The Inner Circle

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Hi Tom! I know the CISSP is considered the gold standard for IS. CCSK and CCSP are catching attention these days if you're doing cloud. What matters is what your niche is going to be. I've been a physical security manager for 20 years and spent the last 10 supporting IS programs with risk assessments. So for me, im going the GRC route now. So my education and certifications I'm going for support What I do (CCSK, Compliance, CISM, etc.). 

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Hi Jason,

Thanks so much for your response. CISSP is definitely something I'd consider for the future, but I think your point about CCSP gaining attention is useful to know. I'm making a lot of big decisions atm regarding Cloud and I think it would help to ensure that my decisions come from an informed place and the board have some assurances I have sufficient experience to be making them.

GRC is such an interesting area. Working in automated governance has been so fascinating; it's not really been considered a very 'sexy' area until recently, but the calibre of people in this area at present is remarkable. I'm really pleased an emphasis is being placed on the safeguarding of assets, and ICT hasn't been allowed to disrupt at the speed it has been without some considerations on privacy, ethics and information security. I think GDPR has been the catalyst in helping facilitate this change. What area in GRC are you thinking of getting into?

My niche will probably remain in GCP and Cloud computing at least for the next couple of years. It's the area I find most fascinating, and we have already hired to fill in the other development areas, so it's really mine to focus on.

Thanks again for your response and insight. 

Hi Tom! I know the CISSP is considered the gold standard for IS. CCSK and CCSP are catching attention these days if you're doing cloud. What matters is what your niche is going to be. I've been a physical security manager for 20 years and spent the last 10 supporting IS programs with risk assessments. So for me, im going the GRC route now. So my education and certifications I'm going for support What I do (CCSK, Compliance, CISM, etc.). 

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Hello Tom,

from a relevance point of view, you need to distinguish technology certifications from security certifications. 

Technology certifications include in your context (was doing similar in the Azure context):

Google Cloud Architect

Google Security Engineer

Google Cloud DevOps Engineer

...

Google Machine Learning Engineer

These certifications show your expertise with the particular platform GCP.

Security certification context (having done all 3 mentioned by you myself):

CISSP from (ISC)2 is overall 8 security domains. It is highly recommended to have an detailed exposure for security over some years. The questions in the exam requires situational judgement, not learning a glossary.

CCSP from (ISC)2 is a very similar exam type but goes into cloud vs. multi cloud scenarios. It also requires situational judgement for the 6 domains. It will be much easier for you instead of the CISSP. I believe you have no experience how to secure physical buildings as a likely missing domain topic?

CCSK from CSA is focused on Knowledge. You learn best practices from the BOK for the exam and must know these concepts. It is not a situational judgement exam. It is my earliest security certification.

Additionally: 

CSSLP from (ISC)2 might be a very good fit for you since it is about secure software development. Your experience seems to fit this very well.

TOGAF 9 might also fit your experience, since you are CTO. It is not security related but architectural governance.

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Hi Tom,

What are your career goals? For you as a technology executive, I'd recommend the CISSP. It's a mile wide and an inch deep, and positions you to understand timeless information security concepts to influence at the C-Level. 

If you expect to work in an org where you will eventually bring in a CISO, or someone who is overseeing security objectives on your behalf, this will also give you the vocabulary to quickly align with them.

Hope this helps.

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Hi Tom,

Lots of great feedback in some of the earlier comments. 

I work in information security internal audit now, but for the past 5 years or so have donned various hats as a consultant primarily in the GRC space. 

My feelings for CISSP is that it has largely been an "HR" requirement rather than something useful. It was a relatively straightforward exam with a large syllabus, testing your powers of retention and (sometimes) judgement. This might be just me, but I cleared that one with simply studying for it like any of those multiple choice exams like SAT or GRE. 

I cleared the CCSK earlier today, the security guidance was very knowledge based, again testing largely for knowledge retention. 

I haven't touched any of the vendor specific ones yet, so I will refrain from speaking on them. I hope they are atleast equally balanced between testing for retention and application. 

For recommendations, I could help you a bit more if you could answer the following questions:

• Why do you feel those certifications (GCPA, CCSP, CISSP and the terraform one) are the ones most suited to you?
• What drives you towards these certifications?
• What is it that you're hoping to accomplish post gathering the knowledge covered in those certifications?

Maybe a generic certificate like CISSP or CCSP/CCSK isnt what you want/need at all. Maybe the vendor specific ones from GCP or the one from Terraform or Hashicorp are the answers. Maybe its something niche based on kubernetes (CKAD/CKSA) or containers.

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.

Hey Apurv,

Congratulations on getting your CCSK, I read the overview and it sounds like an interesting area.

Great questions and I completely understand where you're coming from re. the HR side of things. I guess my situation is a little different as I'm not necessarily looking for a new job or a badge to add to my CV, but more so to provide assurances to The Board that the decisions being made are coming from an informed place. I like the idea of having one or two certifications which are specific to our chosen platform (i.e., GCP in our case) but also some more generic ones as the decision to go down the GCP route (whilst most of our customers are heavily into Azure and AWS) may need constantly defending in the future. If my certifications were limited to vendor-specific, given some motivation, some could accuse me of only picking GCP as it's where my experience is, rather than the correct way round, where we did the research, picked the right platform for us, then I became proficient in the chosen vendor's solutions.

To answer your questions,

1. The ISC2 qualifications appear to be relatively recognised and therefore worth the effort, my original question was to verify this assumption.
2. Assurances for me and the board that we're making informed, educated decisions. If I have any major holes in my knowledge, the benefit of going through the revision materials is to identify these and remediate it, so win-win!
3. Probably same answer as above

Thanks again for your response, it really helps.

Hi Tom,

Lots of great feedback in some of the earlier comments. 

I work in information security internal audit now, but for the past 5 years or so have donned various hats as a consultant primarily in the GRC space. 

My feelings for CISSP is that it has largely been an "HR" requirement rather than something useful. It was a relatively straightforward exam with a large syllabus, testing your powers of retention and (sometimes) judgement. This might be just me, but I cleared that one with simply studying for it like any of those multiple choice exams like SAT or GRE. 

I cleared the CCSK earlier today, the security guidance was very knowledge based, again testing largely for knowledge retention. 

I haven't touched any of the vendor specific ones yet, so I will refrain from speaking on them. I hope they are atleast equally balanced between testing for retention and application. 

For recommendations, I could help you a bit more if you could answer the following questions:

• Why do you feel those certifications (GCPA, CCSP, CISSP and the terraform one) are the ones most suited to you?
• What drives you towards these certifications?
• What is it that you're hoping to accomplish post gathering the knowledge covered in those certifications?

Maybe a generic certificate like CISSP or CCSP/CCSK isnt what you want/need at all. Maybe the vendor specific ones from GCP or the one from Terraform or Hashicorp are the answers. Maybe its something niche based on kubernetes (CKAD/CKSA) or containers.

Good evening everyone, hope you're all having/had a lovely weekend! This is my first post on these forums, thanks for having me here!

 I've been building software for 21 years now and was considering getting some certifications under my belt.. for context at work we've built a pretty sophisticated automated governance system, and my favourite part of the technology stack is working in the Cloud (so much so we've started hiring people to take over evolving the other areas of the software so i can concentrate on the backend). Our platform of choice is Google Cloud, which I absolutely love, and we've just passed our first CHECK ITHC, so it feels like we're on the right path!

 After some research I've found a few certifications which i thought might be relevant: Google Cloud Professional Architect, CCSP, CISSP, and one for Terraform. I'm sure there are others too I've missed.

 Any thoughts or recommendations?Has anyone else been through these qualifications, are they useful? Is there any more i should consider? 

Any feedback to help me make an informed decision would be most gratefully received. Many thanks in advance.