cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Cloud Security Education and drive

Hi All

 

Like many organisations there appears to be an never ending drive to get employees to to do Cloud Provider education in particular i.e. AWS and Azure.

 

This is driven by partnerships with various large organisations, whereby registration for both business and professional certifications drives greater relationships.

 

For example:  AWS - Cloud Practitioner is the foundation, followed by Associate Cloud Architect, and then Solution Architect, and then Cloud & Security Specialist.    

 

With free education, and examination passes, it appears that the majority of organisations will all be vying for the same resources i.e. those with Cloud Certifications.

 

Has the world gone mad?  Or will this mean we have to certify in Google, and Alibaba Cloud next year? 

 

And on top of this, we are supposed to do our day job as well.

 

Do we just become certification machines, pass the examination and hope you remember sufficiently for the next in the row?  To me this is not learning and development, it just appears to learn, pass an examination and move on to the next.

 

These appears to more important than ISC2 CCSP, CCSK etc in terms of recognition and longevity.

 

I am not complaining, it just appears suddenly all the free time will effectively disappear?

 

Where is the work life balance going or is there an imbalance?

 

Regards

 

Caute_Cautim

 

 

 

 

7 Replies
Steve-Wilme
Advocate II

I think the point is more about the treadmill of certification after certification.   Normally in a profession, key qualifications are gained and then there's course for continuing professional development, rather than e-learning and tests.  

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
tmekelburg1
Community Champion

@Caute_cautim This is part of that "hustle" culture that's recently been brought to the fore front by the Pandemic. Besides certs, it's seen all over the industry, e.g., building labs at home after working 8-12 hours, LinkedIn Learning while on a break at work, TryHackMe/HackTheBox, Coursera, etc.

 

One of the terms I've heard circling around to take the place of work life balance is work life integration. Where there's not a clear segmentation between the two but are both switched back and fourth consistently throughout the day. This probably resembles a lot of what our remote work looked like over the past couple of years.  

 

It's only mad because we put those specific certs as requirements or preferred for the job role. Essentially we're causing the issue because it's what we did to get to where we are. Real change starts with us not making entry level staff repeat the same toxic behaviors we had to endure.     

Shilpa
Newcomer II

 

@Caute_cautim  This is bad. I hear you.

 
However,

1) At least you are getting free training for these certifications
2) You are getting free examination passes
3) You have a job to go to whether you pass or fail

 

There are people out there, who have already spent tons of money for getting cybersecurity certifications;
only to realize that it is not sufficient to get even an entry level job in the field.

vt100
Community Champion

I do not really see the issue with cloud certs. Yes, it is a time consuming endeavor, but at the end of the day, we learn something that is widely used while forced to do it systematically.

I do have an issue with the upkeep of these certificates though. Having been certified as AWS SA, Developer and SysOps had to gradually let those lapse, as realistically, there is not enough time to invest repeatedly in learning ever-expanding catalog of services if it is not my primary occupation. If there is a need to build something or secure something in that environment, it is easy enough to get up-to-speed once you are familiar with it.

The knowledge did pay off at the beginning of pandemic, when we had to rapidly move 2000+ people to cloud-based DaaS (Desktop as a Service).

Azure has matured significantly over the last five years too, but prior to that learning it was an exercise in  frustration: things were changing too rapidly.

Over past few years, I had to work with clients' hybrid infrastructures tied with AWS, Azure and Oracle cloud.

In terms of these certs being prerequisite for the job, I'm sure there are companies that require it, but typically these are willing to give you a grace period to certify after you are hired for skills.

Caute_cautim
Community Champion

@tmekelburg1Absolutely agree with your comments, we are bringing up a lot of young people into cybersecurity by literally walking them through a suppliers systems, and then they will call themselves an architect, but only experienced with the material and method they have been taught.

 

It is a form of group-think, and if we are not too careful a lot of good well intentioned people, could find themselves in the situation similar to forgetting to set the permissions on an AWS S3 bucket!!  Or an Azure equivalent like Snowflake.

 

I think quite a lot of people could become unstuck.

 

Regards

 

Caute_Cautim

 

 

Caute_cautim
Community Champion

@Shilpa   As I have responded to my colleague above, my concern is "groupthink" people not thinking for themselves.  Yes, I agree it is free certifications, and if they are lucky pass the examination on first pass.  Move on to the next, but fail it and you end up having to pay for the certification for yourself. 

 

Also the question of validating whether the certification is valued, in practice plus whether using the Continuous Professional Development (CPDs), whether they actually learn and develop an apply independent thinking mindset.  Soft skills are still needed alongside technical ones.

 

Your points are valued  - however we must ensure we think for ourselves and ensure we use the same principles as information or cybersecurity practitioners.   Apply them consistently, by making decisions based on good risk management, and knowledge along with a good dose of experience too.

 

Regards

 

Caute_Cautim

nkeaton
Newcomer III

I only ever recommend vendor neutral/agnostic certifications because there is a greater need for common understanding and terminology than product of the month club. If someone works in that technology, then I am alright with it but never if someone is not. I hold a CCSP, CCSK, and Cloud+. I will never go for a vendor specific certification. I do go to user group meetings on the various cloud products but is where I draw the line.