November 21, 2022

Last Updated on January 15, 2024

If your org is like most others, you’re migrating and/or deploying new workloads to the public cloud. But handling that process securely takes special skills. What are those skills exactly? What should you look for in outside teams to complement your own staff?

To share his full-stack, full-lifecycle understanding of public cloud application security, Jeff Schlauder, Founder at Catalina Worldwide LLC, joined a recent episode of The Virtual CISO Podcast. The show’s host is John Verry, Pivot Point Security CISO and Managing Partner.


Look for certifications

With the biggest public clouds like AWS and Azure, certification programs take much of the guesswork out of evaluating third-party skills. As an AWS expert, Jeff is very keen on Amazon’s certification program.

“AWS has all types and levels of certification that you can get, including AWS Certified Developer,” notes Jeff. You could rely on these to say, this person at least understands and it’s not smoke and mirrors. They will understand AWS, and from a development perspective how to leverage those services. Not just how to develop code, but how that development process should look as it relates to AWS specifically.”

A great place to start is to build those skills on your in-house team, as Catalina Worldwide has done. But it takes time.

“It’s not a quick video or u2me that you’re going to be able to plow through and become an AWS Certified Developer,” says Jeff. “There’s a bit to it, and it’s pretty time-intensive.”


What can an AWS Certified Developer bring to your team?

An AWS Certified Developer can potentially help you select the right tools and products for your environment, taking on a “cloud architect” role that is markedly different from a traditional coder role.

“When you’re talking about doing architecture, that’s a different skill set,” reports Jeff. “But there’s a lot of crossover. Your architect is also likely contributing to the building of pipelines, but also has some knowledge of what the application’s going to do at the end of the day. I think that helps everybody collectively choose the right services.”

AWS Certified Developers will also be aware of many AWS specifics that relate to connecting databases, managing connection strings, and so on. For example, an AWS savvy developer knows how to us the AWS Secrets Manager service, which could impact how you would develop an application versus managing sensitive data in a different way.


What’s next?

Ready to hear this podcast show with Jeff Schlauder? Click here.

Are you familiar with the OWASP Application Security Verification Standard (ASVS)? Here’s why it’s so useful for web application security: The OWASP ASVS and Why It’s an Application Security Game Changer


Free OWASP ASVS Testing Guide

If you are just learning about OWASP’s testing standard or are considering the best way to prove the security of an application, this guide is meant for you!