The Certified Cloud Security Professional certification is offered by the ISC2 and is one of the many courses I have helped develop at ALC Training.  It is proving to be one of the most popular certifications that I run....I have 11 others that cover cloud computing, agile, cybersecurity and big data areas.  But why?

As you can see, it covers 6 domains and we focus on a range of techniques and best practices associated with cloud computing.  For those studying CCSP, I have created a free flashcard quiz below.  This is handy for anyone that is involed in CyberSecurity and is a good way to re-enforce your knowledge.

​​​For a detailed list of learning outcomes check out the ISC2 website below....

 The reason I think CCSP is popular, is because CyberSecurity is in the Top 5 items that keep senior leaders awake at night.  The fear that the organisation you have worked hard to protect, could one day be maliciously attacked is a troubling thought for many...resulting in a cold sweat nightmare at 3am in the morning. 

To be honest there are many things that business leaders need to consider.  So let me outline 2 of the key items that spring to mind this morning....

1 - Secure the use of Identity and Access Management Systems

The key here is people....because they are the solution....not the problem.   Here is a simple checklist that everyone can follow...not just at work...but also at home.  

Tip 05 can be adapted for business, by building a list of trusted sources, i.e. a whitelist.  You can do this manually, or by using a whitelisting tool, preferably one based on Artificial Intelligence technology.  That way it can detect not just trustued sources that you list, but predict or warn when something looks malicious.  
​
2 - Simulate Probable Security Scenarios

Again the key here is people.  Create a realistic scenario....data breaches are the most common, so this is a good place to start.  Brief a small number of individuals, including leadership, that you're creating a simulated security challenge....execute the scenario for real on a non-production system with the team....then treat it like a fire drill and allow the remainder of the team to see how they react and recover from the simulation. It's a bit like paintballing...where one team attacks the castle....and the other team defends it.  Although in this scenario....the defending team is really ascertaining what happened and how best to protect the organisation going forward. 

If you need inspiration for what threats you should be simulating....take a look at the Treacherous 12....which we cover in the CCSP course.  

It's not often I blog about someone else's work, but these stats on Tesla's meteroric rise, are too good NOT to share.  Credit has to go to Tom Randall (@tsrandall), Senior Reporter at Bloomberg for the awesome pics and stats in this blog post.

But first I wanted to share my awesome experience of the latest version 9 Autopilot, that I tried out in Brisbane, a few months back,

Boy....has there been some serious improvements.  Last time I took a Tesla Model S for a test drive, was around 1.5 years ago.  And since then, the 'stay in lane' feature has come on leaps and bounds.  I used the feature for around 5 minutes on a stretch of highway.  The car in front was doing 70kmph in a 90kmph zone, and the Tesla slowed down gracefully.  It kept perfectly in the centre of the left lane, as the road curved, left, then right and sharply left again.  

At the next slip road, the vehicle in front exited.  Once it was clear of the Model S, the car gracefully accelerated up to the speed limit of 90kmph without a hitch and without any input.  All I had to do was to keep my hands on the wheel, so the car knew I was still alive.  The 'hands-on wheel' feature was brought in by Tesla after a couple of accidents in the US, where drivers had totally relied on the Autopilot and were not paying attention to the driving.  This feature aims to prevent such occurences.

All I can say it that is absolutely amazing, and I'm sure the experience translates precisely into the Model S and Model X cars.  Unfortunately you can not test drive a Model 3 in Brisbane, so here is the closest I got:

You can see from the stats below that the Model 3 is the 5th Best-Selling Sedan in the US.  

Not bad for a car that still costs around $55,000 USD.  

Let's now take a look at the value, known as market capitialisation, of the world's most valuable automotive makers:

Now this next graphic shows the progression of Tesla's cash flow.  This will likely lead to a positive $837millionUSD, as opposed to spring 2018, which was a negative at $795millionUSD:

 Mmmmm...maybe I should invest in Tesla stock???

I passed my TOGAF Essentials 2018 assessment this year...but why?  Well I run coaching and mentoring masterclasses, covering a range of new digital courses.  The most popular at the moment is the Certified Cloud Security Professional course (CCSP), which leads the CCSP certification endorsed by the ISC2.  The next most popular is the TOGAF standard, a standard of the Open Group.  As an instructor, I have to maintain my currency on all the latest materials and the TOGAF Essentials 2018 assessment is a great way of doing that.  It basically makes clear all the differences between the TOGAF Standard Version 9.1, from 2011 and the TOGAF Standard Version 9.2 standard which was released only a few weeks ago.

So let's cut to the chase.  What are some of the key differences:

1. Content in the tools / techniques section, such as Business Scenarios, have been removed from the TOGAF standard and separated out into separate guides in the TOGAF Library.  THis makes them easier to maintain, aligning to a more #Agile approach.
2. New Guides have been added that covers things like Value Streams, Business Capabilities and Establishing an EA capability.
3. Security, SOA and the Reference Models are now in separate documents and removed from teh core book.
4. Business Architecture, Phase B, has been strengthened to include new definitions, which in turn has meant some changes to the content metamodel.  Examples include new definitions of Buiness Capability, Business Model and Value Stream.
5. Updates to basic architecture concepts that better align with the ISO/IEC/IEEE 42010:2011 standards.
6. Technology Platform is now known as Technology Services in the metamodel.
7. Enterprise Security Architecture aligns more closely with the Sherwood Applied Business Security Architecture, known as the SABSA framework.
8. Inconsistencies and errors in the ADM Phases has been rectified.
9. Architecture Repository view has been updated to now include the Solutions landscape and the Architecture Requirements Repository.

Overall I really welcome the changes, and it's good to see the TOGAF standard being broken into smaller artifacts, so that they can be updated independently.  Great to see the Open Group slowly moving to a more Agile approach.

I've also released a FREE set of flashcards specifically to help you remember all the TOGAF 9.2 terminology for the Part 1 and Part 2 exams.  Check them out on Quizlet:   quizlet.com/_57zkpz

Check out our course at ALC Training:

​www.alctraining.com.au/course/togaf-9-level-1-2-certificate-course/wotertAod ApplieThered Business SBusinecurity ArchitectureSherwood Applied Business Security Architecture

TOGAF(R) is a registered trademark of the Open Group.

Many CIO, CTO and business leaders are all working through their cloud strategies.  Most large companies in Australia have adopted a hybrid cloud approach, using both private and public cloud services.  In this blog, I'm wanted to outline  10 critical steps on how you can create a cloud adoption roadmap and then align this roadmap to your current execution path.

​
A cloud adoption roadmap is a really important tool, as it serves to visualise and communicate your plans to all key stakeholders in your organisation.  The important part of the roadmap is to ensure you have a clear 1 page visual outlining the key milestones / decisions points, backed up by clear definitions behind the roadmap of what each component on the roadmap means.  My suggestion is to use a modelling tool to create your roadmap and my top pick is the Abacus tool from Avolution.

Before we delve any deeper into our cloud adoption roadmap, let's be clear on some basic terminology, to ensure we're all on the same page:

Software as a Service (SaaS)
These are services that end-users consume.  Examples include: Social Media Tools, Salesforce, Office 365 and Xero.  The apps that you download to your mobile phone are predominantly SaaS.

Platform as a Service (PaaS)
These are services that developers consume to create SaaS products.  Examples include: Development Tools, Testing Tools and Datastores.  Apps that you download to your PC or laptop at home to allow you to write code, test code and setup datastores in the cloud are all examples of PaaS.
​
Infrastructure as a Service (IaaS)
These are services that operations teams will build, test and commission to support developers, who consume PaaS and end-users, who consume SaaS on the PaaS, or SaaS via a 3rd party.  IaaS can be virtual machines, networking or basic storage.
If you're interested in digging deeper in cloud definitions, there is a simple whitepaper that the National Institute for Standards and Technology have produced.  It covers everything in 3 pages:
nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-145.pdf

I've also created a simple reference model below:

DevOps
This is cultural change centred around ensuring that the developers (working on PaaS) are collaborating and communicating effectively with the operations teams (working on IaaS).  This is important to create secure, reliable and engaging SaaS apps.

Great video on DevOps from the DevOps Institute:
devopsinstitute.com/certifications/devops-foundation/

Hybrid Cloud
All organisations I have worked with in Australia, that have more than 100 employees will have a combination of private and public clouds in their environment.  This is the definition of hybrid cloud.  Probably 99% will have an on-premise (or 3rd party hosted) private cloud for Active Directory and using public cloud for Office 365  with Azure Active Directory.  The 1% is a single instance of G Suite I have come across. 

Great video on hybrid cloud here:
www.youtube.com/watch?v=_n5Le8aePB4

Now that we have defined these terms, we can take a look at our Cloud Adoption Roadmap and our 10 steps:

1. Perform a current state architecture analysis to understand how each department / business area is already adopting SaaS apps in your organisation.
2. Understand the needs each department / business currently has and develop a feature-centric SaaS cloud adoption roadmap to cover the next 12 months.
3. Communicate and seek feedback with the key stakeholders regularly, to guide your cloud adoption roadmap, particularly as the business investigates and pilots new SaaS apps and develops new business capabilities.
4. Define a clear strategy at the CTO / CIO level as to whether you are going to adopt PaaS and/or IaaS services, or simply remain with SaaS-only services.
5. Ensure your IaaS / PaaS strategy includes key business drivers and evidence of business need.
6. Feed in your IaaS and PaaS strategy into the cloud adoption roadmap and socialise with key stakeholders.
7. Based on business situational awareness and factors that are important to the key stakeholders, embark on a short IaaS / PaaS cloud service provider shortlist selection.
8. Once the IaaS / PaaS shortlist is down to say 2-3 candidates run a proof of concept for each cloud service provider to determine the value, test your hypothesis on how you may transform your legacy IT and seek input from key stakeholders.
9. Extend the IaaS / PaaS proof of concept to a pilot with a single cloud service provider, to further strengthen the more complex hyposthesis you've made with your current legacy IT investments.
10. Extend your cloud adoption roadmap to include how you will transition your current private cloud and/or legacy IT investments to IaaS, PaaS and SaaS services, being cognisant that this may be a 2-5 year journey.

I recommend using the Lean UX method for testing out your hypothesis when validating your cloud adoption plan.  This can be found in the Scaled Agile Framework:
www.scaledagileframework.com/lean-ux/

If you're interested in learning more, I offer a range of Cloud, DevOps and Scaled Agile courses at ALC Training:

Cloud Courses (Foundation to Advanced)
www.alctraining.com.au/courses/cloud-computing/

DevOps (Foundation to Advanced)
www.alctraining.com.au/courses/devops/

Scaled Agile
www.alctraining.com.my/safe-scaled-agile-spc/
www.alctraining.com.au/course/leading-safe/