Over the Easter weekend, Ansel took and passed the (ISC)² Certified in Cybersecurity (CC) qualification. As a consultant with SSTC cybersecurity is an increasingly central part of what we do. While he is not a full-time security specialist, we have found him more and more involved in conversations about risk, data protection, and secure design, so getting a solid grounding in cybersecurity felt like the right next step.

The CC certification is designed as a cybersecurity entry point, especially for people who are new to cybersecurity or, like Ansel, regularly work alongside it. It covers five core areas: 

• Security Principles, Business Continuity (BC)

•  Disaster Recovery (DR) & Incident Response

•  Access Control Concepts

• Network Security

•  Security Operations. 

It’s a very practical, well-structured introduction that helps you build a mental model for understanding where threats can come from and how to think proactively about mitigating them. I especially liked how relevant the scenarios felt to our business facing work at SSTC as they  made the material feel grounded in the types of challenges we face regularly, and gave him a better vocabulary for discussing them with clients.

Looking ahead, he is definitely interested in exploring the (ISC)² certification path further. The SSCP (Systems Security Certified Practitioner) seems like a logical next step—it builds on the CC with more technical depth, particularly around security operations and implementation.  He is also curious about the CISSP which is widely regarded as the gold standard for professionals designing and managing enterprise security programs. Beyond that, there are specialist certifications like the CCSP for cloud security and the CSSLP for secure software development, both of which touch areas we often encounter at SSTC.  He is not set on a particular direction yet, but having these options in mind is helpful as he thinks about where to deepen my skills over time.

Taking the CC has definitely strengthened his confidence and his ability to have informed security conversations with clients and colleagues. It’s a great first step, and whether or not he will go all the way down the certification path,  he now has a stronger foundation to build on—and that’s already making a difference in how we work at SSTC.