Both the CCSP (Certified Cloud Security Professional) and CCSK (Certificate of Cloud Security Knowledge) are individual certifications of cloud security competence. But what is the difference between these two certifications?
Based on my experience, I will explain what makes CCSP different from CCSK.
What is CCSK?
CCSK is often called the “mother of all cloud security certifications”. This is related to the fact that it tests for the Cloud Security Alliance’s “Cloud Security Guidance”, and has been around since 2010.
All other cloud security certifications acknowledge this body of knowledge.
In the fall of 2017, this was significantly updated to version 4. CCSK has followed this version early 2018.
Read more about CCSK: Certificate of Cloud Security Knowledge.
What is CCSP?
This is a more extensive certification than CCSK with a more formal exam and a requirement for 5 years in IT; at least three of which must have been spent in security, and at least one year in cloud computing.
(ISC)2 used to state on their website: “The typical cloud security professional will likely achieve the CCSK first, and then the CCSP credential. Attainment of the CCSK also can be substituted for the one year of cloud security experience”
That statement has since been removed, though the substitution rule still applies.
Learn more about CCSP, the exam and how to get your certification.
CCSK vs CCSP
If you want to choose between CCSK and CCSP, here are some considerations.
- What is your (prospective) employer looking for? Are they familiar with the certifications?
- CCSK is currently more practical than CCSP.
- CCSK is less work and actually a good start towards CCSP.
|Full name||Certificate of Cloud Security Knowledge||Certified Cloud Security Professional|
|Organized by||Cloud Security Alliance (CSA)||(ISC)2 in collaboration with the CSA|
|Body of knowledge||CSA Guidance, 14 domains ranging from concepts, technology, compliance, governance.
Cloud Controls Matrix
|Official (ISC)2 CBK. Wider than CCSK, roughly twice the size
|Current version||4||3rd edition|
|Exp. requirements||none||5 years in IT, of which 3 in IT security and 1 in a cloud domain. CCSK and CISSP substitute part or all of this.|
|Cost||$395 exam cost||$549 exam cost|
|Maintenance requirements||None||$100/year, 90 CPE/3 year|
|Exam format||Online, unproctored, 2 attempts, open book||Exam center, 1 attempt, closed book|
|Exam length||60 multiple choice questions,
|125 multiple choice questions, 4 hours|
|Pass requirements||80% of questions correct||700 out of 1000 points|
|Market value||CCSK is the industry’s first cloud security certification||(ISC)2 positions this as the cloud sister of CISSP|
|Estimated # holders||Thousands||Thousands|
Want to know more about CCSP vs CCSK? Get the 101!
I created a simple one page overview: the cloud professional 101. You can get access to it by signing up to my blogs and occasional information on cloud security training in the box below.
I have based the above analysis on my multiple years of experience in cloud training. I am an official trainer for both CCSK (since 2011) and CCSP (since 2015), and have actually contributed to both of them.
Very grateful. Thank you!
I have appreciated very well most topics and particulary the Security Risk & compliance topics. Comparison on IT process on premise with those in the Cloud is quite good. But, it could be done deeper.
This class is great. Good balance between you talking, and us chatting. You keep control of the syllabus and the schedule, and we provide some information on what the facts mean to us and how we understand them in our context. Brilliant stuff.
Very professional domain, but very clear explained! Thanks
Most useful: Technical context, risk knowledge and exam approach
Experienced trainer. Reflects his experience well within the context
Peter is incredibly knowledgeable and takes the time to answer questions and actually work with his students. The course is also an amazing way to learn how AWS actually works and, by the end of the labs, you feel ready to manage your own cloud! The materials are easy to understand and yet technical enough to get real-life security implemented. This was a great course and far beyond most of the accreditation courses I have completed.
I attended Peter’s CCSK-training and found it very useful, because 1) the sessions gave me more insight on several other aspects of cloud computing than only security, 2) it “inspired” (/forced) me to study the CSA guide/ENISA more thorughly and not least 3) I manage to pass the exam 🙂
I had very little to no experience wit the CLOUD, so this training was incredibly valuable to me. My new professional responsibilities are becoming more and more cloud centric. I have a greatly improved level of confidence because I know I have a solid educational foundation that the training and exam preparation has provided for me. I cannot recommend it highly enough!