CCSK Success Stories: From the Director of Cyber Security Services
This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog, we'll be interviewing Mike Lo, Director of Cyber Security Services, Wizlynx Group.
1. Can you tell us what your job involves?
In my current role at the Hong Kong Office, I look after the business development of the Hong Kong, Macau, and Taiwan regions. Sometimes, I am involved in a project management role for our key client's sizable projects.
2. Can you share with us some complexities in managing cloud computing projects?
Many of our clients own a significant number of cloud instances and deploy applications on them. As most of these deployments may be ad-hoc or function-oriented, they have only very limited time to deploy the application and its security. In the meantime, they do not have an integrated view of the cloud security status among these cloud instances.
3. In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
Get the right service provider with certified cloud security professionals or you may consider seeking advice from trusted security associations, who will give you vendor-specific advice.
4. What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
I earned my CCSK qualification in 2012; I am the first certified CCSK professional in HK. There were very few certified cloud security professionals in Asia Pacific at that time. As I foresaw a high demand on the cloud security side, I joined the official training and got certified right after the training. The most relevant part of the CCSK is that the security foundation of cloud architecture provides me with a good grounding to plan cloud security or cloud-related infrastructure security projects. It also helps me to effectively interact with other cloud security professionals with a similar background.
5. How does the CCM help communicate with customers?
A lot of customers are facing compliance doubts when they want to deploy cloud security projects. The CCM helps them to map against industry-accepted security standards, regulations, and control frameworks. It greatly simplified the planning and implementation work.
6. What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?
Each certification has its unique advantage and scenario to be referenced. CCSK and CCSP, in my view, are more vendor-neutral certificates that are good for all vendors’ solutions, especially good for applying to complicated multiple-vendors solutions, where all CCSK or CCSP knowledge is applicable.
7. Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications? Why?
It's a definite "YES" for anyone who would like to get more cloud security knowledge from the ground and equip themselves with updated cloud security implementation and best practices.
8. What is the best advice you will give to IT professionals in order for them to scale new heights in their careers?
Actively discussing with security professionals online (such as social media, IM, and email) and offline (face-to-face, if applicable) whenever you have related queries. You should earn lots from their responses, keep it as your regular practice. At the same time, don't hesitate to contribute your knowledge to the security community to make it a very healthy security eco-environment.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.