Name: Abel Sussman
Title: Practice Director, Public Services
Degree: B.S. Computer Science, State University of New York at Binghamton, MBA, State University of New York at Albany
Years in IT: 20
Years in cybersecurity: 15
Cybersecurity certifications: CISSP, CCSP
How did you decide upon a career in cybersecurity?
I not only wanted to grow my career, but also desired to find a way to give back to the country. My move into cybersecurity as a federal auditor provides the opportunity to assure our nation’s critical infrastructure and assets are secure and protected. My entrance into cybersecurity started with access control and quickly grew from there into cloud security.
Why did you get your CCSP®?
On February 8th, 2011, the Office of Management and Budget (OMB) established The Federal Cloud Computing Strategy which established guidance for all federal agencies to adopt cloud technologies across the federal government. This strategy was followed by a federal requirement released in December 2011 establishing the Federal Risk and Authorization Management Program (FedRAMP), which provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. As a leader for performing FedRAMP audits, it is important for my clients to understand that I have the knowledge, skills, and experience to quickly understand their cloud solution and appropriately evaluate it for implementation with sensitive data against unique security requirements dictated by the Department of Defense, Department of Homeland Security and other federal agencies. The CCSP provides this assurance.
What is a typical day like for you?
I work with cloud service providers that are bringing the latest technology to the federal government in order to provide new capabilities and efficient services. Much of my day is either creating System Security Plans (SSPs) or Security Assessment Reports (SARs) to document the system security boundary, performance against critical security controls, and evaluate the risk of implementation within federal systems for civilian, defense, and intelligence use.
Can you tell us about a personal career highlight?
I developed free training to understand the FedRAMP process with guidance on how to overcome technical obstacles. These briefings have been shared industry wide at national Cloud Computing Expositions in New York and Silicon Valley. Together the services and training helped the federal government save between $25 and $50 million last year through the adoption of new secure cloud computing solutions.
How has the CCSP certification helped you in your career?
Over the past year I advised twenty-five different cloud service providers in meeting federal cybersecurity criteria. The CCSP provides a deep body of knowledge for me to draw on to assure the most current methodologies are used and incorporate industry best practices.
What is the most useful advice you have for other cloud security professionals?
Never stop learning or smiling!
If you are interested in getting your Certified Cloud Security Professional certification, download the CCSP exam outline.