Taming the Cloud Together CCSP & CCSK Synergy

David Shearer, CEO, (ISC)²; Jim Reavis, CEO, CSA; Kevin Jackson, GovCloudNetwork; Rich Mogull, Securosis;

Brandon Dunlap (Moderator)

David Shearer

CEO, (ISC)²

Brandon DunlapModerator

Kevin JacksonFounder and CEO, GovCloudNetwork

Rich MogullFounder, Securosis

Jim ReavisCEO, CSA

Jim ReavisCEO, CSA

David ShearerCEO, (ISC)² David ShearerDavid Shearer

• How CCSK and CCSP complement one another

• Why it’s important for practitioners

• Certificate and Certification are both valuable but are not synonymous

– Different assessment goals – previously acquired versus learning event acquired

– Different exam conformity requirements

– Different accreditation requirements

Certificate or Certification?

http://www.credentialingexcellence.org/p/cm/ld/fid=4

Certificate of Cloud Security Knowledge

Rich Mogull, Securosis

Cloud Is an Alien Life Form• Cloud is developer-driven• Things that look the same, most definitely

are not the same– E.g. is a cloud route table the same as the

one on your router?

• Every provider is fundamentally different at the lowest possible levels

• Old patterns are now new antipatterns

Security Providers Need a Very Particular Set of Skills

• Provider-specific security architectures– Requires a technical understanding, and

changes daily. E.g. serverless DMV?

• Security coding• Updated incident response and

remediation• Cloud-specific risk assessment

Where the CCSK Fits• Provides baseline knowledge in all

security domains• CCSK-Plus reinforces with practical,

technical, hands-on labs• Can be delivered to non-security cloud

professions (ops/dev) to improve their awareness.

Certified Cloud Security Professional

Kevin L. Jackson, CISSP®,CCSP®, CCSK®

Role of the CCSPThe CCSP credential denotes professionals with deep-seated knowledge and competency derived from hands-on experience with information security and cloud computing. CCSPs help you achieve the highest standard for cloud security expertise and enable your organization to benefit from the power of cloud computing while keeping sensitive data secure.

Certified Professionals: Experience + Knowledge• Cloud deployment models, service models

and implementation models.• Key terminology, and associated definitions.• Legal, contractual, security, privacy and

compliance considerations.• Cloud service provider due diligence• Cloud security strategy development and

implementation• Design, execution and management of

cloud ecosystem security strategy• Cloud adoption business case development

Certification Domains

• Architectural Concepts and Design Requirements

• Cloud Date Security • Cloud Platform and Infrastructure

Security • Cloud Application Security • Operations• Legal and Compliance

David Shearer

CEO, (ISC)²

Brandon DunlapModerator

Kevin JacksonFounder and CEO, GovCloudNetwork

Rich MogullFounder, Securosis

Jim ReavisCEO, CSA