By the CSA Education Team
This is the fourth part in a blog series on cloud security training, in which we will be interviewing Satishkumar Tadapalli a certified and seasoned information security and data privacy consultant. Tadapalli has 12+ years of multi-functional IT experience in pre-sales, consulting, risk advisory and business analysis. He has rich experience in information protection and data privacy, risk management, information security with various ISO 27001 implementation, audits and is currently working for a London-based bank as a risk advisor, looking after 3rd-party assurance and cloud risk assessments.
Satish holds several certifications including: CISM, CIPM, CIPT, CCSK, ISO27001 LA, CISRA, CPISI, and ITIL V3.
Can you describe your role?
In this diverse, cloud-connected, dynamic world, it’s not easy for me to describe a specific role as I’m required to wear multiple hats depending on the table at which I’m seated. Having said that, currently I’m performing a risk advisory role at one of the largest banks in the UK. This position keeps me challenged in performing contractual risk assurance, data privacy consultations and cloud risk assessment of 3rd-, 4th-, and 5th-party vendors, and governing the supplier risk-assurance activities to ensure that the consumer and providers are adhering to the privacy and security principles and keeping customer data safe and secure.
What got you into cloud security in the first place? What made you decide to earn your CCSK?
Cloud security is an interesting and evolving topic for me. I believe cloud adoption isn’t a choice for organizations in this era, now. For this reason, keeping myself updated on the must-have knowledge in cloud made me pay attention to cloud security. Once I’d decided to get my hands into cloud security, I felt CCSK was my go-to in order to get started with concepts as it covers the foundations of real-world, complex scenarios in cloud implementation, migration, issues in adoption, evaluation of cloud and many others.
“ … makes you not only think from the cloud deployment view, but also provides guidance for both cloud service provider and consumer views which is very uniquely appreciated and helps in real-world solutioning—especially when you wear multiple hats—of risks from vendor to consumers.”
Could you elaborate on how the materials covered in the exam specifically helped in that way?
Sure, as we all know CCSK isn’t a specific, cloud product-related exam. Rather, I think the intention of this exam is to evaluate how well the key elements or domains of cloud models/service(s) are understood by candidates. Hence, this exam expects you to be aware of key areas such as governance, legal challenges, incident response, compliance, and risk management, which are very essential and challenging in cloud adoption for both consumers and service providers of cloud.
How did you prepare for the CCSK exam?
I mainly followed the CCSK exam preparation kit available on CSA site, plus my limited experience in security and 3rd-party risk assessment helped to crack the CCSK exam.
If you could go back and take it again, how would you prepare differently?
As I mentioned earlier, cloud is a constantly changing world with new threats and challenges evolving almost every day. Hence, I would elevate my knowledge by looking at current study materials from CSA and explore the real challenges and solutions in industries for cloud implementation and adoption.
Were there any specific topics on the exam that you found trickier than others?
I felt that the legal and compliance management along with security incidents handling domains were quite interesting. Primarily, because these areas bring different challenges to cloud services, mainly in detailing the roles and responsibilities and limitations for both cloud consumers and cloud providers.
What is your advice to people considering earning their CCSK?
I strongly advise CCSK aspirants look at this exam as a foundational course and use it as a stepping stone in the vast cloud security journey. CCSK won’t just differentiate you from others by giving you a credential, it will also help you in a longer journey irrespective of your role (cloud consumer, provider or independent cloud risk advisor, etc.) due to its essential concepts, which aren’t specific to any cloud vendor/solution.
Lastly, what material from the CCSK has been the most relevant in your work and why?
It is a bit hard for me to point out one or any specific domain(s) as most of the domains and materials were and are relevant to my work as I’m required to play multiple roles given the nature of business we are in today. Specifically, I use the Security Guidance and the Cloud Controls Matrix the most as I deal with vendor risk management. These help to clarify key roles and responsibilities between the cloud provider and consumer. In addition, these documents act as a guide for me to reassure myself of cloud concepts.
Interested in learning more about cloud security training? Discover our free prep-kit, training courses, and resources to prepare to earn your Certificate of Cloud Security Knowledge here.