CCSK Success Stories: From a Security Consultant
This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Dr. Ricci Ieong, Principal Consultant at eWalker Consulting.
In your current role at eWalker Consulting (HK) Ltd as a Consultant, you undertake consulting for clients. Can you tell us about what your job involves?
As the principal consultant, I lead the security review, assessment, consultancy services in my company.
Can you share with us some complexities in managing cloud computing projects?
As a pioneer in the cloud computing security area since 2012, we have to explore and derive the direction and scheme of cloud computing security for different customers. In fact, as cloud computing is a deployment model which evolves rapidly, we have to catch up with the latest technology in cloud computing deployment.
In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
IT professionals have to be aware of the roles and responsibilities in the particular cloud model implemented in the client environment.
What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
As a pioneer, we need to have both cloud security and industry practical knowledge. CCSK is definitely the very first certificate in cloud computing knowledge. So I took the CCSK v3 and then v4 certificate. Especially since I'm involved in conducting CCSK training, we need to learn and practice the latest knowledge in cloud computing security practical knowledge.
How does the Cloud Control Matrix (CCM) help communicate with customers?
The Cloud Controls Matrix (CCM) is one of the most useful tools that we use to explain cloud computing controls to customers. It provides fundamental security principles that guide cloud service vendors towards the most secure practices. For cloud customers, it helps in assessing the overall security postures of cloud providers.
What’s the value in a vendor-neutral certificate versus getting certified by a vendor like AWS? In what scenario are the different certificates important?
It is better to learn from CCSK and CCSP first as those would give the audience general common security knowledge. With the baseline of cloud computing security knowledge, candidates can better understand cloud vendor-specific security knowledge. As cloud computing security is always vendor-specific, if a candidate wishes to become a cloud security expert, then he/she should have both general and specific cloud security knowledge.
Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?
As mentioned above, general, broad, vendor-neutral cloud security knowledge is important for candidates to know what is important in the area of cloud security. It will help them learn and establish a baseline of security best practices when dealing with a broad array of responsibilities, from cloud governance to configuring technical security controls.
What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?
Cloud computing is already the current direction of IT system deployment. So cloud security is critical knowledge that IT professionals should aim to achieve. I would recommend cloud security professionals obtain the CCSK certification to increase their employment opportunities by filling the skills-gap.
About Ricci Ieong
Dr. Ricci IEONG, Principal Consultant of eWalker Consulting (HK) Ltd, has over 20 years of industry experience in the Information Technology Industry as well as more than 17 years of experience in IT Security area specialized in Security Risk Assessment, IT Audit, Penetration Test and Computer Forensics Investigation. He is an Adjunct Assistant Professor in a university in Hong Kong, program director in HKUSpace on Digital Forensics Diploma course, authorized ISC2 Certified Cloud Security Professional (CCSP). He is also the Vice Chairman of of Professional Development of Cloud Security Alliance (HK & Macau Chapter) and an active speaker in many security events in Hong Kong and Asia Pacific region.
Interested in earning your CCSK? Download our guide to the Certificate of Cloud Security Knowledge (CCSK).