![Page 1: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/1.jpg)
![Page 2: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/2.jpg)
Who can protect us?Education for cloud security professionals
Leonardo GoldimCEO, IT2S Group
![Page 3: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/3.jpg)
Overview
![Page 4: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/4.jpg)
New Technologies, New Models• Virtualization• Cloud Computing• BYO*• Big Data• IoT
![Page 5: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/5.jpg)
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
![Page 6: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/6.jpg)
![Page 7: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/7.jpg)
Cloud Computing Concerns
• Security• Privacy• Compliance
![Page 8: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/8.jpg)
2015 (ISC)² Global Information Security Workforce Study
• ~ 14,000 information security professionals: cloud security is a priority for organizations
• 73% - information security professional must develop new skills• 70% - cloud security certification program are relevant
![Page 9: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/9.jpg)
Who are able to protect us?
![Page 10: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/10.jpg)
Industry Needs• Professionals who understand and can apply effective security
measures to cloud environments• A reliable indicator of overall competency in cloud security• Roadmap and career path into cloud security• Common global understanding of professional knowledge and best
practices in the design, implementation and management of cloud computing systems.
![Page 11: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/11.jpg)
Security Professionals Needs• Specialized skill required• Qualified professional help organizations take advantage of cloud services
• Growing adoption of cloud increase the demand for security professional• Cloud expertise move from “nice to have” to “must have”
![Page 12: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/12.jpg)
Required Skills For Cloud• Applying security (general foundational understanding
still needed)• Understanding cloud security guidelines and reference
architectures • Knowing compliance issues • Enhancing technical knowledge • Specifying contractual obligations and requirements
related to security
![Page 13: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/13.jpg)
(ISC)² and CSA
![Page 14: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/14.jpg)
(ISC)² and CSA• CSA
• Individual (CCSK) and organizational (STAR) certifications
• Actively writing ISO standards for cloud security
• 400+ member organizations around the world
• Significant SME pool• Common Book of Knowledge• Ability to reach endorsement on a
company-wide-level with member organizations
• (ISC)2• Individual (CISSP, SSCP, CSSLP etc.)
certifications• Actively involved with ISO on
27xxx• 100,000+ members globally• ISO/IEC 17024 accreditation• DOD mandate• Significant SME pool• Common Bodies of Knowledge
![Page 15: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/15.jpg)
Working Together• Power of two global, industry-leading non-profit associations
• Stewards for the cloud security and information security profession • Corporate cloud thought leaders• Organizations that reinforce professionals’ ability and experience to audit, assess, and
secure cloud infrastructures
• Building on existing certifications from both organizations• Ensures CCSP reflects the most current and comprehensive best practices for
securing & optimizing cloud computing environments• Establishes a globally accepted benchmark for confirming professional
competency in cloud security • Industry expert research and opportunities for continuing education
![Page 16: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/16.jpg)
CCSK(Certificate of Cloud Security knowledge)
![Page 17: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/17.jpg)
Development• Certification Board
– Ariel Litvin– Ben Katsumi– Carlos Saiz– Christofer Hoff– Craig Balding– Gerhard Eschelbeck– Gianluca D’Antonio– Hadass Harel
– Jim Reavis– Joshua Davis– Keith Prabhu– Leonardo Goldim– Peter Gregory– Peter Kunz– Randy Barr– Rich Mogull
![Page 18: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/18.jpg)
Candidates• Suitable for a wide variety of professions that must be concerned with
cloud computing:• IT Professionals• Security Professionals• Auditors• Compliance• Managers• Non-IT Professionals
![Page 19: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/19.jpg)
Value for Candidates• Validate your competence gained through experience in cloud
security• Demonstrate your technical knowledge, skills, and abilities to
effectively develop a holistic cloud security program relative to globally accepted standards• Differentiate yourself from other candidates for desirable
employment in the fast-growing cloud security market• Gain access to valuable career resources, such as tools, networking
and ideas exchange with peers
![Page 20: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/20.jpg)
Value for Organizations• Protect against threats with qualified professionals who have the
expertise to competently design, build, and maintain a secure cloud business environment• Increase your confidence that candidates are qualified and committed
to cloud security• Ensure practitioners use a universal language, circumventing
ambiguity with industry-accepted cloud security terms and practices• Increase organizations’ credibility when working with constituents
![Page 21: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/21.jpg)
Requirements and Domains
• CSA Guidance• Enisa report “Cloud Computing: Benefits, Risks and
Recommendations for Information Security”
![Page 22: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/22.jpg)
CSA Guidance Domains– Cloud Computing Architectural
Framework– Governance and Enterprise Risk
Management– Legal Issues– Compliance and Audit
Management– Information Management and
Data Security– Interoperability and Portability
– Business Continuity and Disaster Recovery
– Data Center Operations– Incident Response– Application Security– Encryption and Key Management– IAM– Virtualization– Security as a Service
![Page 23: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/23.jpg)
Exam• 90 minutes• 60 questions• US$ 345• Web based• No expires
![Page 24: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/24.jpg)
CCSP(Certified cloud security professional)
![Page 25: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/25.jpg)
Development• Job Task Analysis (JTA)
• Subject Matter Experts (SMEs)• (ISC)², CSA, Industry• Asia-Pacific, Europe, Middle East, Brazil, US
![Page 26: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/26.jpg)
Candidates• IT, IT Security, Compliance:
– Enterprise Architect– Security Administrator– Systems Engineer – Security Architect
– Security Consultant– Security Engineer– Security Manager– Systems Architect
![Page 27: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/27.jpg)
Target Organizations• Employers will be crucial to driving adoption of the credential among
appropriate employees and job seekers. • Cloud “thought leaders” (including those attempting to be leaders) who are
trying to promote their position in the cloud market could be influential in driving demand for CCSP. • Target employers include:
• Cloud Service Providers: they know the challenges; value competency; • Information Security Consultants; • IT Integrators and Consultants; • Software Companies. • Government agencies, grappling with migrations to cloud services, should value the
competence reflected by CCSP
![Page 28: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/28.jpg)
Value for Candidates• Demonstrates not just cloud knowledge but competence gained
through hands-on experience in addressing the unique information security demands intrinsic to cloud environments• Affirms commitment to understanding and applying security best
practices to cloud environments – today and in the future• Enhances credibility and marketability for the most desirable cloud
security opportunities; bolsters standing and provides a career differentiator • As a member of (ISC)2, CCSPs gain access to valuable career
resources, such as networking and ideas exchange with peers
![Page 29: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/29.jpg)
Value for Organizations• Secures and optimize organization’s use of cloud computing with qualified
professionals who’ve demonstrated cloud security competence • Ensures the organization is applying the proper cloud security controls internally and
with 3rd parties by reinforcing risk and legal requirements through cloud contract and SLA’s with cloud service providers• Backed by the two leading stewards of information and cloud security knowledge –
(ISC)2 & CSA – organizations can be confident it reflects the most current required best practices and competency• Increases organizational integrity in the eyes of clients and other stakeholders • Ensures work teams stay current on evolving cloud technologies, threats and
mitigation strategies by meeting the continuing professional education requirements
![Page 30: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/30.jpg)
Requirements and Domains• 5 years working experience• 3 years must be in information security• 1 year in one CBK domain
• CCSK can be substituted for 1 year experience in CBK domain• CISSP can be substituted for entire experience requirement
![Page 31: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/31.jpg)
Requirements and Domains• Architectural Concepts & Design Requirements• Cloud Data Security• Cloud Platform and Infrastructure Security• Cloud Application Security• Operations• Legal and Compliance
![Page 32: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/32.jpg)
Exam
• 4 hours• 125 questions• US$ 549• PearsonVUE testing centers
![Page 33: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/33.jpg)
Maintain• 3-year cycle• Annual Maintenance Fee (AMF) US$ 100• 90 CPEs
• 30/year
• Can utilize CSA to satisfy CPE requirements
![Page 34: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/34.jpg)
Compare
![Page 35: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/35.jpg)
Complementary
CCSP
Deeper,
advanced
experience-based
cloud security knowledge
CCSK
Broad, Foundational, Baseline Knowledge
![Page 36: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/36.jpg)
CCSP x Others (ISC)² and CSA Programs
• CCSP complements existing credentials• (ISC)² x CSA: complimentary portifolio• CSA: “Incubator of cloud best practices”• Provide relevant opportunities for CPEs
![Page 37: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/37.jpg)
CCSP x CCSK• Professionals with heavy involvement: CCSK and CCSP• CCSK indicator of broad-based knowledge• CCSP intended for professionals more heavily involved
![Page 39: Csa summit who can protect us education for cloud security professionals](https://reader035.vdocument.in/reader035/viewer/2022070515/587b410a1a28ab9c0e8b5ad3/html5/thumbnails/39.jpg)