Michael Tayo is an Assistant Vice President and Principal Information Security Engineer at U.S. Bank where he is responsible for providing visionary guidance for the enhancement of cloud and application security product offerings.
With over 10 years of experience as an Information Security Professional, Michael specializes in designing and deploying cutting-edge security solutions to enhance cloud security posture, prevent cyber-attacks, and mitigate risks to help organizations remain secure throughout the digital transformation.
He is a security evangelist and author with his most recent feature being Collaborative Security to Defend the Modern Threat Landscape.
Parveen is a Cloud Consultant specializing in Microsoft Azure services. He helps companies use the cloud effectively and efficiently while also keeping the security-first mindset and saving costs.
He’s worked with government, software development, retail, e-learning and education organizations by helping them migrate and secure their IT infrastructure.
He runs a blog at parveensingh.com and also helps IT enthusiasts find their next IT role and upskill to grow in the cloud field.
I had the pleasure of hosting Michael and Parveen on this week’s episode of Champions of Security. Here’s the full episode and the key takeaways from our conversation.
#1: Deeply Understand the Shared Responsibility Model
Michael brought up a common misconception: cloud service providers handle security. While the end user’s exact level of responsibility varies, there are always security duties to be handled by the user.
Access permissions, for example, are always left up to the user for proper implementation. Every organization should have ample resources dedicated to access reviews; these may scale up to entire full-time teams at larger enterprises.
#2: Determine the Appropriate Amount of Outside Help
In-house knowledge is not always sufficient. Cloud consultants like Parveen can help to bridge the gap and ensure your company remains secure in the cloud. Or, as an alternative, experienced cloud security practitioners can join the organization full-time. The scale of operations in the cloud affects the amount of diligence and experience required on-staff.
#3: Learn Cloud Services One Step at a Time
Cloud offerings are too vast to learn overnight. Continue learning what services are available by exploring options and chatting with experts. If someone at your company is experienced, you may be able to learn from them directly. Alternatively, cloud service providers are willing to teach you about best practices surrounding their offerings.
Interested in talking security with me? Reach out to me on LinkedIn.