In a recent conversation with a potential employer I was being interviewed by, I was asked about my thoughts on cloud computing and cloud security.
Before setting off on my carefully scripted answer to this softball question that very few people really even understand much less could ascertain a useful answer, I asked the security team panel if they were familiar with the Cloud Security Alliance (https://cloudsecurityalliance.org/ ) and the industry guidance documents in the space by them and others such as IBM, Intel, etc.
Now this is a Fortune 500 company and I was outright shocked that though they were asking this question, not a single one of them even knew of the CSA or any industry guidance documents in this volatile and unpredictable space.
More importantly, they didn’t really have any idea what they were going to do about it. Now I can the rush to the keyboard to type “but that is what they're hiring a CISO for,” but before you crucify me let me add that these folks have had a couple CISOs before me and are charging into the cloud as we speak.
My point here is that you don’t have to be a CISO to be a professional and understand what is going on in the industry. You can’t show up at a security conference these days without seeing a cloud security session somewhere, even ASIS International, www.asisonline.org, the Traditional Security Management association has had quality cloud sessions the last couple years.
About the Author
Dave Tyson– MBA, CPP, CISSP
As President and CSO of Apollo, Dave Tyson leads CISO Insights, the cybersecurity advisory and professional services business unit of Apollo Information Systems. Dave partners with Apollo’s clients to provide …Read More