INTRODUCTION

Over the last several years, the term cloud has become common in the modern lexicon of even laypersons with no connection to, training in, or expertise in the IT industry. It has become common in commercials targeting the public at large, and is often used as a main selling point for various services. Even those who do not understand what cloud computing is or how it works have largely come to understand it as a positive feature for a product or service, feeling it means higher reliability, speed, and an overall more beneficial consumer experience. Many companies are flocking to cloud computing at a rapid pace due to its benefits and features.

With this enormous paradigm shift in the industry, the demand for skilled professionals who understand cloud computing has grown at a similarly rapid pace. This demand applies to professionals in all facets of computing, but the unique aspects and features of cloud computing make the need for skilled security personnel paramount to any organization in order to properly safeguard and protect their systems, applications, and data.

Cloud computing represents a paradigm shift in how IT experts—and certainly IT security experts—look at protecting data and the various techniques and methodologies available to them. Some of you approaching this certification are experienced security professionals and already hold other certifications such as the CISSP. For others, this certification will be your first as a security professional. Some of you have been working with cloud computing from its onset, while others are learning the basics of cloud for the first time. This certification guide aims to fulfill the requirements of anyone approaching this challenging exam, regardless of background or specific experience in security or general computing.

This guide will give you the information you need to pass the CCSP exam, but it will also expand your understanding and knowledge of cloud computing and security beyond just being able to answer specific exam questions. My hope is that you will find this guide to be a comprehensive desktop reference that serves you long past the exam for the core cloud concepts and approaches.

The structure of this All-in-One guide is closely aligned with the subjects of the official exam guide from (ISC)² and covers every objective and component of it. Before diving into the six domains of the CCSP exam, this guide provides a general introduction to IT security for those who are approaching the CCSP as their first security certification. Those of you who are experienced and hold other security certifications may find it a useful refresher for basic concepts and terminology.

Regardless of your background, experience, and certifications, I hope you find the world of cloud computing and its unique security challenges to be enlightening and intellectually stimulating. Cloud represents a very dynamic, exciting new direction in computing, and one that seems likely to be a major paradigm for the foreseeable future.

Acknowledgments

This is the second edition of my first entry into the world of writing, and I first want to thank Matt Walker for connecting me to this opportunity and encouraging me to take it on. I hope that you find this book to be a very informative and comprehensive aid in your own professional development and growth.

I want to thank Gerry Sneeringer for his efforts as technical editor on this project first and foremost, but more importantly for all the knowledge and experience he has bestowed on me for the over 20 years I have known him. My background and expertise have never been in networking, and the knowledge in that area I do have I owe almost exclusively to Gerry. I also owe him enormous thanks for getting me into IT security from systems administration and working on middleware systems, which was my original background.

I worked with David Henry for many years at the University of Maryland and gained much of my knowledge about middleware and systems architecture from him. I owe much of my philosophy and approach to facing IT challenges today to the things I learned working for and with him. There are so many others from my days at the University of Maryland from whom I learned so much. However, I want to specifically call out John Pfeifer, David Arnold, Spence Spencer, Kevin Hildebrand, Prasad Dharmasena, Fran LoPresti, Eric Sturdivant, Willie Brown, Sonja Kueppers, Ira Gold, and Brian Swartzfager.

From my time at the Centers for Medicare & Medicaid Services, I want to specifically thank Jon Booth and Ketan Patel for giving me the opportunity to move into a formal security position for the first time and trusting me to oversee incredibly public and visible systems. Also, thanks to Zabeen Chong for giving me the opportunity to join CMS and expand beyond my roots in the academic world. Finally, I could never leave out my dear friend Andy Trusz, who from my first day at CMS showed me the ropes of the workplace and became a very close personal friend. Sadly, he lost his battle with cancer the very day I left CMS for Hewlett Packard Enterprise. I will never forget his friendship and all he showed me!

With any project of this scale, one needs enormous support and understanding from bosses and coworkers. Ruth Pine was an amazing boss and was always supportive, giving me the time and encouragement to work on this project originally, as well as giving me the opportunity at all times to work on new challenges and expand my areas of expertise, most notably with cloud and SIEM technologies. Thanks also to Brian Moore, Joe Fuhrman, Steve Larson, BJ Kerlavage, David Kohlway, Seref Konur, Jack Schatoff, and the already mentioned Matt Walker for being part of an amazing team at HPE and showing me so many different perspectives and new approaches to challenges! I also have to thank some colleagues from other companies I have worked closely with on projects over the years for all their support and encouragement—specifically, Anna Tant, Jason Ashbaugh, and Richie Frieman.

Two years ago I was presented with the opportunity to get back to my roots in the academic world with a terrific job at Johns Hopkins University working with the Enterprise Authentication team on SSO and federated identity systems. With a large hospital, this was an ideal opportunity to combine my experience working in health care. I want to thank my director Andy Baldwin for this opportunity, my manager Anthony Reid, as well as the amazing team I work with: Kevin Buckley, Stephen Molczyk, John Clark, Brian Schisler, Michael Goldberg, and Sam Bennett. I would also like to thank Etan Weintraub, Tyge Goodfellow, Eric Wunder, Steve Metheny, and Phil Bearmen for expanding my security knowledge in many different directions!

Thank you to my parents, Richard and Susan, for all of your support and encouragement!

Last and most certainly not least, I want to thank my amazing wife, Robyn, for always being supportive with everything I have done professionally and personally. With four young kids at home, I would have never been able to even consider this project without her help and understanding—and for running interference with all our kids and pets!