Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

The Missing Atlassian Security Certification (And Why It Needs to Exist)

Hey Community,

If you have ever managed an enterprise tech stack, you know that Atlassian tools (Jira, Confluence, Bitbucket, Jira Service Management) are the operational nervous system of your company. They hold your source code, your intellectual property, your product roadmaps, and your customer support tickets.

Yet, when we look at Atlassian's robust certification catalog, we see credentials for Jira Administrators, Project Managers and Cloud Organization Admins.

But there is a glaring, massive empty seat at the table: Cybersecurity.

If Atlassian were to launch a single, definitive security certification, what should it look like? What should we call it, and how would it stand out against heavy hitters like AWS, Azure, or GCP security certs?

Let’s design it.

The Proposal:

Atlassian Certified Guard & Governance Professional (ACGP)

To make this certificate incredibly valuable in today's world, I like to call Atlassian Certified Guard & Governance Professional (ACGP).

Why this name?

Security in Atlassian isn't just about setting password policies, it is about protecting intellectual property and maintaining strict organisational compliance.

  • Guard directly aligns with Atlassian Guard their flagship enterprise security, threat detection, and identity management tool.

  • Governance is the most critical hurdle enterprise teams face. This certification wouldn't just test technical toggle-switching, it would validate an engineer's ability to structure data, manage the Marketplace app risk, and audit workspace permissions at scale.

ACGP vs. The Big Three: How It Radically Differs

If there is already AWS, Azure, or GCP security certification, you might wonder: Why do I need this?

The difference lies in Infrastructure Security versus Operational & Collaboration Security.

Here is how they stack up side-by-side:

Aspect

Cloud Provider Security Certs (AWS / Azure / GCP)

Atlassian Certified Guard & Governance Professional (ACGP)

The Core Focus

The Castle Walls: Network perimeters, IAM roles, firewalls, and securing the raw virtual infrastructure.

The Castle Inhabitants: How people collaborate, communicate, share IP, and integrate daily workflows.

Primary Risk Managed

Data-breaches via server misconfigurations, open S3 buckets, or compromised APIs.

Data leaks via public Confluence pages, unvetted 3rd-party marketplace apps, or over-privileged project permissions.

Shared Responsibility

Hardening the OS, virtual networks, and databases.

Managing user behaviour, data classification levels, and access boundaries.

Audience

Cloud Security Engineers, DevOps, Solutions Architects.

SecOps, Atlassian Admins, IT Compliance Officers, and Security Champions.

While AWS/Azure/GCP make sure the servers are secure, the ACGP ensures that your employees aren't accidentally sharing AWS API keys in a public Jira ticket or exposing customer data via an unvetted Jira Service Management portal. It secures the collaboration layer.

What Would the Exam Actually Test?

The ACGP curriculum would bridge the gap between IT administration and information security, focusing on three core pillars:

  1. Identity & Enterprise Security (Atlassian Guard): Implementing Single Sign-On (SSO), Multi-Factor Authentication (MFA), user provisioning/de-provisioning, and enforcing Zero Trust architecture at the collaboration level.

  2. Third-Party App & Ecosystem Governance: Assessing and auditing the security risk of Atlassian Marketplace plugins, API tokens, and webhooks.

  3. Data Loss Prevention (DLP) & Compliance: Setting up classification levels (e.g., Highly Confidential), scanning for sensitive data leaks (like passwords or PII), and adhering to frameworks like ISO 27001 or SOC 2 within Atlassian Cloud.

Over to You!

Would you like to have and study for a dedicated Atlassian Certified Guard & Governance Professional (ACGP) exam?

How is your organisation currently managing Atlassian-specific security risk?

Let's discuss, spark discussions and make it engaging. 

-Viswa

7 comments

__ Jimi Wikman
Community Champion
July 16, 2026

I 100% agree!

Good article @Viswanathan Ramachandran !!

Like • # people like this
James O_Connor
Community Champion
July 16, 2026

I love that idea @Viswanathan Ramachandran - a security cert that focuses on the collaboration layer is such a great way of explaining it. It's also triggered a realisation in me that Atlassian is sorely missing a Product Management stream of certs too - as avid users of JPD that's something we would really be interested in.

Like • # people like this
Esther Ortega
Contributor
July 16, 2026

I couldn't agree more, @Viswanathan Ramachandran! This is a certification I've personally missed more than once.

I find the distinction you draw between infrastructure security and the collaboration layer especially spot-on. That's exactly why a certification like this makes so much sense: by focusing on the operational level —permissions, Marketplace app governance, data classification, identity management with Atlassian Guard— it wouldn't interfere at all with how Atlassian organizes its security at the infrastructure level. They're two complementary planes, not competing ones.

The day-to-day of administering Jira, Confluence, or JSM is full of security decisions that nobody formally validates today, and having a dedicated credential would go a long way toward professionalizing that role. The ACGP proposal strikes me as an excellent starting point.

Like • # people like this
Hans Polder
Community Champion
July 17, 2026

Totally agree! I had to find out quite a few things myself, that weren't covered by any of the existing certifications. 

Like • # people like this
Antti Salo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 17, 2026

Like the previous commenters, I agree 100 %!

Like • # people like this
Moses Thomas
Community Champion
July 17, 2026

After several interviews with Candidates really disappointed from this stand point. Make sense honestly 

Like • # people like this
Sami Shaik
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
July 17, 2026

Strongly agree with this, @Viswanathan Ramachandran. The framing of "collaboration layer" security vs. infrastructure security is exactly the gap I run into repeatedly as an ACE doing technical audits across Jira, JSM, and Confluence estates.

The part of your proposal I'd underline hardest is pillar 2, Marketplace app governance. In most enterprise audits I've done, the biggest exposure isn't misconfigured SSO or missing MFA (those get caught by standard IT hygiene checks). It's the long tail of third-party apps with broad OAuth scopes, stale API tokens still attached to offboarded users, and webhooks nobody remembers approving. There's currently no standardized, vendor-recognized way to demonstrate you can assess that risk systematically, so it tends to live as tribal knowledge with whoever happens to be the platform's most paranoid admin.

One addition I'd suggest for the curriculum: alongside DLP and classification, include Forge app permission scoping as its own testable area, not just "how do you audit an installed Marketplace app" but "how do you evaluate the manifest level permissions a Forge app requests before approval." As Forge adoption grows, and with workflow level modules now expanding what these apps can touch inside Jira/JSM, reviewing scopes at install time is going to matter as much as auditing what's already installed.

The ACGP name works well too. "Guard" ties cleanly to the existing product, and "Governance" signals this is assessed judgment, not just toggle-switching, which is the right bar for a credential like this to be worth pursuing.

Like • # people like this

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events