Minnesota (MN) Cloud Security Consultant

by | Jul 22, 2019 | Blogs | 0 comments

What is a Cloud Security Consultant?

A technology professional that understands computer security and can provide best practice guidance on how applications should be developed and hosted in the cloud. 

I think that’s the shortest definition I can come up with. 

If I can expand further, it’s a computer consultant that has three specific talents and abilities, or ingredients if I may. 

1. Security

Cybersecurity is a complex and growing field. It’s huge and it’s become specialized. There have been organizations that have come up with certifications to help differentiate and provide standardization on how is considered a cybersecurity professional. Some of these organizations and certifications are:

  • ISC(2) : CISSP
  • ISACA: CISM
  • Cloud Security Alliance

A cybersecurity professional understands the goal of protecting the confidentiality, integrity, and availability of systems and data that critical to the business. 

They have knowledge of the pillars of knowledge and study that compose the field of cybersecurity and have experience applying their craft under the mentorship or supervision of other professionals. (Some industry-leading certifications require a sponsor, that attests to you having experience.)

2. Cloud

A cloud security consultant needs to have knowledge of the cloud itself. Not just what it is, but how it works, the configuration, the logging, the authentication, and all the other critical information that goes into a successful cloud deployment. They should have knowledge and understanding of the leading public cloud providers like Google Cloud Platform, Amazon Web Services (AWS), and Microsoft Azure. In addition, they should know about open-source cloud platform, private cloud deployments, and what it means to operate in a hybrid cloud model. 

3. Programming Languages

What coding languages are responsible for the creation of the applications being hosted in the cloud. They need to know the development framework, security best practices, and be in tune with how the application is providing authentication, separation of duty, secure repositories, and access protocols. 

This is probably the most underserved and vulnerability area of a cloud security consultant. Many will understand the cloud provider and have a good security foundation, but they lack the programming understanding. They don’t know if the code was developed in C+, GoLang, or .NET. This can lead to critical vulnerabilities and exploit opportunities for malicious parties. 

Even if everything else id done correctly, if the code isn’t secure, the opportunity to exploit, pivot and own a system is at risk. 

What Should I look for in a Cloud Security Consultant?

Other what we covered above; security certification, cloud understanding, and experience with programming, you should look for the following below. 

1. Listener

Look for someone that takes the time to ask questions and listen to your specific needs. They drive to understand your specific objectives, risks, success benchmarks and goals. 

Cloud security folk are an interesting bread (I know because I’m one of them). They can be prideful and deterministic to do what we’ve been trained to do and do what we’ve done before that was successful. 

You want someone that is able to work with you to build your custom solution without attempting to shove a the peg in the square hole.  

Look for a consultant that takes a lot of time asking questions and understanding. 

2. Get to ‘Yes’

The old way of security was saying ‘no’. The new way and the way you want your Minnesota cloud security consultant to be is to define how we get to ‘yes’. 

What should be done to lower the risk of your specific cloud implementation to the point the risk is acceptable to the organization? Does that mean improved development life-cycle? Or does that mean implementing a better vulnerability management program to reduce vulnerabilities, exploits, and patches? Or does it mean mitigating the risk by hardening the system through improved security capabilities and controls such as logging, even correlation, cloud security controls, or other means?

If none of these things can be accomplished, and the risk remains even after all the security controls have been reviewed, can the risk be transferred? Is there a resource that can be consulted with to help ensure this initiative for the business?

3. Resourceful

The best cloud security consultants care more about you and your business than do about their specific skills. Because of that, they should be always ready to recommend resources, tools, and other products or services that would provide you value.

Sometimes this means offering to set up a phone call with another client that has done what you’re thinking about doing so that you can learn about the challenges, and set back and success that other client had before you schedule your project timeline.

Sometimes this means providing an opinion on vendor solutions. Because of their experience with multiple clients, they can offer insight into the true success and accomplishments of the vendor solutions that go way beyond the vendor sales call and promises. 

4. Anticipate

They can anticipate what comes next. A true cloud security consultant has been there done that and knows what’s around the corner. 

I can personally attest to the fact that there is always something else. I helped Target implement mobile cloud applications securely over the INternet. I spend a lot of time in the scrum pods with the developers understanding their code and providing security guidance.  I worked with the authentication teams and the cloud deployment teams. Even after years of doing this, there were always outstanding questions we were trying to answer. Question like:

  • How can we deploy the application to the cloud to many locations at once?
  • How can the application code be stored securely before it’s deployed?
  • How can we attest to the integrity of the code pre-cloud and post-deployment?
  • How do we manage secure certificates?
  • How do we check for vulnerabilities and exploits on Docker, on Git, when it’s running on Google Cloud?
  • If this technology solution comes under compliance regulation, what products and solution do we need to use to achieve compliance?

Asher Security

We’re don’t know everything, but we’ve experienced a lot. We’ve helped Minnesota’s leading financial companies, and leading retail companies achieve their cloud security goals while remaining secure. 

We’ve worked with the leading programming languages to provide secure coding. 

We’ve worked on private, hybrid, and public cloud platforms. 

We’ve couples all that with our security expertise and industry-leading security certifications and knowledge. 

The result:

Our clients are confident about the security of their production cloud deployments. 

Schedule a Call

Asher Security is a local Minnesota cybersecurity consulting and advisory firm focused on helping clients reduce their risk and decrease their costs by partnering to mature the security programs. 

Submit a Comment

7 Ways to Improve Your Cybersecurity Reporting to Executives and the Board of Directors

A guide for cybersecurity leaders that will help you gain the reputation of a solid leader, while preventing you from making the mistakes I made when I was projected into reporting. This guilde will equip you and remove the stress and anxiety so that you can be clear and bold in your opportunity to prove you're the right person for the role, and your plan is on track!

You have Successfully Subscribed!