CCSK Success Story: From the Head of IT Infrastructure and Security

This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog, we'll be interviewing William Ho, Head of IT Infrastructure and Security at ATT Group.

1. Can you tell us about what your job involves?

In my current role, I am responsible for the IT Department; I manage a team consisting of various domain experts to support ATT Group in IT, OT, Cloud, Cybersecurity, and GRC. On top of that, the team also provides pre- and post-sales support to the various divisions across the group in projects, to continuously generate revenue for the business growth.

2. Can you share with us some complexities in managing cloud computing projects?

The cloud computing landscape has evolved over time, from the traditional SPI (SaaS, PaaS, and IaaS) service model into XaaS, with different variants, services, and multi-cloud deployment. Ensuring proper governance (complying with the respective country standards and regulations) for each cloud journey comes with different levels of complexities and challenges to be addressed.

3. In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?

Have a reasonable budget, identify the right service provider/consulting firms with certified and competent cloud security professionals, and review and understand the Shared Responsibility Model.

4. What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?

I was interested in cloud computing when it was still in its infancy back in 2009. The curiosity led me to take (and pass) the CCSK v2.1 in 2010 and subsequently the CCSK v3 and v4. In fact, all the domains within the Guidance are relevant and provide a good foundation to gain knowledge and skills in cloud security and governance.

5. How does the CCM help communicate with customers?

With the proliferation of cloud deployment and adoption, the Cloud Controls Matrix (CCM) serves as a reference document and control framework for cloud computing, with the mapping against industry-accepted security standards, regulations, and control frameworks. It enables cloud stakeholders to easily assess, review, identify, and implement relevant controls for their cloud environment accordingly.

6. What’s the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?

A vendor-neutral certification provides an objective perspective about cloud security concepts and broader exposure of knowledge and best practices which are relevant across different cloud platforms and jurisdictions. On top of that, any person who has successfully earned any previous version of the CCSK will continue to be considered a CCSK certificate holder. Whereas, vendor-specified tends to focus on the products/features of a specific vendor, which may not necessarily be applicable in another vendor’s platform.

7. Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?

Definitely. Cloud computing is definitely here to stay for a long time. It is increasingly becoming a critical knowledge and skill set one must have. The CCSK and other CSA qualifications have been widely recognized by industry and the market as a mark of standard of expertise.

8. What is the best advice you could give to IT professionals in order for them to scale to new heights in their careers?

Technology is always evolving; it is imperative that IT professionals adopt the ideas of continuous learning and improvement, so as to maintain relevance in the IT/Security industry.