CCSK Success Stories: From the Managing Director of a Consulting Firm

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Ferdinand Fong, Managing Director, Initial Alpha Pte. Ltd.

(1) In your current role as Managing Director, what does your job involve?

I run a program management consultancy business, and my most recent engagement involves working with a financial services payment processor as an operational management consultant executing the migration of CITI Hong Kong payment platform over to theirs. Due to this organization’s insolvency filing and how the world is now changing, I am looking into expanding my portfolio into the area of cloud security.

(2) Can you share with us some complexities in managing cloud computing projects?

I can see as companies/enterprises are going from traditional physical infrastructure to more cloud- based infrastructure, there is a gap which CSA can help to fill. Some complexities I see are:

1. Understanding the existing scope of the client and mapping it to a cloud based infrastructure
2. The need to change the client’s mindset as they will have to relinquish certain physical control over the infrastructure itself.

(3) In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?

I think one of the key tips I would share is to get a good grasp on risk assessment. A thorough risk assessment that is in alignment with the client needs will ensure that an optimal business requirement document can be created, which will help with guiding the development of the project.

(4) What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?

I find that as a whole the CCSK is a great starting point for anyone who wishes to venture into the area of cloud security. As someone who is new in this area, I would have to say that I did not have a preferred area as I found the entire training to be very invaluable.

(5) How does Cloud Controls Matrix (CCM) help communicate with customers?

The Cloud Controls Matrix (CCM) provides a very easy to understand method for customers in order to have a good handle on where they are in terms of security controls, compliance requirement and regulatory requirement. With the CCM any gaps in any of those areas can be easily identified and addressed.

(6) What's the value in a vendor-neutral certificate versus getting certified by a vendor? In what scenario are the different certificates important?

Vendor-neutral certificates are great as they open up greater opportunities to work in an unbiased manner with both the clients as well as managing a professional relationship with vendors and CSPs. This also means that my clients can trust my recommendations based on what their needs are and not driven by any biases.

(7) Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications?

Yes I would. As I see this as part of expanding my business, ensuring that my staff and colleagues have the same standard understanding and speak the same language when it comes to addressing cloud security related subjects.

(8) What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?

Keep an ear to the ground, pay attention to the latest development and what is trending. The world of IT is constantly changing; it is imperative to stay abreast with the latest developments, innovations as well as the evolving security threats that are out there.