I've been working with cloud environment on the periphery (one foot in, one foot out) for several years (mostly system security configuration, logging, auditing, etc.), but I've managed to not be the "hands on guy" since I still run enterprise security programs, operations, and risk management activities. We're making a big push to retire many of our legacy on-prem systems and have adopted a cloud first strategy, so I'm going to take advantage of the free CCSP self-training and exam voucher being extended to me since the HCISPP certification is being retired. IMO, everyone should have an industry and vendor cloud certification these days. So I'm going to knock-out the CCSP and two for Azure/M365. Your mileage may vary.
CISSP - still the Gold Standard and always in demand
CCSP - best vendor agnostic cloud security certification IMO with steady grown in demand
Security+ - decent entry level demand
Microsoft Azure Security - we're Azure/M365 so a demand for our company (I'm sure AWS and Google security would be in demand for those agencies using these cloud platforms
PenTest+/OSCP - we require our PenTesters to be certified, and we're trying to place one within the Internal Audit team, and eventually when I get the budget to stand-up a Red Team (from audit not having to hire external pentesters)
CEH/SSCP/CISM - not an increase in demand from my neck-of-the-woods
ISC2 recently renamed the Certified Authorization Profession (CAP) certification to Certified Governance, Risk and Compliance (CGRC) and changing some of the focus away from FISMA and towards GRC. Don't get me wrong, I've held the CAP since 2008 when it was known as the Certification and Accreditation Profession (CAP) but it's gotten almost zero respect outside of a small Government FISMA community. Offhand, I'm thinking it will be much more in demand or, at least, compliment the CRISC certification.
Cheers.
