Security Certifications, Skills that Partners, MSSPs Should Add Now

Here’s the shortlist of certs and skills MSSPs and partners need now to compete and win in 2019.

Pam Baker

January 2, 2019

6 Min Read
Certified, certifications
Shutterstock

There are a lot of certifications and online training programs available now, but they don’t all translate into bankable cash. While no good education is a waste of money, straying from the path of in-demand skills is not a profitable business plan. But how can partners and MSSPs sort the buzz from the bank? Here’s what’s in demand in terms of skills and certifications for 2019.

Hot Skills, Certs for Partners

It’s a known fact that salespeople have to know more than how to sell and how to network to cut it in today’s competitive market. They must also be credible and knowledgeable about the product they are selling and where it fits in the security space.

Mills-Kurt_FireMon.jpg

FireMon’s Kurt Mills

“For generalist security experience, the most widely recognized security certification is the CISSP offered through (ISC)2. Even if you don’t pass the 4-6 hour exam, the preparation for it in the different domain areas is valuable and will make you a more well-rounded security professional,” says Kurt Mills, VP of worldwide channel sales and operations at FireMon, a provider of network security for complex hybrid-cloud environments.

“For more technical product competence, most vendors provide training to the channel on their products. I highly recommend taking as many courses as you can. I have found the basic technical user classes to be very helpful in getting in the shoes of my customers and seeing the world from their point of view, especially when working with my products to do their day-to-day tasks,” Mills added.

Professional associations also offer insights into which skills are most valued in partners; take, for example, the independent, nonprofit global association ISACA, which serves a broad range of IT governance professionals.

“ISACA’s CISM certification demonstrates that individuals in security-management positions have not only the technical capability to manage an information security program but also a thorough understanding of enterprise and business objectives. CSX Practitioner demonstrates proven technical competence in four domains that testify to a candidate’s ability to identify and resolve network and host cybersecurity issues,” says Shannon Donahue, PhD, CISM, CISSP, Director of ISACA Futures.

What does all this advice from various experts in the field have in common? A strong understanding of securing cloud environments, understanding C-suite concerns, and credibility in technical product competence. Those three elements carry over to a diverse set of security product lines. But this also means learning can’t be static and contained to successfully completing certifications; indeed, it must be continuous and part of the partner company’s culture.

Long-Rich_Alert-Logic.jpg

Alert Logic’s Rich Long

“Beyond certifications, you must build a culture that encourages teamwork and knowledge sharing. Security is an industry that is constantly evolving. As the technical landscape shifts from on-prem to cloud to containers to serverless, so must our approach to security,” explained Rich Long, vice president of channels at Alert Logic, a provider of security-as-a-service products.

Hot Skills, Certs for Top-of-Their-Game MSSPs

Because MSSPs are more heavily involved in delivering security products and services than partners tend to be, more is expected of them in the way of skills and certifications. This also calls for a larger role in training others, be they clients or peers.

“Some of the best advice I received was to take public-speaking classes. It helps you think through how to speak to large groups and tailor your story to your audience. In these customer-facing roles, often your customer wants an assessment of how things have gone, areas for improvement and plans going forward,” says Mills.

“Knowing how to frame that story depending on the audience – executives and in-the-trenches security teams will be looking for different things – and projecting confidence in your work and plans will go a long way in keeping your customers engaged and happy with their decision to outsource elements of …

… their security operations to you,” Mills added.

In other words, building trust with customers or with an audience from the stage is the paramount skill in MSSPs. That means consistently providing a top performance, right down to the last man on your staff.

“MSSPs rely on customer trust.  In order to stay abreast of the evolving threat landscape, an MSSP needs to ensure that [its] employees are continuously trained on identifying and resolving threats to enterprise information assets. ISACA’s Cybersecurity Nexus (CSX) Training Platform provides individuals with an on-demand live environment in a continuously updated platform where practitioners can develop and hone skills in areas necessary to identify and stop the latest attacks,” says ISACA Futures’ Donahue.

As to technical skills and certifications on the individual MSSP level, the market is high for cloud-specific certifications given the complexities in securing the hybrid and multicloud environments of today.

“From an individual certification perspective, CISSP and GIAC certifications are recognized globally, but there are other cloud-specific certifications organizations for members of the cloud team,” says Long.

He says those include:

  • AWS Certified Solutions Architect (both Associate and Professional levels)

  • AWS Certified Developer

  • AWS Certified DevOps Engineer

Given the disparate nature of modern threats, it’s important that skills and certifications are well-rounded and comprehensive. Himanshu Verma is director of product management at WatchGuard Technologies and manages WatchGuard’s MSSP partners. He has a long history working with channel providers given WatchGuard is a network security, secure Wi-Fi and authentication company that sells entirely through the channel. According to Verma, providers should offer the following certifications and skills to qualify as a cutting edge MSSP:

Certifications:

  • ISO27001 and SOC 2 (for service and quality — either for direct hosted services or vendor delivered services.

Skills:

  • Remote Management and Monitoring or Cybersecurity. From a best practices standpoint, modelling the CIS – Center for Internet Security (v7) – is a great way to validate their offering.

  • Managed Detection and Response — Automated Orchestration and Response.

  • Threat Intelligence/Correlation.

Perhaps not so surprisingly, more than technical security skills are in demand from MSSPs.

“The cybersecurity skills gap continues to drive demand for MSSPs. To help MSSPs develop internal capabilities and success in the marketplace, they need real-world skills, including developing a presales engineering team, quarterly business reviews, cross-selling techniques and execution, pricing methodologies, developing a target customer profile, establishing service levels and SLAs, and tracking performance metrics and processes,” says Jon Bove, VP of Americas Channel at Fortinet, a cybersecurity software, appliances and services company.

There is one skill that is most in demand from MSSPs: big picture strategic and critical thinking. And that is the goal that should drive your selection of certifications.

“The most valuable certifications are those that can accelerate skills that help MSSP professional deliver their services with an adversarial mindset; for example, it’s important to a professional to think about how disparate vulnerabilities or results from a penetration test can be chained together to create an advanced exploit to reflect true adversarial risk,” advises Jim O’Gorman, president of Offensive Security, a penetration testing training, certifications and service provider.

Read more about:

MSPs

About the Author

Pam Baker

A prolific writer and analyst, Pam Baker’s published work appears in many leading print and online publications including Security Boulevard, PCMag, Institutional Investor magazine, CIO, TechTarget, Linux.com and InformationWeek, as well as many others. Her latest book is “Data Divination: Big Data Strategies.” She’s also a popular speaker at technology conferences as well as specialty conferences such as the Excellence in Journalism events and a medical research and healthcare event at the NY Academy of Sciences.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like