Security professionals who possess operational, architectural and privacy knowledge could embark on a new career if their company moves computing processes to a secure cloud environment. Although transferring computing functions to an off-site location often eliminates IT jobs, it may actually create roles for those who have the right combination of skills, according to Seth Kulakow, Colorado chief information security officer for the governor’s Office of Information Technology.
BankInfoSecurity.com interviewed Kulakow about the requirements for the emerging position of information security specialist, dedicated to cloud computing. During the audio interview by Tom Field, Kulakow described his view of the role and indicated that many organizations may lack the employees to fill the security positions because they require a comprehensive skill set. Knowing the requirements can help aspiring professionals acquire the requisite competencies or tout their broad talents to prospective employers.
He referred to cloud security professionals as "specialized generalists" who need knowledge of Statement on Auditing Standards 70 (SAS) and the ability to assess physical risks as well as those coming from cyberspace, since they will be evaluating and monitoring an off-site facility. Here are some of the additional job requirements cited by Kulakow:
- Knowledge of controls for the secure cloud environment and virtualization security
- Ability to conduct physical inspections and monitor camera storage and related video feeds
- Ability to synchronize access controls
- Understanding of various privacy laws such as HIPAA, PII and PCI and the ability to map those regulations back to security policies
Cloud security specialists also need to partner with vendors to close security gaps and monitor their performance on a continual basis. If you acquire the necessary skills, instead of losing your job, the cloud computing trend may actually propel you toward a new career on cloud nine.
— Leslie Stevens-Huffman