relate to vendor technology and solutions. Those that include information security, do so nominally at a theoretical level. Both CCSP and CCSK are vendor-neutral and reflect overall industry best practices for securing cloud environments.

Are you excited about the new CCSP? Share the news with friends!

1. Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)
2. Asset Security (Protecting Security of Assets)
3. Security Engineering (Engineering and Management of Security)
4. Communication and Network Security (Designing and Protecting Network Security)
5. Identity and Access Management (Controlling Access and Managing Identity)
6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
7. Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

According to ISC, the CISSP exam is being updated to stay relevant amidst the changes occurring in the information security field. Refreshed technical content has been added to the Official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Keep in mind that some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. ISC believes that the new CISSP exam will better reflect the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape.

Although the blueprint has gone down from 10 domains to 8, don’t be tricked into thinking that the exam has gotten easier – it’s not. The topics have been rearranged and refreshed, and the amount of information candidates should be proficient with has actually increased, not decreased.

The CISSP exam tests one’s competence in information security and  the (ISC)²^® common body of knowledge (CBK^®), which cover critical topics in security today, including risk management, cloud computing, mobile security, application development security and more. Candidates must have a minimum of five years of paid full-time work experience in 2 of the 10 domains. This vast breadth of knowledge and the experience it takes to pass the exam is what sets the CISSP apart. CISSP certification makes holders eligible for job functions like security consultant, security analyst, IT director, Chief Information Security Officer, and many more. CISSP certification is associated with some of the highest salaries in IT industry.

As mobile technologies become even more embedded in our daily life than we could ever imagine, there seems to be a mobile app for everything. And that joke ‘there is a mobile app for that’ isn’t even that much of a joke anymore. At the same time, we often hear about various ugly information leaks from somebody’s mobile phone being hacked, and celebrities’ nude photos being the least of damage made. So does it mean that mobile apps are not secure enough?

In short, YES: mobile apps are not secure enough. Although developers invest lots of resources in their products, and companies cannot emphasize enough the importance of mobile app security, there is still a huge gap in this field. As a result, the need for mobile app security specialists is now on the rise. This is a very exciting field where just having a formal credential isn’t really enough: you need to be curios and hungry for learning as the biggest discoveries and breakthroughs in this field seem yet to come. However, formal credentials and professional mobile app security certifications are definitely the place to start if you’re interested in this career.

The main credentials worth looking into are CompTIA Mobile App Security+, CompTIA Mobility+  and the recently launched Certified Secure Software Lifecycle Professional credential (CSSLP) by (ISC)^{2 .}

According to (ISC)² , CSSLP validates the holders’ capabilities of developing an application security program in their organization; reducing production costs, application vulnerabilities and delivery delay; enhancing the credibility of the organization and its development team; reducing loss of revenue and reputation due to a breach resulting from insecure software.

This demonstrates the new approach: to prepare app developers and development team leads to plug inevitable holes in the app security.

CSSLP® – Certified Secure Software Lifecycle Professional – a closer look

With the CSSLP® certification from (ISC)² helps candidates establish themselves as industry leaders in application security. CSSLP certification holders are expected to be capable of:

• Developing an application security program in your organization
• Reducing production costs, application vulnerabilities and delivery delays
• Enhancing the credibility of your organization and its development team
• Reducing loss of revenue and reputation due to a breach resulting from insecure software

The Certified Secure Software Lifecycle Professional (CSSLP) is perfect for everyone involved in the SDLC (software development lifecycle) with at least 4 years of cumulative paid full-time work experience in one or more of the eight domains of the CSSLP CBK. CSSLP professional experience includes:

• Software developers
• Engineers and architects
• Product managers
• Project managers
• Software QA
• QA testers
• Business analysts
• Professionals who manage these stakeholders

CSSLP Exam Outline:

Domain 1: Secure Software Concepts

• Module 1: Concepts of Secure Software
• Module 2: Principles of Security Design
• Module 3: Security Privacy
• Module 4: Governance, Risk, and Compliance
• Module 5: Methodologies for Software Development

Domain 2: Security Software Requirements

• Module 1: Policy Decomposition
• Module 2: Classification and Categorization
• Module 3: Functional Requirements – Use Cases and Abuse Cases
• Module 4: Secure Software Operational Requirements

Domain 3: Secure Software Design

• Module 1: Importance of Secure Design
• Module 2: Design Considerations
• Module 3: The Design Process
• Module 4: Securing Commonly Used Architectures

Domain 4: Secure Software Implementation/coding

• Module 1: Fundamental Programming Concepts
• Module 2: Code Access Security
• Module 3: Vulnerability Databases and Lists
• Module 4: Defensive Coding Practices and Controls
• Module 5: Secure Software Processes

Domain 5: Security Software Testing

• Module 1: Artifacts of Testing
• Module 2: Testing for Secure Quality Assurance
• Module 3: Types of Testing
• Module 4: Impact Assessment and Corrective Action
• Module 5: Test Data Lifecycle Management

Domain 6: Software Acceptance

• Module 1: Software Acceptance Considerations
• Module 2: Post-release

Domain 7: Software Deployment, Operation, Maintenance and Disposal

• Module 1: Installation and Deployment
• Module 2: Operations and Maintenance
• Module 3: Disposal of Software

Domain 8: Supply Chain and Software Acquisition

• Module 1: Supplier Risk Assessment
• Module 2: Supplier Sourcing
• Module 3: Software Development and Test
• Module 4: Software Delivery, Operations and Maintenance
• Module 5: Supplier Transitioning

Find out more about (ISC)² Certified Secure Software Lifecycle Professional credential (CSSLP) here.

According to Techrepublic.com, CISSP was one of top 5 in-demand IT certifications for 2013, with salary ranging from $65,000 to $111,000. Another source states CISSP the second most paid IT certification this year, with average salary being $103,299. In case you haven’t heard much about the CISSP, let’s shed some light on it. Who knows, it may be your next step towards a rewarding career in the information security.

(ISC)² is a not-for-profit  organization that focuses on educating and certifying information security professionals throughout their careers, and its certifications are considered to be the gold standard of information security. To put it short, they’ve got the history and the experience to back their reputation of information security knowledge leaders.

CISSP is a professional level certification. To quality for it, you possess at least five years of direct full-time security work experience in two or more of the ten (ISC)² information security domains (CBK). For those holding either a four-year college degree, a Master’s degree in Information Security, or for possessing one of a number of other certifications from other organizations, one year of professional experience can be waived.

You’ll have to pass a 6-hour written exam at a Pearson Vue training center. So succeed, candidates need to reach a minimum scaled score of 700 points out of 1000 possible points. With the total of 250 multiple choice questions, the exam includes 25 experimental questions that aren’t graded.

ISC’s CISSP exam covers the following domains:

• Access control
• Telecommunications and network security
• Information security governance and risk management
• Software development security
• Cryptography
• Security architecture and design
• Operations security
• Business continuity and disaster recovery planning
• Legal, regulations, investigations and compliance
• Physical (environmental) security

Full exam outline (over 40 page PDF) is available for free from the ISC website.

Are you interested? Take a look at the ISC website, and we’ll go into more detail about this 6 hour written exam next week.