Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Join us for Cybersecurity Awareness Month! Strengthen your cyber resilience with essential security tips and resources for everyone.

CSA Community Spotlight: Bolstering the Mission of Cybersecurity with CEO Avani Desai

Published 10/02/2024

Home
Industry Insights
CSA Community Spotlight: Bolstering the Mission of Cybersecurity with CEO Avani Desai
Written by Megan Theimer, Content Program Specialist, CSA.

The Cloud Security Alliance (CSA) has established itself as the leading authority in cloud security by building deep collaborations with industry experts and pioneers in cybersecurity. Since its incorporation in 2009, CSA has worked closely with a vast network of professionals, researchers, and thought leaders to develop a suite of industry-leading resources, including the Security, Trust, Assurance and Risk (STAR) program, the world's largest and most complete cloud security assurance program. In celebration of CSA’s 15th anniversary, we’re highlighting 15 of these distinguished partners and contributors who have been instrumental in shaping CSA’s efforts to enhance cloud security standards.

Avani Desai headshot

Today we’re speaking with Avani Desai, Partner and Chief Executive Officer at Schellman, a CPA firm that focuses on technology and security assessments. At Schellman, Avani focuses on growth strategies, strategic client and market development, industry analysis, and new services. She has been featured in Forbes, CIO.com, and the Wall Street Journal, and is a sought after speaker for a variety of emerging topics, including security, privacy, technology trends, and the expansion of women in tech. Below, learn more about Avani’s passion for cybersecurity and the CSA community, as well as Schellman’s contributions as a Certified STAR Auditor.


What are the various ways you’ve been involved with CSA over the years?

I’ve had the privilege of engaging with CSA in several meaningful ways, from speaking engagements to contributing through working groups, particularly around CSA STAR. These working groups are a fantastic opportunity to provide both a practitioner’s and an auditor’s perspective on the excellent work CSA is doing. I’ve enjoyed being part of the conversation, ensuring that the standards we set are not only aspirational but also actionable for those on the ground implementing them.

Additionally, I’ve had the honor of sharing the stage with CSA leaders like Troy Leach to discuss how emerging technologies like AI are reshaping cybersecurity. It’s been a rewarding journey, and I look forward to continuing to contribute to CSA’s mission.


What’s your favorite memory of the CSA community?

My favorite memory has to be receiving the Philippe Courtot Leadership Award. It was such a humbling experience to be recognized by a community that I have so much respect for. Philippe Courtot was a visionary in our field, and to receive an award in his name was a reminder of the responsibility we all share in advancing cybersecurity. It wasn't just about the recognition—it was a moment of deep gratitude for all the people I've collaborated with in the CSA community over the years. It reinforced why I continue to be passionate about this work and this incredible group of professionals.


Why do you continue to be a part of the CSA ecosystem?

The CSA community has always been about collaboration and innovation. It’s not just about what we do today, but about how we can shape the future. The shared mission to create a more secure digital landscape aligns with my own professional goals, and I continue to stay involved because the work we do collectively matters. What I love most is working with really, really smart people—it’s awesome to be in a room where everyone has the same passion and drive for cybersecurity. That energy keeps me inspired and reminds me of why this work is so important.


What do you see as one of CSA’s most significant contributions to the cybersecurity industry?

CSA’s leadership in establishing globally recognized standards for cloud security has been a game changer. The Cloud Controls Matrix, in particular, has empowered organizations worldwide to improve their security postures. What I also love about CSA is its commitment to education and advocacy—making cloud security more accessible for businesses at every level.

On top of that, we’re one of the providers for CSA STAR Attestation and Certification, which our clients see as a true differentiator. It gives them the confidence that their cloud security meets the highest standards, and it’s been incredibly rewarding to help them achieve that level of trust and assurance.


What are your predictions for CSA in the next 15 years?

This is tough because the world of cloud, AI, and emerging technologies is changing so fast—but that’s exactly why CSA is one of the few organizations that can keep up. As sovereign cyber needs evolve and the increase in regulation and frameworks continues, CSA will lead the charge in addressing the security challenges posed by AI, IoT, and multi-cloud environments. They’ll play a critical role in defining security standards for these emerging technologies, ensuring that innovation doesn’t outpace security. I also see CSA expanding its global presence, partnering with more industries, and influencing policy as cybersecurity becomes even more important for governments and enterprises alike.


Question from interviewee Rick Doten: What is the one thing you tell people is different about cloud security as opposed to traditional on-premise security?

One of the biggest differences is the shared responsibility model in cloud security. Unlike traditional on-premise security, where companies have complete control over their infrastructure, in the cloud, security is a shared responsibility between the service provider and the customer. This shift requires organizations to be more proactive in understanding and managing the security of their cloud deployments.

As an auditor, I’ve seen firsthand how this shared responsibility can lead to gaps if not properly managed—especially when organizations assume their cloud provider handles more than they actually do. It’s no longer just about building a strong perimeter; it’s about ensuring security across the application layers, access controls, and continuous monitoring. For organizations, this means they need to be diligent in understanding their role within that shared model and implementing controls that ensure the full environment is secure, not just what the provider manages.


Do you have a question for the next interviewee to answer?

What’s one lesson you’ve learned from the CSA community that has had a lasting impact on your approach to cybersecurity?


Make sure to check out more insights from the CSA community here.

Cloud Controls MatrixEventsShared Responsibility ModelSTAR

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Access the Cybersecurity Awareness Month Bundle
Register for the Zero Trust Summit 2024
Download: AI in Medical Research
Trending This Week
#1 5 Tips for Managing Shadow IT
#2 Top Threat #2 to Cloud Computing: Insecure Interfaces and APIs
#3 Generative AI Proposed Shared Responsibility Model
#4 How is CSA STAR different from ISO 27001 and SOC 2?
#5 The Top Cloud Computing Risk Treatment Options
Audit Cloud Providers with Confidence & Enroll in STAR Lead Auditor Training
Related Articles:
Reflections on NIST Symposium in September 2024, Part 1

Published: 10/04/2024

Implementing the Shared Security Responsibility Model in the Cloud

Published: 09/27/2024

How to Prepare for Inevitable Risks to Your SaaS Data

Published: 09/26/2024

What is the CSA STAR Program? An Intro for Beginners

Published: 09/24/2024