CCAK Testimonials: From a Cybersecurity Consultant
The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program will fill the gap in the market for technical education for cloud IT auditing. In this blog series, we’re interviewing developers of the CCAK about the importance of this certification and who should consider earning it. In this first blog, we’re interviewing Craig Balding from Resilient Security Limited.
1. How is the CCAK certification program different from other IT audit certification programs?
CCAK is different from other IT audit certification programs as it immerses audit practitioners in the cloud domain. It goes beyond a simple transliteration of audit best practice to cloud workloads and addresses how auditors need to think, prepare, and act to deliver a credible audit in a hybrid or pure cloud context.
2. Why did you want to get involved in the development of the CCAK?
I was motivated to co-develop CCAK as I believe that the CSA has the bench strength, reach, and credibility to successfully develop and evangelize the first credible cloud audit certification program. With the seismic shift to cloud, I believe CCAK will quickly establish itself as a “must have” certification within the risk, security and audit domains.
3. Who should earn their CCAK?
I believe CCAK is relevant and approachable for IT professionals seeking to assess cloud risk and controls. The obvious audience is naturally existing IT auditors tasked with auditing their internal or clients “cloud journey.” As the former head of Cyber Risk for a global bank, I consider CCAK highly valuable for both risk and audit practitioners in regulated entities. As a consultant, CCAK will help differentiate me from the crowd and provide an external “mark of credibility.” Ultimately, CCAK is for anyone seeking to become a credible cloud auditor.
4. Why is the CCAK important?
CCAK is important as it provides the basis for a playbook for how to audit cloud environments. CCAK is the shortest path I know to take a competent IT auditor and pivot them to cloud. CCAK not only provides a blueprint for how to think about risk and control in a cloud context, but it empowers practitioners with very practical advice on how to perform successful cloud audits.
5. What is the added value CCAK will bring to the market?
Anyone can read IT standards and risk frameworks. But only CCAK enables a level of understanding of how to apply key risk and control frameworks within a cloud context. I am not aware of anything comparable to CCAK on the market.
If you are actively involved in the CSA community you may be eligible for a discount on the CCAK exam and preparation materials. You can learn more about the Certificate of Cloud Auditing Knowledge, and purchase the exam and study materials here.