CCSK Success Stories: CSA Japan Chapter Executive Director
This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Morozumi, the Executive Director for the CSA Japan Chapter.
(1) You currently work for the CSA Japan Chapter as the Executive Director. Can you tell us about what your job involves?
My role in the CSA Japan Chapter involves various activities that include working for local research working groups, translating CSA global whitepapers into the Japanese language, and organizing local events to promote awareness and to educate.
(2) Can you share with us some complexities in managing cloud computing projects?
Undertaking due diligence is very important to managing the security of cloud computing. As the shared responsibility model is central to cloud computing, you cannot manage security by yourself. You need to understand the security posture of cloud service provider (CSP), compliance with specific regulation, among others.
(3) In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
I would say it is important that the cost savings in cloud adoption should be reinvested in security measures.
(4) What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
There are some certifications for cloud computing, but CCSK and CCSP are the ones that focus primarily on cloud security, in order to become a professional in cloud security. To understand the knowledge of cloud security, CCSK is very important.
(5) How does Cloud Controls Matrix (CCM) help communicate with customers?
Given that the CCM is a comprehensive control framework for cloud security, it is very useful when customers communicate with CSPs. And as CCM has mappings to several standards and regulations (such as HIPAA), it is a helpful tool to understand the gaps (and mitigating security controls) between CCM and these standards and regulations.
(6) Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?
Yes, I would. CSA has a wide network of members and subject matter experts who understand the various areas related to cloud security. The CCSK and other CSA qualifications are based on the knowledge of these members and subject matter experts.
(7) What is the best advice you could give to IT professionals in order for them to scale new heights in their careers?
As technologies used in cloud computing are changing rapidly and new technologies are constantly emerging, keeping your knowledge of these technologies continuously up-to-date is crucial for your career.