What is the true value of a cybersecurity certification? Many people may underestimate the depth of knowledge that is required to earn the designation of a certified security professional. Along with that, many do not recognize the global reach of a certification. We spoke to Jonas Björk, of Cygate, which is a Swedish telecommunications organization. His decades-long passion for cybersecurity is only eclipsed by his love of skateboarding. Jonas attested to both the gravity of knowledge required, and the value of the Certified Cloud Security Professional (CCSP) credential. His sincere and candid conversation is extremely motivating.
Q: What is your current role at Cygate?
A: My role at Cygate is a Security Pre-sales representative, as well as an engineer and security advisor. We support and supply our customers with network and security equipment, as well as consulting. We pretty much solve your security needs within both cloud and on-prem. We help customers with both public, private, and hybrid cloud solutions. We also provide SOC services for our customers with our own datacenters.
Q: What attracted you to cybersecurity?
A: Around 2004 I attended a security seminar, and the keynote speaker demonstrated a live hack, and then I knew that I wanted do this. At the time, I was working in an IT admin role. My first cybersecurity job was with a global company, as part of their Malware/Threat hunting team. It was a fun time and a good start into the security field where I learned a lot and got great friends along the way.
Q: What was your path to seeking the CCSP credential?
A: Initially, I met the qualifications for the CISSP, and when the CCSP exam was developed, it was the next logical step in my cybersecurity career. One impetus was that the bank I was working with was transitioning to a full cloud environment. There were no one in house who could manage cloud. No one had cloud education or background.
To be perfectly honest, I did not pass the exam on the first attempt. It's because I was a little overconfident, and I already attained the CISSP credential, so I didn't put in all the time that I should have to pass the exam. I got humbled really quickly. I learned the hard way. Then, I took a totally new approach. I watched three of four different video courses, whole courses, some were more than 22 hours each. Then, I read two books about subject, attended different study groups, and I scanned all kinds of documents on the internet. I started going through publications, and stuff like that to gain more knowledge. And then the last thing was that I attended the boot camp as well.
A funny thing happened at the boot camp, I had previously watched Dr. Lyron H. Andrews’ CCSP videos on Pluralsight, and to my big surprise he was now the teacher. It was a really rewarding week with lots of new insights and great discussions.
Q: Dr. Andrews was interviewed as part of our training series. Was the boot camp an official (ISC)² training?
A: Yes, the training was excellent. Dr. Andrews is a never ending resource of information. We talked about everything pertaining to cloud. The (ISC)² trainers always want to hear your point of view, and they listen with empathy. It was amazing.
Q: Did the vendor neutral aspect of the CCSP influence your decision in any way, rather than seeking a vendor-specific certification?
A: Yes, because one part of the company was going to use Azure, and another part of the company wanted to use AWS. This was fine, but it we also had on premises infrastructure as well. So, between the mixed cloud environment, and the hybrid environment, we needed training to deal with both. The mixture of environments is not unusual.
Q: Did you take the technical training from those vendors as well?
A: I'm doing that now, actually. I have a plan of pursuing an Azure certification very soon, and I want to attain the security certifications for both Azure and AWS.
Q: How do you anticipate that all of those pieces together will benefit you?
A: The vendor knowledge helps, because they are focused on their particular cloud solution and the tools to manage it, but the CCSP is the glue that connects all the concepts. You get a better overview with the CCSP Common Body of Knowledge to see what the capabilities are, and how you can fit everything together. It's really good to have a vendor neutral certification just because of the fact that everything changes all the time, but the vendor neutral information is so broad, summing up everything you need. I don't work on the technical side, and the study materials for the CCSP exam is perfect for a non-technical role, but it also sparked my interest to learn more at the technical level.
Q: What do you do to obtain your Continuing Professional Education (CPE) credits? Are there any particular things you like to do?
A: I try to attend at least one formal course a year. I can usually fulfill all of my CPE requirements there, but I also attend a lot of seminars. I read books and relevant magazines as well. I try to stay very close to what is happening in the field all the time. It's an ongoing process. You should always dig for new information.
Q: Could you expand a little bit on a challenge that you faced your career, and how you approached it?
A: Security maturity is a constant challenge. It’s unfortunate, but a lot of people don't really care about security until they need it; until after an incident occurs. That's one of the biggest challenges for most of the security industry. One way to approach it is to go further up the chain of command, to work with the C-Level. But it still remains a challenge to convince people to understand why cybersecurity is important. Awareness training is good, but not if it is just about clicking boxes on a video quiz. Cybersecurity should be an enabler, working within the organization to find solutions to help your colleagues.
Q: What achievement or contribution are you most proud of?
A: At my previous job at the bank, me and two former colleagues were given the security requirement responsibility of moving to a cloud-based banking platform. We were a part of a strong team of project leaders, legal people and various other roles making sure that nothing was overlooked. We had to collaborate with various departments, including the Legal department to adhere to regulatory requirements, but we achieved the goal.
Q: What is the most satisfying part of your current role at Cygate?
A: Part of it is the office environment. I worked at home for almost two years during the Covid lockdowns, and that took a toll on me. The opportunity to join Cygate just came up, and it is a good fit. It's extremely satisfying to be out talking to customers, to help them; to try to make the world secure. I really like to help to raise security awareness in a positive way. The security field brings us constant challenges, and constant changes. Very seldom does it get static. I have worked in lots of different roles and most of the times it is so fun and rewarding.
Q: What do you see as the biggest challenge for cloud security right now?
A: A big challenge comes from the ease of spinning up new machines in a cloud environment. Different departments in an organization may just spin up something, thinking that it is just a small environment, but cumulatively, the company may be financially affected. It can go unnoticed for months, or years without considering the cost to the organization. Another problem, of course, is that some of these environments are set up without any security in mind.
Q: Do you see any way that security can be thought about upfront?
A: The view of security has to be more of a friend, than an enemy of development. It's better if we all start working together, and communicating together. That's a philosophy I try to live by. It’s easy to say no because something may not be initially secure, but there is usually a way to solve the problem instead.
Q: Who has inspired you the most in your career?
A: All the security people doing what they are doing, trying to make a more secure world out there. And of course all the people I have worked with, and especially my old manager Michael Lindström, who inspired me to attain both the CISSP, and CSSP credentials.
Q: What advice would you give to people who are considering a more cloud security focus in their career?
A: There are endless possibilities in cloud. It takes dedication, but it's incredibly rewarding. Within the cloud security field, there are new problems and new solutions emerging almost every day. Be curious, and follow through with it, and you will find the work totally satisfying. As a cloud security professional, you can work everywhere, from everywhere, to everywhere. It is a sea of endless possibilities.
Passion, dedication, diligent study, and skateboarding all add up to the security professional that is embodied in Jonas Björk. His story demonstrates the value of knowledge and continued learning. He also shows how the benefits of the CCSP credential from (ISC)² can boost your career, while adding professional satisfaction to your day.
Want to learn more about CCSP?
To learn more about how the CCSP credential can help you gain expertise and advance your career, download the Ultimate Guide to CCSP.
The post Real Talk with CCSPs: An interview with Jonas Björk, CCSP appeared first on Cybersecurity Insiders.
October 03, 2022 at 09:10AM
0 comments:
Post a Comment