Shinesa Cambric is the author of Cloud Auditing Best Practices we got the chance to sit down with him and find out more about his experience of writing with Packt.
Q: How did you become an author for Packt? Tell us about your journey. What was your motivation for writing this book?
Shinesa: My motivation for writing the book was a colleague who was always curious about how certain auditing controls could be performed in cloud environments and where she could learn more. I had gained experience on this based on curiosity and self-learning and wanted to find a book to refer her to but one didn’t exist. I always had an idea in the back of my mind that since one didn’t exist, I’d create it but I hadn’t actively pursued that. I was sharing knowledge another way, through LinkedIn. This is where one of the Packt editorial time found me. Based on me writing blogs for other sites, contributing to e-books and sharing knowledge through LinkedIn, they reached out to me asking about ideas for a book. I just so happened to have an idea for a book and the rest is history!
Q: What is the name of your book?
Shinesa: Cloud Auditing Best Practices.
Q: What kind of research did you do, and how long did you spend researching before beginning the book?
Shinesa: The items in the book are things that I mostly used in my daily life in different job roles, so I didn’t need to research that but with the cloud constantly changing and evolving some of the things I did need to research are what is new and relevant that a cloud auditor should know. I also spent some time re-learning and walking through setting up a new environment for learning just like the readers are asked to do in the book.
Q: What key takeaways do you want readers to come away with from the book?
Shinesa: A few of the key takeaways for readers are that 1) cloud is here to stay 2) as an auditor it’s important to learn the skills and gain necessary insights to translate control frameworks to cloud environments 3) familiarity with cloud architecture and terminology and 4) confidence that they can assess and apply security controls within AWS, Azure and GCP environments.
Q: Can you share any blogs, websites and forums to help readers gain a holistic view of the tech they are learning?
Shinesa: When it comes to cloud security and cloud auditing, a few resources I would recommend include following the blogs that Cloud Security Alliance shares, joining ISACA and checking out the newsletters they send out, as well as articles and webinars published through them.
Q. Did you face any challenges during the writing process? How did you overcome them?
Shinesa: The main challenge I faced is knowing that there was so much I wanted to share and making sure I get all the right points in the book. I wanted to make sure that readers felt like they had something that was almost like a workbook or guidebook – something they could refer back to often. Another challenge I faced was trying to not get overwhelmed with how large of a task this was and how much there was to do. I also tend to be a perfectionist and I had to learn to get to a stopping point so that we could get the book through the editing process.
Q. How would you describe your author journey with Packt? Would you recommend Packt to aspiring authors?
Shinesa: I would (and have!) definitely recommend Packt to aspiring authors. The team I was set up with was great to work with in helping to define a schedule and milestones, providing information on what to expect, and getting me through the editing process to a published book. I felt completely supported along the way.
Q. Why should readers choose this book over others already on the market? How would you differentiate your book from its competition?
Shinesa: The exciting thing is that at this point in time, there isn’t a book on the market like this one. It’s a first of it’s kind and we’ve done in a style that allows the reader to get hands-on experience and practical knowledge, going beyond “book knowledge” of auditing cloud environments.
Q. What is/are your specialist tech area(s)?
Shinesa: Cloud Security, Governance Risk and Compliance, Cybersecurity, Identity and Access Management.
Q. What advice would you give to readers jumping into this technology? Do you have any top tips?
Shinesa: Get hands on! My book on Cloud Auditing was written in a way that you are encouraged to play around and experiment. Each of the major cloud providers gives you free credits to set up an environment, so why not follow along and get familiar through hands on experience that guides you on the important areas you need to know for cloud auditing. My second tip would be to get plugged into cloud security and cloud governance communities and share what you’re learning!
Q. What’s your take on the technologies discussed in the book? Where do you see these technologies heading in the future?
Shinesa: The demand for cloud auditing skills will only continue to grow alongside the demand and adoption of services in the cloud. The book mainly touches on auditing PaaS and IaaS services, but there’s a great need to understand how to apply controls to SaaS services as well. Cybersecurity and governance are becoming parts executive orders and the highest level mandates within countries across the world and a large part of adherence is testing for compliance and this includes cloud environments.
Q. How did you organize, plan, and prioritize your work and write the book?
Shinesa: What I found most helpful was having an outline of what I needed to accomplish and blocking off time to get it done. It definitely wasn’t easy and I dedicated many nights and long weekends to getting it done, but I think the sacrifice and work was well worth it to be able to produce something that people have found to be valuable in helping them to learn and expand their understanding of cloud auditing concepts.
Q. What are your favorite tech journals? How do you keep yourself up to date on tech?
Shinesa: Lately I’ve been more into podcasts over journals but ISACA and ISSA produce some good practitioner focused content for Governance Risk and Compliance professionals. Some other things I really like for staying up to date are attending conferences and webinars and following other cybersecurity professionals on social media. I find that’s an especially good way to get up to date quickly.
Q. Would you like to share your social handles? If so, mention them below.
Justen: Yes, of course. Here you go: LinkedIn: https://www.linkedin.com/in/shinesa-cambric/ Twitter: @gleauxbalsecur1.
Q: What is that one writing tip that you found most crucial and would like to share with aspiring authors?
Shinesa: Something that I found crucial was to keep my audience in mind and consider what’s most important for them to know. There is a ton of information I’d love to be able to share in the book but I also didn’t want to overwhelm readers or wait to long to get the book in their hands.
You can find Shinesa’s book on Amazon by following this link: Please click here