CCSK Success Stories: From the Managing Director

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog, we'll be interviewing Eliza Popa, Founder and Managing Director at Cyberstrat IT Consulting.

1. You are the Founder and Managing Director at Cyberstrat IT Consulting. Can you tell us about what your job involves?

Cyberstrat is a trusted advisor for our diverse clients in the Middle East, which sit on both sides of the cloud computing marketplace: CSPs and cloud customers. Besides my managing role, I am an information security and cloud security advisor, auditor, and trainer. I am excited to lead Cyberstrat as our company helps our client base through consulting, audit services, and our comprehensive training programs.

2. Can you share with us some complexities in managing cloud computing projects?

It used to be that cloud services were the domain of IT departments alone, but the new emphasis on digital-first strategies has all departments engaging with the technology. This means more potential customers looking for cloud solutions and deploying a multi-cloud strategy for all their cloud needs. We understand that some of the potential customers are operating in a highly regulated environment and need to be prepared to prove compliance.

3. In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?

The marketplace still lacks expertise, and many organizations struggle to understand the shift in governance, risk management, and the compliance implications of cloud computing. Also, there are vast differences in the shared responsibility model across the combinations of service and deployment models that need to be understood. Hence, IT professionals should get involved in a multi-disciplinary cloud project team that comprise professionals across information security, IT, GRC, legal, and business departments. Customers should invest in training the entire cloud project team at least on foundational knowledge about cloud infrastructure, security risks, and controls. An understanding of cloud security risks and challenges allows for realistic project management to migrate securely to the cloud.

4. What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?

Behind the decision to pursue the CCSK were two objectives I set in 2019: to become a cloud auditor and trainer. In my roles as advisor, auditor, and trainer I find all the CCSK materials relevant: the Security Guidance v4.0 comprises cloud computing foundational knowledge, the CCM is a list of cloud security controls, the CAIQ is a standard template for cloud providers to document their security and compliance controls, and the ENISA Cloud Computing Security Risk Assessment is a security assessment based on three use-case scenarios with risk findings and recommendations.

5. How does the CCM help communicate with customers?

Most of our customers are operating in a highly regulated environment. The CCM tool helps them assess the risk associated with a CSP and the gap in controls that they must fill to move into the cloud and prove compliance. The CCM can also be used to document security responsibilities shared between CSP and cloud customer.

6. What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?

Vendor-neutral certificates like the CCSK and CCSP offer high-level foundational knowledge and a skill base that is universally applicable. Having set the proper foundation, IT professionals can pursue different vendor-specific certificates. Their choice should be based on the intention to either work for the vendor cloud platforms or use a product or service in the cloud platforms. CSPs have created certificates that suit both categories of IT professionals.

7. Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?

Definitely. Nowadays, cloud computing has become the default choice for IT. Hence, organizations need teams that possess a foundational understanding of all things cloud – from initial planning and risk assessment to understanding compliance requirements to implement a multi-cloud strategy. Having appropriate training enables the effective and secure use of cloud computing, remaking the modern business world in very profound ways.

8. What is the best advice you will give to IT professionals in order for them to scale new heights in their careers?

From the beginning of your career, enroll in formal training programs which will give you the right knowledge aligned with your career objectives. Keep learning and upskilling every year.