CCSK Success Story: From a Cybersecurity and Privacy Officer
Published 01/06/2023
This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog, we'll be interviewing Dennis Chan, Country Cybersecurity & Privacy Officer at Huawei.
1. Can you tell us about what your job involves?
My job scope involves cybersecurity and privacy governance, risk, and compliance management for our business in Singapore.
2. Can you share with us some complexities in managing cloud computing projects?
It differs depending on whether the project is about transforming from on-premises to cloud, migrating to other CSPs, or moving towards multi-cloud or hybrid cloud. But some of the common complexities are compliance and governance, data breaches, and human errors.
3. In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
Develop a sound cloud security strategy (and exit strategy) before moving into a cloud environment, as it is totally different from on-premises implementation. Seek consensus on cloud governance or policies with your C-Suite and also have good understanding of your organization’s cybersecurity capabilities.
4. What made you decide to earn your CCSK? What part of the material from the CCSK will be the most relevant to your work and why?
Since Huawei is a public CSP and I’m the company CISO, it will be beneficial for me to put into practice what I learned from the CCSK. For my current role as CISO, the topics of Governance, Risk Management, and Compliance will be the most relevant to me.
5. How does the CCM help communicate with customers?
The Cloud Controls Matrix (CCM), a cloud security framework across 13 domains, including cloud identity and access management, data center security, and application security, aims to develop guidelines that help both CSPs (like Huawei Cloud) and customers define and validate how best practices are being adopted within their cloud environment to ensure their shared responsibilities to maintain cloud security.
6. What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?
Regardless who the CSP is, the CCSK is considered the foundation of cloud security as it provides comprehensive, broad-based knowledge on securing the cloud from the different layers (secure cloud architecture, data security, and application security) and different phases (designing, implementing, operations, etc.).
7. Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?
I will definitely encourage my fellow colleagues and industry friends who are involved in cloud security or cloud solution architecture to have a go at the CCSK. Considering security needs should start as early as the solution design stage.
8. What is the best advice you will give to IT professionals in order for them to scale new heights in their careers?
In today’s digital era where ICT technologies evolve swiftly even before we can gain full understanding of them, it is important for us to acquire new knowledge and skills, hence any form of professional development from courses and/or certification will help in your career. If you are into cloud security, why not consider getting started with the Cloud Security Alliance?
Related Articles:
Modern Day Vendor Security Compliance Begins with the STAR Registry
Published: 12/20/2024
CSA Community Spotlight: Filling the Training Gap with Dr. Lyron H. Andrews
Published: 12/06/2024