CSA Community Spotlight: Propelling the Industry Forward with Larry Whiteside Jr.

Now 15 years old, the Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2009, CSA was officially incorporated and we released the first version of our Security Guidance. In the years since, we’ve debuted a wealth of frameworks, volunteer-driven research publications, assurance offerings, trainings, certificate programs, global chapter communities, in-person and virtual industry events, organizational memberships, and other various initiatives based on top-of-mind security concerns.

All of these activities would not be possible without our vast network of dedicated members, partners, volunteers, subject matter experts, speakers, chapter leaders, trainers, and advocates and evangelists. So to celebrate CSA’s 15th anniversary, all throughout 2024, we’ll be interviewing 15 longtime partners that have been integral to the success and growth of the CSA community.

First off is the great Larry Whiteside Jr., Chief Information Security Officer at RegScale. Larry is a former United States Air Force Officer with over 25 years of experience in building and running cybersecurity programs as a CISO, CSO, and CTO. His security roles have spanned many industries, including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure. Read about Larry’s thoughts and experiences with CSA below.

What are the various ways you’ve been involved with CSA over the years?

Throughout my career, my engagements with CSA have been varied and deeply enriching. From collaborating on initiatives aimed at enhancing diversity in the cloud security arena, to contributing as a panelist at numerous CSA events such as RSA and SECtember. Most recently, I’ve taken on a role on their Board of Directors. CSA has significantly influenced my comprehension, awareness, and appreciation of both the advantages and challenges associated with cloud technology.

What’s your favorite memory of the CSA community?

One of my most cherished memories within the CSA community was my involvement in a CSA Summit, where I took the stage alone for the first time at a CSA event. Despite having hundreds of solo speaking engagements under my belt, I felt unusually anxious. Reflecting on that experience, I now understand the draw of CSA—its members possess a profound knowledge of cloud technology and security. Initially, I doubted whether my presentation would resonate or leave me sounding inexperienced. Yet, the enthusiastic response and interaction from the CSA attendees truly energized me. The positive feedback I received afterward was truly the cherry on top.

Why do you continue to be a part of the CSA ecosystem?

In my view, CSA stands as the unparalleled authority on cloud security. Their proactive approach to keeping abreast of cloud-related trends, coupled with their commitment to developing in-depth technical materials, has set them apart.

What I find most remarkable is their success in fostering a worldwide community, which, to me, is their crowning achievement. They've also excelled in creating educational resources, equipping the community with the necessary skills to thrive. This community, which I hold in high regard, spans a diverse range of members including corporations, governments, tech firms, startups, and individual practitioners. CSA exemplifies the ideal that I believe all organizations should aspire to: putting the community first, without exception.

What do you see as one of CSA’s most significant contributions to the cybersecurity industry?

Choosing just one is challenging, but under pressure, I'd highlight the Cloud Controls Matrix (CCM) as a standout. The CCM's introduction of a set of targeted controls for organizations and practitioners to secure their cloud environments has significantly propelled the industry forward. It has accelerated the adoption of cloud architecture and its secure implementation. Without the CCM, we would probably be facing either sluggish adoption rates or an increase in cloud security incidents.

What are your predictions for CSA in the next 15 years?

As my involvement with CSA deepens and I witness its ongoing expansion and evolution, I increasingly perceive its potential to influence global regulations and policy-making.

CSA boasts a remarkable team of profound thinkers distributed worldwide, possessing vast knowledge and the foresight to offer evolutionary insights. This collective expertise equips CSA with a unique capacity to initiate changes and provide guidance that benefits everyone involved. Their contributions could lead to the shaping of policies and regulations that not only advance the field of cloud security, but also ensure a safer digital environment globally. This potential for global impact underscores CSA's role as a pivotal player in the future of cybersecurity and likely policy development.

Make sure to check out more insights from the CSA community here.