Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CCAK Testimonials: From a Cloud Security Expert

Published 05/06/2021

CCAK Testimonials: From a Cloud Security Expert
Written by Moshe Ferber, Chairman at Cloud Security Alliance, Israel.

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical education for cloud IT auditing. In this blog series, we’re interviewing developers of the CCAK about the importance of this certification and who should consider earning it. In this third blog, we’re interviewing Moshe Ferber, certified CCAK instructor and CSA contributor.

1. How is the CCAK certification program different from other IT audit certification programs?

Cloud is a new challenge that undermines traditional IT audits foundations. The “new” auditors must acquire a different set of skills – produce faster results, rely more on attestations over actual testing and cope with lack of physical controls and visibility.

2. Why did you want to get involved in the development of the CCAK?

It is an honor and privilege creating the knowledge for others to use. I have spent now over 20 years educating the next generations of cyber professionals and this is a natural development.

3. Who should earn their CCAK?

Everyone who is doing IT risk management, GRC professionals, Auditors.

4. Why is the CCAK important?

In the cloud we often are missing the control over assets we are used to. The only alternative to what we lost is investing more in proper risk management, governance and provider evaluation process. In CCAK we provide the knowledge how to do so correctly and responsibly.

5. What is the added value CCAK will bring to the market?

Information security knowledge and education tend to either be very technical and detailed or very theoretical and high level. I think that in CCAK we managed to integrate the two. The high level risk management process for instance is very rational and down to earth.

6. Feel free to make any additional comments related to CCAK.

Auditors are usually good at understanding the high level risks but lack knowledge in the technical details. In CCAK we manage to bridge the gaps between the two. CCAK professionals will understand both the risk management consideration along with the details of the cloud newly formed attack vectors and solutions.


If you are actively involved in the CSA community you may be eligible for a discount on the CCAK exam and preparation materials. You can learn more about the Certificate of Cloud Auditing Knowledge, and purchase the exam and study materials here.

Share this content on your favorite social network today!