Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CSA Community Spotlight: Being a Force for Good with Risk Manager Heinrich Smit

Published 03/21/2024

CSA Community Spotlight: Being a Force for Good with Risk Manager Heinrich Smit
Written by Megan Theimer, Content Program Specialist, CSA.

In 2009, CSA was officially incorporated and we released the first version of our Security Guidance. The following year, CSA launched the industry’s first cloud security user certificate, the Certificate of Cloud Security Knowledge (CCSK), now the benchmark for professional competency in cloud security. This training and certificate program would be the first of many more offered by CSA, the latest of which is our Zero Trust Training program and Certificate of Competence in Zero Trust (CCZT), released last November.

All of our trainings, certificates, and the many other activities that we’ve produced over the last 15 years, would not be possible without our vast network of dedicated members, partners, volunteers, subject matter experts, speakers, chapter leaders, trainers, and advocates and evangelists. So to celebrate CSA’s 15th anniversary, all throughout 2024, we’ll be interviewing 15 longtime partners that have been integral to the success and growth of the CSA community.

Heinrich headshot

Today we’re talking to Heinrich Smit, Manager of the Governance, Risk & Compliance Team at Semperis, Technologies Inc. Heinrich is a recognized information protection and Zero Trust expert who has led teams at software innovators and large financial institutions, authored entire information security policy stores, and protected data at both 280,000 seat regulated enterprises and SaaS-based startups. Get Heinrich’s perspective on collaborating on CSA training programs below.



What are the various ways you’ve been involved with CSA over the years?

I've worked with CSA extensively over the years, collaborating with other experts on:

  • Creating Zero Trust Training modules for all pillars of Zero Trust.
  • Creating CCZT and CCSK exams, based on these modules.
  • Participating in CSA Research work on Zero Trust and other information protection concepts. In this regard, I have led working groups, round tables, and discussions.

Today, I still participate in these initiatives. We are currently overhauling some CSA training, and also writing and refining new exams.


What’s your favorite memory of the CSA community?

I have really enjoyed meeting and collaborating with experts across the spectrum of cybersecurity and data protection, with the goal of better protecting people and their information against nation state and malicious actors. A fond memory is the years of close teaming on the creation of the Zero Trust training. I've made life-long friends there.

I was also a founding member of the CSA Seattle Chapter. This was a highlight for me - being part of the creation of this fantastic community and body of experts.


Why do you continue to be a part of the CSA ecosystem?

CSA is a world-recognized body of the world's most knowledgeable, educated, and experienced professionals in cybersecurity. After decades in this space, and having seen technologies evolve exponentially over the years, my motivation is BEING PART OF A FORCE FOR GOOD.

There are increasing threats and threat actors who manipulate public opinion with false information; certainly blackmail others to achieve their selfish goals; and in some cases, pose a real threat to peaceful, prosperous human life across the globe. I am proud to be a part of an organization whose goals are to unify, inform, and enable those who stand in the way of these threat actors.


What do you see as one of CSA’s most significant contributions to the cybersecurity industry?
  • The pursuit of world-wide collaboration
  • The sharing of knowledge


What are your predictions for CSA in the next 15 years?

CSA will increasingly grow in its membership and standing, because it pursues ever-improving, ever cutting-edge knowledge and understanding of cybersecurity.


Do you have a question for the next interviewee to answer?

What can CSA do to better connect and unify with international standards bodies and communities, while at the same time maintaining uninfluenced standards and truths in cybersecurity?



Make sure to check out more insights from the CSA community here.

Share this content on your favorite social network today!