Name: Tim Strong

Title: Manager, Security Operational Governance Practice

Employer: National Australia Bank

Degree: B.Sc. Computing, Psychology

Years in IT: 20+

Years in cybersecurity: 15

Cybersecurity certifications: CCSP, CISSP, C|EH, ComptTIA Security+

How did you decide upon a career in cybersecurity?

I always found the most interesting bits of my early career were related to Security. I would actively seek out projects with a Security component, and after a few years I realized that I was excited and passionate about Securing (and breaking into!) computer systems. So about 15 years ago I chose to move into Security as a specialization. In 2006 when I first became a CISSP, it was a recognized specialist skill for a fast tracked Australian visa – and that was certainly also an influence for me!



Why did you get your CCSP®?

I’ve been in IT long enough to see trends come and go, and it’s clear that Cloud and DevOps is going to be here for a while and is worth investing components of my career in. As a senior information security professional, I looked for the premium Cloud Security certification, one that would be recognized as representing people ‘at the top of their game.’ – the CCSP really stood out as the only vendor neutral certification that said that about someone.



What is a typical day like for you?

It’s a cliché but there is no such thing as a typical day! The variety is one of the things I love about security. One of the tasks I’m currently focused on is developing a cloud security supplier governance framework. This is a really exciting piece of work because it requires thought leadership, collaboration with suppliers and regulators, and deep technical knowledge. I think we’re currently leading the way for the industry with some of what’s being developed.





Can you tell us about a personal career highlight?

I gained my CCSP before there was any official training material published, and was one of the first five people in Australia to hold the certification. I managed this by reading around the subject (based on the recommended reading list) and leaning on my experience – but I still found it a challenge!



What is the most useful advice you have for other cloud security professionals?



Don’t assume you know it already and that cloud is the same. It isn’t. There are unique security challenges being introduced by Cloud and DevOps that security professionals need to face into – and quickly!





Is there anything else you would like to tell us?

It’s great to see the effort that (ISC)² is putting into establishing the CCSP as the premium Cloud Security certification. As an early adopter, I took a small risk by choosing it for myself, but having now been through the certification process; I both look for CCSP in potential employees and recommend it to colleagues.

For more information on the Certified Cloud Security Professional, read our 2016 Cloud Security Spotlight Report: http://cert.isc2.org/cloud-security-spotlight-report/