“Hacking” the Cloud Security Talent Pool
It’s no secret that more and more forward-thinking companies are taking necessary steps to move into the cloud, whether it be a public cloud like Amazon Web Services, private cloud, or some hybrid cloud platform. One big reason as to why some companies have taken a slower approach to adopting the cloud is due to security concerns. This is due to hesitations that your data is being stored on servers or systems you don’t own or have complete control of. However, control doesn’t necessarily mean security and there are still many new rules to consider when adopting cloud technologies that are mixed in with standard security concepts. This evolution of technology has consequently forced many security professionals to also evolve into Cloud Security Experts. As an experienced recruiter in the Cloud Security space, I know that there is a shortage of Public Cloud Security Experts in today’s workforce. For those of you that are trying to get ahead of the game, here are some tips in “hacking” the cloud security talent pool. Certifications With certifications becoming more prevalent in the IT industry and even more specifically in the Cloud industry, there are many certifications that can help you to become a Cloud Security Expert.
The Certified Information Systems Security Professional , or CISSP , is one of the most sought-after certifications for security management professionals and may sometimes be a requirement for many companies today. For cloud security experts, this validates your understanding of operations security, security design and architecture, and business continuity and disaster recovery planning, all of which, are extremely important security concepts regardless of whether your company’s infrastructure sits on-premise or in the cloud.
The Certified Ethical Hacker or CEH is a much more general security certification confirming your knowledge of working with real security problems in the cloud as they are great targets for hackers. With situations like the mishap at Equifax, companies are realizing the importance of protecting their assets. This certification prepares you to think as a hacker, strengthening your skills with knowledge of penetration testing and vulnerability scanning.
It’s hard to become a Cloud Security professional without any knowledge of at least one major public cloud platform. At ReluTech, the AWS Solutions Architect – Associate Level certification is strongly desired as we are an AWS Premier Consulting Partner. However, with AWS being the largest public cloud and having more than one million clients, this certification is highly regarded across the IT community, proving your architectural skills within the AWS platform.
Security frameworks Cloud security knowledge aside, it is extremely advantageous to have a strong foundation or background working with various information security frameworks and standards such as PCI or HIPAA. This is even more relevant amongst consulting firms such as ReluTech due to the prevalence of working with multiple organizations across varying industries. For example, “a PCI compliant hosting provider should provide multiple layers of defense and a secure data protection model that combines physical and virtual security methods.” This is especially important amongst companies within the Fintech Industry concerned with protecting cardholder data. According to datahero.com, “healthcare was the sector where the cloud has had the least impact. The lack of adoption here is likely related to regulations such as HIPAA that make health care companies wary of sending their data to a third party. However, new innovations such as telemedicine and cloud storage of medical studies almost guarantee that the health care industry will continue to take up the cloud in the years to come.” As companies within the FinTech and Healthcare industries become less skeptical of cloud adoption, cloud consulting firms like ReluTech will be looking to hire more Cloud Security Experts with knowledge across multiple security frameworks and standards.
Cloud experience Lastly, IT professionals looking to become Cloud Security Experts need to have a solid understanding of cloud concepts and experience working with different cloud technologies. A strong networking or systems background can also provide a strong foundation in installation, scaling, provisioning, networking and systems administration and knowledge of security best practices. This foundational knowledge of traditional infrastructure and systems is invaluable to organizations, especially during the initial migration phase as they are moving all of their data out of the data center(s). On the AWS platform,
“Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve customer’s operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS-provided security group firewall.”
Under the shared responsibility model, many organizations will continue to hire Cloud Security Professionals to monitor, service, and maintain their cloud security environment meaning experience navigating through the cloud will be needed amongst security professionals.
As companies continue to adopt cloud technologies, security will remain a focal point for these organizations when deciding who to trust to navigate them through their cloud journey. Consulting companies such as ReluTech and many others will continue to need Cloud Security Experts to be subject matter experts in regard to best practices in information security and compliance. IT Security professionals looking to become Cloud Security Experts can take a step in the right direction by taking initiative and familiarizing themselves with various cloud technologies. There are several certifications one can attain such as the ones mentioned above including the CISSP and CEH to validate one’s understanding of important security concepts. However, one cannot substitute experience gained from working with different security frameworks like PCI and HIPAA or experience with Public Cloud platforms such as AWS. This is why it is important for security professionals to constantly build on their existing skill set as these emerging technologies continue to be more prevalent in a Cloud-first world.