Security Certifications, Skills that Partners, MSSPs Should Add Now
… their security operations to you,” Mills added.
In other words, building trust with customers or with an audience from the stage is the paramount skill in MSSPs. That means consistently providing a top performance, right down to the last man on your staff.
“MSSPs rely on customer trust. In order to stay abreast of the evolving threat landscape, an MSSP needs to ensure that [its] employees are continuously trained on identifying and resolving threats to enterprise information assets. ISACA’s Cybersecurity Nexus (CSX) Training Platform provides individuals with an on-demand live environment in a continuously updated platform where practitioners can develop and hone skills in areas necessary to identify and stop the latest attacks,” says ISACA Futures’ Donahue.
As to technical skills and certifications on the individual MSSP level, the market is high for cloud-specific certifications given the complexities in securing the hybrid and multicloud environments of today.
“From an individual certification perspective, CISSP and GIAC certifications are recognized globally, but there are other cloud-specific certifications organizations for members of the cloud team,” says Long.
He says those include:
- AWS Certified Solutions Architect (both Associate and Professional levels)
- AWS Certified Developer
- AWS Certified DevOps Engineer
Given the disparate nature of modern threats, it’s important that skills and certifications are well-rounded and comprehensive. Himanshu Verma is director of product management at WatchGuard Technologies and manages WatchGuard’s MSSP partners. He has a long history working with channel providers given WatchGuard is a network security, secure Wi-Fi and authentication company that sells entirely through the channel. According to Verma, providers should offer the following certifications and skills to qualify as a cutting edge MSSP:
- ISO27001 and SOC 2 (for service and quality — either for direct hosted services or vendor delivered services.
- Remote Management and Monitoring or Cybersecurity. From a best practices standpoint, modelling the CIS – Center for Internet Security (v7) – is a great way to validate their offering.
- Managed Detection and Response — Automated Orchestration and Response.
- Threat Intelligence/Correlation.
Perhaps not so surprisingly, more than technical security skills are in demand from MSSPs.
“The cybersecurity skills gap continues to drive demand for MSSPs. To help MSSPs develop internal capabilities and success in the marketplace, they need real-world skills, including developing a presales engineering team, quarterly business reviews, cross-selling techniques and execution, pricing methodologies, developing a target customer profile, establishing service levels and SLAs, and tracking performance metrics and processes,” says Jon Bove, VP of Americas Channel at Fortinet, a cybersecurity software, appliances and services company.
There is one skill that is most in demand from MSSPs: big picture strategic and critical thinking. And that is the goal that should drive your selection of certifications.
“The most valuable certifications are those that can accelerate skills that help MSSP professional deliver their services with an adversarial mindset; for example, it’s important to a professional to think about how disparate vulnerabilities or results from a penetration test can be chained together to create an advanced exploit to reflect true adversarial risk,” advises Jim O’Gorman, president of Offensive Security, a penetration testing training, certifications and service provider.