Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Taming the Cloud Together CCSP & CCSK Synergy
David Shearer, CEO, (ISC)²; Jim Reavis, CEO, CSA; Kevin Jackson, GovCloudNetwork; Rich Mogull, Securosis;
Brandon Dunlap (Moderator)
David Shearer
CEO, (ISC)²
Brandon DunlapModerator
Kevin JacksonFounder and CEO, GovCloudNetwork
Rich MogullFounder, Securosis
Jim ReavisCEO, CSA
Jim ReavisCEO, CSA
David ShearerCEO, (ISC)² David ShearerDavid Shearer
• How CCSK and CCSP complement one another
• Why it’s important for practitioners
• Certificate and Certification are both valuable but are not synonymous
– Different assessment goals – previously acquired versus learning event acquired
– Different exam conformity requirements
– Different accreditation requirements
Certificate or Certification?
http://www.credentialingexcellence.org/p/cm/ld/fid=4
Certificate of Cloud Security Knowledge
Rich Mogull, Securosis
Cloud Is an Alien Life Form• Cloud is developer-driven• Things that look the same, most definitely
are not the same– E.g. is a cloud route table the same as the
one on your router?
• Every provider is fundamentally different at the lowest possible levels
• Old patterns are now new antipatterns
Security Providers Need a Very Particular Set of Skills
• Provider-specific security architectures– Requires a technical understanding, and
changes daily. E.g. serverless DMV?
• Security coding• Updated incident response and
remediation• Cloud-specific risk assessment
Where the CCSK Fits• Provides baseline knowledge in all
security domains• CCSK-Plus reinforces with practical,
technical, hands-on labs• Can be delivered to non-security cloud
professions (ops/dev) to improve their awareness.
Certified Cloud Security Professional
Kevin L. Jackson, CISSP®,CCSP®, CCSK®
Role of the CCSPThe CCSP credential denotes professionals with deep-seated knowledge and competency derived from hands-on experience with information security and cloud computing. CCSPs help you achieve the highest standard for cloud security expertise and enable your organization to benefit from the power of cloud computing while keeping sensitive data secure.
Certified Professionals: Experience + Knowledge• Cloud deployment models, service models
and implementation models.• Key terminology, and associated definitions.• Legal, contractual, security, privacy and
compliance considerations.• Cloud service provider due diligence• Cloud security strategy development and
implementation• Design, execution and management of
cloud ecosystem security strategy• Cloud adoption business case development
Certification Domains
• Architectural Concepts and Design Requirements
• Cloud Date Security • Cloud Platform and Infrastructure
Security • Cloud Application Security • Operations• Legal and Compliance
David Shearer
CEO, (ISC)²
Brandon DunlapModerator
Kevin JacksonFounder and CEO, GovCloudNetwork
Rich MogullFounder, Securosis
Jim ReavisCEO, CSA