@ashishkarpe @alicetran I think it depends on the employment circumstances, whether you are working for an employer who requires those skills specifically or is prepared to support you to gain them. 

 

Most of these are short lived, so within a few years, you have to re-certify as new elements are added to keep aware of developments and updates too.

 

Rather like doing the firewall journey on a specific vendor, one has to keep being certified to keep up fluency etc.

 

Regards

 

Caute_Cautim

@alicetran 

 

You need to weigh up your vision of the future, and objectives - if you see yourself specialising in AWS Security, then by all means do so, if you think this will be your bread and butter on a daily basis.

 

My thoughts are towards having sufficient knowledge to understand the Cloud Computing environment and how to apply the principles to any cloud situation - often as consultants or even architects, we find ourselves in a new situation, - yes we may have a certificate in AWS Security instance, but five years hence that current knowledge may have gone stale.  Rather like the CISSP, knowing how to tackle situations by going back to grassroots and then weighing up the risks, implications or impact and then understanding what countermeasures or mitigations you can put in place - becomes more important as you inherently weigh up the risks, against the current situation i.e. what is the impact to AWS Security when AI Gen AI is applied i.e. data poisoning, distribution denial of service against the LLMs?  or What is the impact of changing over from Public Key Cryptography to Quantum Key Management etc.   Yes, you can be a specialist, but remember we all have to have the capability with experience by being able to apply ourselves to literally any situation, by being able to see things from a holistic perspective and then have to delve deeply to root out the issues and then provide. trusted advice based on the current situation and circumstances.   These circumstances constantly change, our original hypothesis can often changes, due to new capabilities and technologies being applied.   It is dynamic, understand the principles, apply them well, gain new experiences, and constantly keep your own self knowledge and development regularly up to date, so you maintain your fluency and capabilities. 

 

What about data security, governance and being able to protect data, where ever it exists within a cloud environment?  Who controls the keys?  The Cloud Provider or the client? Can it be purged securely or returned back to the client securely and the integrity maintained etc?

 

Others, may have a totally different perspective to myself, it really depends on the circumstances, and what you want to achieve, what your goals are and your vision of yourself five, ten or more years on.

 

Can you learn, develop, self develop, applying soft skills not just technical skills to virtually any circumstances?

 

Regards

 

Caute_Cautim

 

 

@Caute_cautim

“Firewall Journey”.😅😂🤣

Sidewinder 6.x/Gauntlet 2! The only UI that sacrifices most of the screen real estate for a massive picture of a snake! On a CRT as well… The Secure Computing training didn’t take prisoners either - you had to be able to use a CLI well and you were given a real life implementation project - if you didn’t read it all first and make a plan - very good luck to you.

Regards certification in general it’s much more useful if you have the skills/knowledge/experience from a job you’re currently doing vs trying to break into something with certifications, you can see some of the folk running into this on the quest for ‘entry level’ with just a CC, it’s a toughie if you’re not already skilled as say a sysadmin.

I think that for SaaS operations AWS, Azure and GCP certificates/certifications are all valuable if you work on those platforms - again to the point here it’s important to look at the stuff that’s more general and applicable - having delivered on Amazon and GCP I can say that you need to be familiar with doing, and you don’t need the certifications per se, but they are useful if you are changing jobs, and as a way of formalising ongoing training and giving full coverage of the things you don’t do.

CCSP provides decent coverage, but it’s different to something that validates hands on skill and that’s something specific vendor certs can do well for you.

@alicetran I have most of my experience in AWS and now from my own experience I can tell you if you have good hands-on experience in either of the cloud then it's not so hard to adopt to Azure, Gcp or any cloud. So just don't over think and do nothing. Believe me no one will reject you in interview just because you know Aws and haven't worked on others, good interviewer all checks how well you know any one other cloud services and how easily ready to adopt to others.

@alicetran   Where possible always keep your knowledge up to date, to stay relevant, especially with new threat and risk avenues such Gen-AI and new technologies, which are likely to engulf everyone within the next five years or so.   Often you will find that this role, requires a number of skills and abilities, so whether you are motivated towards GRC roles, often we find ourselves having to roll up our sleeves and get pitched or providing trusted advice or guidance.

 

Stay curious and in discovery mode, to keep yourself motivated and invigorated.

 

Regards

 

Caute_Cautim