Name: Haruhiko Kurita
Title: Senior Security Consultant
Employer: NetOne Systems
Location: Tokyo, Japan
Degree: Master of Science, Physics
Years in IT: 24
Years in cybersecurity: 21
Cybersecurity certifications: CISSP, CCSP, CISA, PCI DSS QSA

 

How did you decide upon a career in cybersecurity?

My career in cybersecurity started around 1995, when the internet was becoming popular here in Japan. My first product was HSM (Hardware Security Module) and I was interested in cryptography, as technology was very attractive to me. After three mergers, the company (Tandem) became bigger and I covered various parts of security, like F/W, antivirus, identity management, IDS, log management, policy documentation etc. I felt security is promising, as well as exhausting. It covers all areas of IT and business.

Why did you get your CCSP^®?

In 2005, it was a turning point in my career as I entered the management area and earned my CISSP. After that I was involved in several practices related to cloud systems. In recent years, I have done research on AWS, Azure, and SFDC separately, but did not grasp the thorough view on cloud security. Being a professional Qualified Security Assessor (QSA), it requires a deep understanding of security risks and countermeasures on cloud. Therefore, back then, I strongly felt the need for a cloud security certification and when the announcement of the CCSP was launched by (ISC)² in 2015, I was very excited.

What is a typical day like for you? 

This is the toughest question to answer. On average, one third of my time is for the onsite advisory service to CISO at a large-scale financial institute, another one third is for training/mentoring the youngsters, and the rest is for the various works like advice to the NetOne CSIRT, research on IoT security etc. The onsite consultation includes PCI DSS gap analysis, security requirements documentation, security vendor evaluation, mapping CSA CCM to the corporate policy, and others.

Can you tell us about a personal career highlight? 

Although I had several presentations at the conference, the most important, impressive, and useful experiences were the advisory jobs to the CISOs of two huge established companies. One is a global manufacturer and another is the financial institute I mentioned. They are the teachers of my security practices. I have learned how important the governance and daily operations are and I am sure that one cannot understand security without seeing the actual security activities.

How has the CCSP certification helped you in your career?

As I was the first CCSP in Japan, I came to know the (ISC)² Japanese office and has gotten (ISC)² support to our training activities at NetOne. However, the value of the CCSP is of course different. Through the participation at CBK Live Online training and reading the textbook, I got an overview and structured understanding of cloud security. Though not straight out from the textbooks, the education always helps my daily consulting jobs and others.

 

What is the most useful advice you have for other cloud security professionals?

Of course, get the CCSP! It could be the first step.

However, I am not saying the practical jobs are less important. If you just join the training, study in the classroom, read the textbooks, and pass the exam, it is nothing. Without the actual work experience, you are far from a useful professional. Both education and experience are important. In my experience, 80 percent would be for the practical jobs and the rest 20 percent for the personal enlightenment.

 

Interesting in earning your Certified Cloud Security Professional certification? Download our CCSP exam outline .