As organizations increasingly rely on cloud-based platforms and services to develop applications and execute business functions, there is a greater need to hire security professionals who can apply Zero Trust principles to their cloud-heavy environments. This presents a golden career opportunity for security professionals who can hone and showcase their Zero Trust skills to current and future employers.
One way to verifiably demonstrate this knowhow is through a certification. So cyber professionals should be happy to hear that the Cloud Security Alliance in November 2023 announced the launch of its Certificate of Competence in Zero Trust (CCZT) program.
Many cybersecurity experts will tell you Zero Trust isn’t a specific solution, but rather a philosophy or strategy that takes a “never trust, always verify” approach toward the accessing of data, systems and other IT assets. Still, to execute this strategy, you will require a combination of solutions and platforms, processes and data governance policies, and network configuration and segmentation practices.
The National Institute and Standards and Technology (NIST) says as much in its Special Publication 800-207 (“Zero Trust Architecture): “There are several ways that an enterprise can enact a ZTA for workflows. These approaches vary in the components used and in the main source of policy rules for an organization,” the document states. “Each approach implements all the tenets of ZT… but may use one or two (or one component) as the main driver of policies. A full ZT solution will include elements of all three approaches. The approaches include enhanced identity governance–driven, logical micro segmentation, and network-based segmentation.”
“Certain approaches lend themselves to some use cases more than others,” the publication continues. “An organization looking to develop a ZTA for its enterprise may find that its chosen use case and existing policies point to one approach over others.” Faced with these multiple choices, CISOs, cyber/cloud architects and other security professionals need to prove that they are savvy enough to know which path is the right one for their respective organizations.
That’s where training and certification come in. The CSA’s CCZT certificate, for instance, covers concepts such as Zero trust foundational concepts, architecture, software-defined perimeters, planning, implementation and best practices. The 90-minute online exam features an open-book, multiple-choice format, and those who complete the program will be able to demonstrate their understanding of Zero Trust Architecture, including the “foundational Zero Trust components released by CISA and NIST, innovative work in the Software Defined Perimeter by CSA Research, and guidance from renowned Zero Trust experts such as John Kindervag, founder of the Zero Trust philosophy,” the CSA states on its website.
Separately, the CSA also offers an 18-hour Certificate of Cloud Security Knowledge (CCSK) course, that comes bundled with “Introduction to Zero Trust Architecture” training. Meanwhile, there are options outside CSA as well: Forrester offers an Adopting Zero Trust certification course, while organizations like Cybrary, ISC2, SANS and others have also offered their own Zero Trust training, continuing education or certification programs.
Clearly, there are some great professional development opportunities for cyber professionals who want to build out their skillsets at a time when it’s become clear that Zero Trust in the cloud is a concept with staying power.