Today begins an exciting new series to the (ISC)² blog – our CCSP Spotlight series. Over the next several months, we will share some of our member experiences with you. We hope this will shed some light on the ever-evolving field of cloud security.

Name: James Simonetti
Title: Cryptographic Engineer
Employer: Verisign
Degree: B.S. Information Security and Assurance
Years in IT: 8
Years in cybersecurity: 1
Cybersecurity certifications: CCSP, CISSP, Security+

How did you decide upon a career in cybersecurity?

I knew that I wanted to work in cybersecurity after spending the majority of my career in IT operations roles, and seeing the clear correlation between an organization’s cybersecurity maturity, and operational success. I knew that by applying a deep understanding of security practices toward transforming an organization’s security posture, I could create a lasting, positive impact for an organization and its customers. 

Why did you get your CCSP^®?

I got my CCSP because of the pervasive shift to the cloud across every technology-driven industry. After gaining experience with organizations that operate “air-gapped” critical systems, as well as those that run the largest public cloud infrastructures, I came to understand the pivotal role cloud security would play in bringing the benefits of the cloud to the most mission-critical systems relied upon by the global community.  

What is a typical day like for you? 

A typical day for me involves utilizing Cryptographic Key Management practices to secure systems that run or support one of the most depended on, and reliable, Internet infrastructure platforms – Verisign’s Domain Name System. I am responsible for maintaining the chain of trust that provides DNS with origin authentication and data integrity, DNSSEC. 

Can you tell us about a personal career highlight? 

A personal career highlight that I can share involves my experience working within the Energy sector, while performing the role of Systems Architect for the organization that maintains the power systems in our nation’s capital. In this role, I had the opportunity to work alongside a dedicated and incredibly intelligent team to design and implement technologies that would secure a highly critical industrial control system. In that role, I experienced the immense pressure and privilege that balancing security and connectedness brings. I learned the significance of finding that balance responsibly, and understood the severity of failing to do so. 

How has the CCSP certification helped you in your career?

The CCSP credential has helped me to bring authority to security decisions regarding an organization’s use of cloud technologies. The growth of cloud computing, in terms of capability and adoption, has been explosive. In a relatively short time, the utilization of cloud computing has become commonplace. For this reason, many individuals and organizations have not yet become familiar with securing cloud implementations, and so the move to the cloud has been seen by some as both necessary, and precarious. Through the validation of the CCSP, I have the opportunity to bring responsibility and understanding to my team’s evaluation of cloud technologies. 

What is the most useful advice you have for other cloud security professionals?

My most useful advice for other cloud security professionals is to embrace your role as a trusted adviser with compassion, understanding, and clarity. Many organizations, and their decision makers, will not share your knowledge of cloud security. It is your responsibility to help your teams experience the benefits that the cloud can bring, and to do so in a way that preserves or strengthens your ability to securely provide your services to your customers. 

Anything else you would like to tell us?

For many, moving to the cloud is like setting off into dangerous and unknown waters. The CCSP gives us the knowledge and authority to safely guide others, to new opportunities that exist across that threshold into unfamiliar territory. We do not convey delusions that there is no risk, but leverage our knowledge to navigate responsibly to fulfill our goals. 

 

For more information about the Certified Cloud Security Professional certification, visit https://www.isc2.org/ccsp .