CCSK Success Stories: From a Head of Cloud Security

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Raghvendra Singh, Global Head, Cloud Security CoE, Cyber Security Practice at Tata Consultancy Services.

1. In your current role at Tata Consultancy Services as a Global Head, Cloud Security CoE, Cyber Security Practice, can you tell us about what your job involves?

My job primarily involves defining cloud security offerings/GTM, developing cloud security-focused competency in the practice, advising enterprise customers on their digital transformation journeys and building/managing partnerships with major cloud service providers (CSPs), as well as cloud security partners.

2. Can you share with us some complexities in managing cloud computing projects?

With major enterprises moving towards multi-cloud security adoption, security architects and leaders face challenges to present multi-cloud/hybrid cloud strategy which can be extended consistently across multiple CSPs. It is becoming increasingly challenging and complex to build such designs and bring solutions on board which can have an effective mix of native and third-party multi-cloud security solutions.

3. In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?

Some common tips include:

• Knowing your CSP, knowing your data and liability
• Cloud adoption should be an opportunity to modernize cybersecurity, not just to save costs
• Having good control and complete visibility on your overall cloud security posture

4. What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?

I have been planning to attain CCSK for a long time. It is a badge which is a must-have for cloud security professionals. CCSK not only clarifies the basics but also gives an opportunity to build a cloud agnostic view for a cybersecurity professional which is a must have in today’s multi-cloud world. I have been using the CSA Cloud Controls Matrix (CCM) for a long time, so it is the most relevant piece for me.

5. How does CCM help communicate with customers?

CSA CCM must be used as a base framework to assess CSPs and customers. It is detailed and holistic, providing an opportunity to identify gaps in their cloud security posture.

6. What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?

It is essential to build a strong foundation knowledge of cloud security and hold a CSP-agnostic view to ensure customers are advised effectively in a neutral manner. This is where CCSK is instrumental.

CSP-focused certification can be targeted as phase 2 to get a better hold on CSP-specific services and points of view.

7. Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications? Why?

Yes, I would. It is important that my team and colleagues can effectively advise our customers with a CSP-agnostic view and have a consistent approach to assist customers better.

8. What is the best advice you will give to IT professionals in order for them to scale new heights in their careers?

Cybersecurity is a journey rather than a destination. Enjoy this journey and continuously build self/enterprise competency. Build a network. Keep up to date and support the community with your knowledge.