Volunteer Spotlight: Sean Cordero

Mr. Sean Cordero, CISSP, CISA. CRISC, CISM, is the chair of the Cloud Security Alliance’s Cloud Controls Matrix where he works alongside other industry thought leaders to drive the development of security standards for cloud computing. Prior to establishing his company, Cloud Watchmen, Inc., Mr. Cordero served as the CSO for EdFund, where his team oversaw information security for an over $39B loan portfolio. His previous roles included: Director of Security and Compliance for Charlotte Russe, and global leader for Life Technologies distributed systems program. Mr. Cordero regularly presents at leading industry and academic conferences including CSO Magazine, the High Technology Crimes Association, and UC Davis, where he has shared his dynamic and pragmatic approach to information security. When he's not professing the virtues and pitfalls of cloud computing, he enjoys armchair directing along with his son, Aidan - because it could have always been done better. Mr. Cordero can be followed on Twitter @sean_cordero. How did you become involved in the CSA? My involvement with the CSA started at the 2012 CSA Summit. The previous chair of the Cloud Controls Matrix, Becky Swain, had begun searching for a new leader to pass the mantle of Chair. After a few discussions with the leadership I was asked to come on as the first new Chair of the Cloud Controls Matrix. What type of knowledge or skills have you gained by your involvement in the CSA that otherwise you would not have in your current role? I have been fortunate to gain an even deeper appreciation for the nuanced nature of the customer and provider relationships. In my practice I have seen many scenarios where the customer and provider needs misalign from the start. However, through the research work I have contributed to, I’ve realized that the gap between the customer and provider isn't as wide as an outsider would assume it to be. Both parties want to provide excellent service and assurances - how they achieve that is the heavy lifting that needs to occur between the provider and customer. Fortunately, through tools like the Cloud Controls Matrix the initial understanding of provider capabilities is clearer and sets the stage for the start of a productive dialogue How do you think your involvement has impacted cloud security? The thought leadership and research that comes from the CSA has made a profound impact on the entire cloud industry. From the industry-wide adoption of the Cloud Controls Matrix by providers and customers and the taxonomy for cloud security controls we have created - our work has been far reaching. I’m glad to be able to contribute to the industry so directly and love seeing the results of our research reflected in all aspects as it relates to trust, assurance, and security in the cloud. It’s a great time to be engaged. How has it impacted your development as a professional? The involvement with the CSA provides a structured forum to enable the open exchange of ideas across an incredible group of experts, providers, and customers. These perspectives help me gain a deeper understanding of the emerging issues facing the industry and serves as the context and inspiration to continue improving the work we have committed to. What is next for Sean with the CSA? The remainder of 2014 will be an exciting time. Between the forthcoming release of the Cloud Controls Matrix v3.0.1, great developments in our industry partnerships, and the amazing work coming from the research teams - I believe the CSAs industry leading efforts will continue to make a positive impact across this universe we call the Cloud.