CCSK Success Stories: From the Head of Digital Architecture
This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog, we'll be interviewing Narudom Roongsiriwong, SVP, Head of Digital Architecture, Bank of Ayudhya PCL.
1. In your current role at, you are responsible for the solution architecture for the bank’s digital channels. Can you tell us more about what your job involves?
My job involves system integration for all systems under the Digital Innovation and Data group at the Bank of Ayudhya, including architecture governance, architectural designs, and security advisories.
2. Can you share with us some complexities in managing cloud computing projects?
The Bank of Ayudhya has a “Cloud First” policy, which means any new projects should consider using the cloud as a high priority. However, the core banking services which are required for systems on the cloud are located at on-premise data centers; this is one major complexity. Another complexity we found is that the migration of some systems to the cloud cannot be done directly, for the most part. Sometimes we need to re-architect those systems on premise to be “cloud ready” first and then move to the cloud in the subsequent phases. The third complexity is that some people involved in cloud computing projects still perceive the cloud environment as the extension of on-premise data centers. This perception leads to focusing only on the Infrastructure-as-a-Service (IaaS) model instead of taking advantage of Platform-as-a-Service (PaaS), which the cloud natively provides.
3. In managing outsourced cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
One common pitfall in managing outsourced cloud projects, especially in IaaS and PaaS-based projects, is the lack of personnel on the owner’s side who have sufficient knowledge to validate the proposed solutions, such as the integration to the corporate environment, security and compliance. This causes projects to be delayed frequently due to redesigns or solution fixes. To avoid this, it is crucial that the project owner has one or more persons with the necessary knowledge to validate the proposed solution.
4. What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
Unlike other certifications, the CCSK has a more specific body of knowledge in cloud technology security, such as the cloud management plane, software defined networks, virtualization, containers and DevSecOps. This body of knowledge ensures I am able to do some specific cloud security design, such as the Zero Trust environment and DevSecOps pipeline on the cloud.
5. How does the CCM help communicate with customers?
My role mainly involves architectural designs, not security, so the communication about cloud security is from the IT security division. However, I use the CCM to validate the design.
6. What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?
A vendor-neutral certificate focuses on the common body of knowledge that reflects industry requirements. But a vendor-specific certificate mostly focuses on that vendor's products or services. They work in different ways. If working with multi-cloud/multi-vendor, a vendor-neutral certificate is likely to be preferred. On the other hand, a vendor-specific certificate is likely to be better for cloud engineers or architects who are working with that specific vendor’s products or services.
7. Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?
Yes, of course. It would help when we are working on cloud computing-related projects because he or she would have the same body of knowledge in cloud security as I do.
8. What is the best advice you will give to IT professionals in order for them to scale new heights in their careers?
Focus on the body of knowledge first, then the certification will come later. The certification helps to notify other people and to attract their attention. The real knowledge and outcome will be the proof in the pudding (i.e., career path).
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.