CCSK Success Stories: From an IT Security Consultant

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Terumi Laskowsky, Owner and Principal Consultant at Pathfinders Japan Ltd.

(1) In your role as Owner and Principal Consultant at Pathfinders Japan Ltd, you provide IT security consulting and training. Can you tell us about what your job involves?

Sure. I have been in IT for over 30 years doing a variety of work starting from Systems Analyst, IT Manager, and Consultant. For the past 20 years, I have specialized in IT Security. I have specialized in Application Security Testing where I find and exploit weaknesses in web-based applications. Recently, I have been fortunate to expand into IT Security in the Cloud where I consult and deliver courses related to security both in Asia Pacific and in the US.

(2) Can you share with us some complexities in managing cloud computing projects?

Many companies are migrating to the Cloud to augment their existing systems. Creating connection between two systems adds complexity. Complexity, in general, will introduce vulnerabilities to the system. One example is managing trust between these systems. You naturally trust your on-premises system more than the Cloud, so you make sure that you are protecting valuable internal data and assets while maximizing the power of the Cloud. Too much control will stifle creativity and new business opportunities, and too little control will open up internal systems to external attacks. The right level of protection is the key, but deciding on what to do can be tricky.

(3) In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?

The democratization of technology is one thing that I love about the Cloud. Anyone can try out new technology and "put things out there" without investing thousands of dollars. But this also has a flip side. Because it is fast, easy, and cheap, many companies are rolling out services that are not well vetted and tested. "Fail Fast, Fail Often" can become costly, especially if you are skimping on security of and in the Cloud.

(4) What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?

As an IT Security Consultant, I first look for knowledge that has the widest breadth of the topic. CCSK provides that for security in the Cloud. For me, the Access Control topic is most relevant because my role involves recommending security controls for customers migrating to the Cloud. And Access Control is, hands down, one of the most important controls to get right.

(5) How does CCM help communicate with customers?

Many of my consulting customers already have multiple compliance requirements that they must manage. Often, implementing controls in the Cloud is yet another compliance they must manage. CCM is a tool that they can relate to and easily show the gap that they must fill to move into the Cloud and be in compliance at the same time.

(6) What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenarios are the different certificates important?

For me, they are both important and they complement each other. The vendor-neutral certifications like CCSK highlight the big picture concepts one must have so that you don't get lost in the weeds of details. The vendor-specific certifications, like AWS and others, are also valuable to me because that prepares me with the technical details to work that specific system.

(7) Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications? Why?

Yes. CCSK is comprehensive, yet not overly technical, so anyone with several years of IT experience and curiosity to learn about the cloud can prepare and be successful in passing. It was a nice first step for me to become introduced to the field.

(8) What is the best advice you could give to IT professionals for them to scale new heights in their careers?

Scaling to new heights requires that one must stand on a firm and stable foundation. CCSK gives you that foundation for Cloud Security. Since it is vendor agnostic, it is truly a foundation that you can use as a stepping stone into many different paths. This, and staying constantly curious to learn new things, has helped me thus far.