Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Missed CSA's Cyber Monday sale? You can still get 50% off the CCSK + CCZT Exam & Training Bundle and Token Bundle with raincheck code 'rcdoubledip24'

CSA Community Spotlight: Filling the Training Gap with Dr. Lyron H. Andrews

Published 12/06/2024

Home
Industry Insights
CSA Community Spotlight: Filling the Training Gap with Dr. Lyron H. Andrews
Written by Megan Theimer, Content Program Specialist, CSA.

Now celebrating 15 years of advancing cloud security, the Cloud Security Alliance (CSA) is proud to be the world’s leading organization dedicated to defining best practices for a secure cloud computing environment. Since our incorporation in 2009 and the release of our inaugural Security Guidance, CSA has expanded our impact through a broad portfolio of initiatives, including industry-leading training programs and certificate offerings.

These programs, including the foundational Certificate of Cloud Security Knowledge (CCSK) and the award-winning Certificate of Competence in Zero Trust (CCZT), have set global benchmarks for cloud security expertise. These efforts are complemented by hands-on training courses, webinars, and educational resources designed to equip professionals with the knowledge and skills needed to address evolving cloud security challenges.

None of this would be possible without our vibrant network of trainers, subject matter experts, volunteers, and advocates. To mark CSA’s 15th anniversary, we’re celebrating throughout 2024 by spotlighting 15 longtime partners whose collaboration has been pivotal to the success and growth of our various initiatives.

Lyron headshot

Today we’re speaking with Dr. Lyron H. Andrews. His technology career spans three decades as an engineer, cybersecurity adviser, executive, author, researcher, and social justice entrepreneur. He teaches several cybersecurity certifications, including CCSP, CISSP, CISM, SSCP, CRISC, CCSK, and CCZT. His roles have included Network Manager for the New York City Department of Education, Senior IT Director for BMG Direct, and Dean of Technology at BNY Mellon. Below, learn about Dr. Andrews’ experiences as a CCSK and CCZT trainer, and why he continues to support the CSA community.


What are the various ways you’ve been involved with CSA over the years?

My original way of being involved was as a trainer. My training capacity started off with CCSK, which has just been updated to version five. I also recently started doing training for the CCZT.

A couple of years back, my organization Profabula became a partner with the Cloud Security Alliance, so I've been working as a sub facilitator for Cloud Security Alliance training as well.

I've also done some work with them related to editorial activities, such as version five of the CCSK, and a lot of feedback work with the Zero Trust program. I believe I also wrote a couple of courses for their Train the Trainer capabilities.


What’s your favorite memory of the CSA community?

I think my favorite interactions would be during conferences. CSA has always been part of the RSA Conference. The seminars that they put on for the full CCSK training with labs, done in two days, may have been my largest classes ever. I believe one time it was about 85 people. That was pretty amazing. It was also the last time for over a year that anyone would see anybody in person again. It was right before things shut down for COVID.

Getting together with the inside folks who help develop and manage the materials, having dinners with them, lunch breaks, catching up, seeing what's going on - I think that is always the most rewarding.


Why do you continue to be a part of the CSA ecosystem?

The Cloud Security Alliance definitely brings value to the cybersecurity world. Believing in the way in which they approach security and manifest security has been the thing that keeps me coming back.

I think they've really done a great job of reinvigorating this new version of the CCSK, making it so that it is caught up to where we are in the cloud. I believe in the Cloud Security Alliance to stay relevant. And then with Zero Trust, no other organization is doing as comprehensive a job at making that a part of learning.


What do you see as one of CSA’s most significant contributions to the cybersecurity industry?

What they did with the Cloud Controls Matrix and CSA STAR is groundbreaking. Still to this day, I can mention CSA STAR or bring up version three of the Cloud Controls Matrix and amaze a few people with the best use of an Excel spreadsheet in history!

It’s cool to be able to be a part of this certain energy that CSA has. The energy of people that are looking for answers to what is still not really a largely adopted path - manifesting a set of controls in your cloud environment as easily as you manifest them in your data center.

People are still resistant to transitioning security controls to the cloud. I think it's honestly a lack of curiosity in a lot of cases. The other case is a lack of realization that organizations need to make an investment in training and give people time to imagine things differently and to learn things differently.


What are your predictions for CSA in the next 15 years?

This is not really a fair prediction because of conversations I’ve been a part of, but the Cloud Security Alliance will do the same thing for AI that they’ve done with STAR.

I also think they'll replicate that same alliteration with the Top Threats to Cloud Computing. Doing it with AI has been extremely helpful in classrooms, to dig down into the failures that happen, not so much from the cloud service providers, but from the cloud service consumers.


Question from interviewee Avani Desai: What’s one lesson you’ve learned from the CSA community that has had a lasting impact on your approach to cybersecurity?

This might be a little weird, but to think about where the gaps are and then how to fill them. I believe the Cloud Security Alliance did that with the STAR Audit and the STAR Registry. I try to figure out how that lesson may manifest with other opportunities for myself.

I am currently pursuing a couple of clients with a new certification that I have for Artificial Intelligence Management System Implementer. I was in conversation with a representative from a Fortune 100 company a couple of days ago, and she was saying that they had an assessment done by one of the big four auditing firms that was not even a true assessment of their artificial intelligence management system.

People haven't really built the infrastructure for operationalizing artificial intelligence. When I say infrastructure, I mean not the hardware and software components, but the administrative and the operational capabilities and components. To me, that represents a huge opportunity to get in on, to be an advisor for. The analogy of the Cloud Security Alliance being first in when it comes to cloud controls is very useful. It's a behavior that I admire.


Do you have a question for the next interviewee to answer?

What form of training do you or your clients find to be most effective? Is it online or in the classroom? What goes on that makes it a successful facilitation?


Make sure to check out more insights from the CSA community here.

CCSKCCZTSTARTraining

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Register for CSA’s Virtual FinCloud Security Summit
Cyber Resiliency in the Financial Industry
Register for the Virtual AI Summit 2025
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Level Up Your Cloud Security Skills With This Jam-Packed Training Bundle

Published: 12/11/2024

Cyber Essentials Certification Cost and Related Expenses: A Detailed Breakdown

Published: 12/05/2024

CSA Community Spotlight: Creating Globally-Recognized Cybersecurity Assessments with Willy Fabritius

Published: 11/27/2024

CSA Community Spotlight: Addressing Emerging Security Challenges with CISO Pete Chronis

Published: 11/18/2024