“Hacking” the Cloud Security Talent Pool
It’s no secret that more and more forward-thinking companies are taking the necessary steps to move into the cloud, whether it be a public cloud such as Amazon Web Services, a private cloud, or a hybrid cloud platform. The reasoning behind companies taking a slower approach to adopting the cloud lies in security concerns. These concerns align with hesitations that company data is being stored on servers or systems they don’t own or have complete control of. However, control doesn’t necessarily mean security and there are still various attributes to consider when adopting cloud technologies that are mixed in with standard security concepts. The evolution of technology has consequently forced many security professionals to also evolve into Cloud Security Experts. As an experienced recruiter in the Cloud Security space, I know that there is a shortage of Public Cloud Security Experts in today’s workforce. For the companies that are trying to get ahead of the game, here are some tips in “hacking” the cloud security talent pool.
With certifications becoming more prevalent in the IT industry and especially in the Cloud industry, there are many certifications that can expedite your journey in becoming a Cloud Security Expert.
The Certified Information Systems Security Professional, or CISSP, is one of the most sought-after certifications for security management professionals and is a requirement for many companies today. For cloud security experts, this certification validates your understanding of operations security, security design and architecture, and business continuity and disaster recovery planning. These are extremely important security concepts regardless of whether your company’s infrastructure sits on-premise or in the cloud.
The Certified Ethical Hacker or CEH is a more general security certification confirming your knowledge of working with legitimate security problems in the cloud, as they are great targets for hackers. Regarding situations similar to the mishap at Equifax, companies are now realizing the importance of protecting their assets. This certification prepares a cloud professional to ‘think with the brain of hacker’, strengthening your skills with knowledge of penetration testing and vulnerability scanning.
It is difficult to become a Cloud Security professional without any knowledge of at least one major public cloud platform. For many of my clients, the AWS Solutions Architect – Associate Level certification is strongly desired as I work with many AWS partners today. However, with AWS being the largest public cloud and having more than one million clients, this certification is highly regarded across the IT community, proving your architectural skills within the AWS platform.
Cloud security knowledge aside, it is extremely advantageous to have a solid foundation or background working with various information security frameworks and standards such as PCI or HIPAA. This is even more relevant amongst consulting firms due to the prevalence of working with multiple organizations across a diverse set of industries. For example, “a PCI compliant hosting provider should provide multiple layers of defense and a secure data protection model that combines physical and virtual security methods.” This is especially essential amongst companies within the Fintech Industry concerned with protecting cardholder data. According to datahero.com, “Healthcare was previously the sector where the cloud has had the least impact. The lack of adoption here is likely related to regulations such as HIPAA that make health care companies wary of sending their data to a third party. However, new innovations such as telemedicine and cloud storage of medical studies almost guarantee that the healthcare industry will continue to take up the cloud in the years to come.” As companies within the FinTech and Healthcare industries become less skeptical of cloud adoption, cloud consulting firms and MSPs will be looking to hire more Cloud Security Experts with knowledge across multiple security frameworks and standards.
Lastly, IT professionals looking to become Cloud Security Experts need to have a solid understanding of cloud concepts and experience working with different cloud technologies. A strong networking or systems background provides a strong foundation in installation, scaling, provisioning, networking and systems administration and knowledge of security best practices. This foundational knowledge of traditional infrastructure and systems is invaluable to organizations, especially during the initial migration phase as they are moving all of their data out of the data center(s). On the AWS platform,
“Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve customer’s operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS-provided security group firewall.”
Under the shared responsibility model, many organizations will continue to hire Cloud Security Professionals to monitor, service, and maintain their cloud security environment meaning experience navigating through the cloud will be needed amongst security professionals.
As companies continue to adopt cloud technologies, security will remain a focal point for these organizations when deciding who to trust to navigate them through their cloud journey. Employers will continue to need Cloud Security Experts to be subject matter experts in regard to best practices in information security and compliance. IT Security professionals looking to become Cloud Security Experts can take a step in the right direction by taking initiative and familiarizing themselves with various cloud technologies. There are several certifications one can attain such as the ones mentioned above including the CISSP and CEH to validate one’s understanding of important security concepts. However, one cannot substitute experience gained from working with different security frameworks like PCI and HIPAA or experience with Public Cloud platforms such as AWS. This is why it is important for security professionals to constantly build on their existing skill set as these emerging technologies continue to be more prevalent in a Cloud-first world.
Thank you for reading! If you enjoyed this blog and would like to know more about the network of cloud champions ReluTech provides, click here.