Name: Mahbubul Islam
Title: Head of Secure Design
Employer: U.K. Government Department
Degree: B.Sc., M.Sc.
Years in IT: 15
Years in cybersecurity: 10
Cybersecurity certifications: CCSP, CISM, SABSA, LCCP, ISO27001 LA
How did you decide upon a career in cybersecurity?
I started working for the U.K. government in 2001 and whilst working on various standard projects, I was successful in landing an apprentice role as an Information Assurance Manager. The role was very flexible, as it was the first of its kind which allowed myself and my colleagues to determine a structured plan to develop security skills within the fields of physical, personnel, policy and technology. As the role evolved with the industry, I started my transition into cybersecurity activities.
Why did you get your CCSP®?
When the U.K. government introduced their Digital Strategy, this resulted in the Departments identifying appropriate systems for Cloud suppliers. I researched into Cloud security, which enabled me to become familiar with the terminology. At the time I was the Head of Security Architecture and was being presented with designs to sign off on for Private Cloud. I saw that as the perfect opportunity to gain my CCSP certification to expand my knowledge and to fully understand the security within various Cloud offerings. I also thought it would be a useful tool for standardising my teams’ understanding of Cloud security.
What is a typical day like for you?
A typical day involves prioritising the cybersecurity tasks of my team within an Agile environment, the team consists of a number of cyber and security architects, subject matter experts, penetration testers and information assurance architects. Tasks vary from designing and implementing technical controls based on risks, configuring Cloud infrastructure, remediating vulnerabilities, and advising on Secure SDLC. Additionally, I work with external bodies and other Government Departments which supports the team towards the cyber security strategy for the Government Department I work for.
Can you tell us about a personal career highlight?
Developing my cybersecurity skills without having any prior security experience, then moving into my current role and working with a number of Community, Private and Public Cloud providers. The last few years has allowed me to gain first-hand experience and be innovative in tackling cybersecurity risks. This has allowed me to contribute back to cybersecurity community and in particular the cyber apprentice scheme and by completing it myself, it has been my greatest accomplishment professionally.
How has the CCSP certification helped you in your career?
The CCSP certification has allowed me to understand the Cloud language, and further my knowledge of Cloud security. The certification also provided me with direction toward further reference materials, such as the Cloud Security Alliance, and Centre for Internet Security. I have been able to get more hands-on in terms of using public Cloud providers, and manage risks based on understanding the underlying principles of Cloud security.
What is the most useful advice you have for other cloud security professionals?
I would recommend visiting the Cloud Security Alliance website to familiarise themselves with the various terminology and its meaning. The website also has a number of documents which include detailed information regarding the Cloud. I would then point them toward CCSP and CISSP® - as well as the Centre for Internet Security.
Are you interested in earning the Certified Cloud Security Professional certification? Download the CCSP exam outline.