CCSK Success Stories: From a Manager of Cloud Infrastructure
This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog, we'll be interviewing Rizwan Hashmi, Manager, Cloud Infrastructure at Power Automation.
1. Can you tell us about what your current job involves?
My current job is Manager, Cloud Infrastructure. I manage IoT solutions like smart home, smart locks, smart metering, and smart grid. That includes testing and deploying end-to-end solutions where remote devices are sending data to our cloud IoT servers. We also provide application servers where data is displayed to our customers. Sensor security, network security, and cloud infrastructure security are my key responsibilities. We perform risk assessment, adapt strategy and then develop policies to secure each and every component of the solution. I have implemented very large PKI-based platforms where each device in the field is issued a cert from our private CA. And devices hold these certs in hardware-based chips.
2. Can you share with us some complexities in managing cloud computing projects?
We initially faced a lot of challenges when we started using a cloud infrastructure because we did not know much about protecting our infrastructure in the cloud. But after attending the CCSK training we are much more comfortable with cloud infrastructure due to its rapid deployment and elastic nature. Some challenges remain, such as having more access to logs.
3. In managing cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
The common pitfall that I have observed so far is that the requirements for projects are not completely defined. It is in the best interest of everyone to discuss and mutually arrive at a set of common requirements for a project as to how it shall look like at the end.
4. What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
Cloud infrastructure is an integral part of our solutioning now. Thus Domains 6 and 7 are of my major interest. I learned a lot from CCSK, especially management plane security, micro-segmentation and cloud compute security.
5. How does CCM help communicate with customers?
It provides a common understanding to both sides. Since it is from a well-known organization, viz CSA, there are usually not many disputes.
6. What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?
Vendor-neutral and vendor-specific have their own advantages/disadvantages. Vendor-neutral specifies a broader approach as to how something shall be implemented. Vendor-specific may not be that broad. So eventually it becomes our responsibility to bridge the gap, if any.
7. Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications? Why?
I am CISM certified from ISACA. And now my next target is to earn my CCAK, which is a joint effort by CSA and ISACA. Unfortunately, in my current position I am just one man for this domain :D . I hope more people will join over time, then I can recommend them for training. Of course CCSK is good for anyone working with cloud infrastructure.
8. What is the best advice you will give to IT professionals in order for them to scale new heights in their careers?
I believe in experimenting, putting hands-on doing things, and then creating a journal for knowledge obtained. And also you must not forget the human side of working with people. Empathy, creating win-win models, and collaborative approaches will have a lasting impact.