Training Banner

CCSK Training

Certificate of Cloud Security Knowledge - Foundation

The Certificate of Cloud Security Knowledge (CCSK) Foundation class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certificate exam. Starting with a detailed description of cloud computing, the course covers all major domains in the Guidance document from the Cloud Security Alliance, the Cloud Control Matrix (CCM) from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA).

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management). View the class schedule page.

Certificate of Cloud Security Knowledge - Plus
The CCSK Plus class builds upon the CCSK Foundation class with expanded material and extensive hands-on activities with a second day of training. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud.

This second day of training includes additional lecture, although student’s will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises. View the class schedule page.

CCSK Training Partner Program
For organizations wishing to be partners to provide training for the above courses, please review the CCSK Training Partner Program here. View the class schedule page.

Cloud Control Matrix (CCM) Foundation Training

Training Course Overview

This training course is designed to provide training for CSA's Cloud Controls Matrix (CCM), which is a part of CSA’s GRC Stack toolkit. The course will also provide an introduction to the Consensus Assessments Initiative Questionnaire (CAIQ) and CSA Security, Trust & Assurance Registry (STAR).

Course curriculum will center on:

  • Introduction to Cloud
  • Introduction & Purpose of Cloud Controls Matrix
  • Cloud Controls Matrix Structure
  • Cloud Controls Matrix Domains
  • Intro to CAIQ and STAR, the Future, Summary


    Upon completion of this training, the attendee should be able to use the CCM and CAIQ to be able to:

    For a cloud vendor:

  • Comply with fundamental cloud security principles and requirements included in relevant security standards and legislations
  • Assess the security posture
  • Compare yourself with competitors and industry benchmark

  • For a cloud customer or cloud auditor:

  • Assess the overall level of security offered by cloud provider
  • Build the necessary assessment processes for engaging with cloud providers
  • Leverage the mapping with other industry-accepted security standards, regulations, and controls frameworks (such as ISACA COBIT, FERPA, AICPA, ISO/IEC 27001/27002, NIST, Jericho Forum, NERC CIP, PCI DSS and the CSA Guidance document) to reduce audit complexity
  • Normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud

  • CCM Training is currently being offered upon request. Please email us for more information.

    Upcoming Training Opportunities

    Training Partner
    Authorized Trainer
    Date and Location

    CCM Training is currently being offered upon request. Please email us for more information.

    Looking for the CCSK Exam FAQ? Click Here

    CSA CCSK Training

    Q. Does CSA provide training programs for CCSK test preparation?

    A. Yes. CSA has developed a training program that provides hands-on experience in securing a cloud environment and that assists students in achieving CCSK certification:

    • CCSK Foundation - This course provides a solid foundation in cloud security fundamentals and covers all the material needed to pass the CCSK exam. The course is designed to appeal to a wide range of knowledge levels, but we highly recommend a solid security foundation. This training is a lecture-only, one-day course.

    • CCSK Plus - This course provides a solid foundation in cloud security and includes a full day of hands-on labs to apply the principles in practice. It incorporates new, expanded material for advanced students. The course covers all the material needed to pass the CCSK v4 exam while adding a pragmatic approach to immediately kickstart your cloud security projects. (**Note: All labs use Amazon Web Services, and students will need to have an AWS account and a laptop, instructions are sent before class). We do include demonstrations of some other major cloud platforms, such as Microsoft Azure, but all exercises are restricted to AWS.**

      The course is designed to appeal to a wide range of skill levels, but we highly recommend a solid security foundation and, for the labs, experience making SSH connections. While most of the labs occur in a web browser, you will need to connect to Linux cloud servers and copy and paste a handful of command lines. This training mixes lecture and lab modules across two days.

    Q. Are live, instructor-led trainings available, and if so, what is the cost?

    A. Yes, CSA works with several training partners to provide live, instructor-led training, both in the classroom and remotely. These trainings happen in a variety of settings (i.e. standalone, at conferences, dedicated in-company training sessions, etc.).

    For a more detailed overview of training dates and cost, please check here.

    Q. Is there an option for an on-site training?

    A. Yes, CSA organizes on-site training sessions in collaboration with our training partners.

    Get Certified as an Instructor

    Q. How can I become a CCSK Instructor?

    A. To become a CCSK instructor you must comply with all the following requirements:

    • Individual must hold a CCSK certificate
    • Individual must hold a current (currently v4) CCSK PLUS training certificate
    • Individual must complete a current (currently v4) CCSK Train the Trainer (TTT) course
    • Individual must pass the TTT exam
    • Individual must maintain a current CCSK instructor certificate
    • Individual must become affiliated with a CSA CCSK Training Partner

    Q. How can I become a CCSK training partner?

    A. To become a CCSK training partner you must comply with the following requirements:

    • A company must sign the CSA CCSK Training partner agreement
    • A company must employee or hire at least one certified CSA CCSK instructor

    Q. I’m already a CCSK v3 Instructor. What steps will I need take to bring my instructor certificate current with CCSK v4?

    A. Current CCSK v3 certified instructors will be required to go through CCSK v4 online TTT course and pass all quizzes and the final TTT exam.

    Q. When will the TTT course be available?

    A. The TTT course will be available November 2017. Current instructors will be notified as soon as it is available.

    Q. I have not taken CCSK Plus v4 yet. When will I be able to do that?

    A. CCSK v4 course availability will be posted on the CSA schedule as training partners submit their offerings.

    Q. How do I take the TTT course?

    A. Once you have satisfied the pre-requites for the TTT course, email [email protected] and attach your proof of pre-requisite satisfaction. Once your submittal is verified you will receive a reply with instructions on how to proceed.

    Please contact CSA at [email protected] for additional details.

    CCSK Master Training Partners

    Partner Contact Information
    Hewlett Packard Enterprise Education Services
    Hewlett Packard Enterprise Education Services
    Email APJ Region
    Email AMS Region
    Email EMEA Region
    Visit website

    CCSK Training Partners

    Partner Training Region Contact Info
    APCCOR APAC, Asia Web:
    Email Registration: [email protected]
    Fax Registration: +65 67228628
    Contact: [email protected]
    Beijing Athink Co., Ltd. 北京爱思考科技有限公司 APAC, Mainland China Phone: +86 10 58733296, +86 13701014158
    Email: [email protected]
    Borderless Americas, United States Phone: (919) 449-8519
    Email: [email protected]
    Bright Moon Security Global, United States Phone: (858) 314-8323
    Email: [email protected]
    CAVIS APAC, India Phone: +91 702 152 2768
    Email: [email protected]
    Cloud Computing Security Limited APAC, Greater China Phone: (852) 2922 2992
    Email: [email protected]
    Address: Suite 2611, Office Tower, Langham Place, Mongkok, Kowloon, Hong Kong
    Club Cloud Computing Global, Dutch-based Email: [email protected]
    CSA Colorado Chapter Americas, Colorado Phone: (720) 987 1543
    Email: [email protected]
    Digitranz Cyber Security Academy EMEA, United Kingdom – Europe Contact: Alex Akinjayeju
    Email: [email protected]
    Espion Group EMEA, United Kingdom Phone: UK +44 (0) 845 050 1711, Ireland +353 (01) 210 1711
    Fast Lane EMEA, Germany Phone: +49 (0)40 25 33 46 10
    Email: [email protected]
    Intrinsec Security Global, US-Canada Based Phone: 1-855-732-3348
    Email: [email protected]
    IT2S Academy – IT2S Group Americas, Latin America Email: [email protected]
    Itway SpA EMEA, Italy Phone: 0039-544-288672
    Email: [email protected]
    KORNERSTONE Institute APAC, Hong Kong Phone: 852-2116 3328
    Email: [email protected]
    LGMS APAC, Malaysia Phone: +(60) 3 8605 0155
    Email: [email protected]
    Net Security Training Ltd EMEA, Earling, London, UK Phone: +44 (0) 20 8840 4496
    Email: [email protected]
    Neupart EMEA, Europe Phone: +45 7025 8030
    Email: [email protected]
    NTUC Learning Hub APAC Phone: 6486 7779
    Email: [email protected]
    Web: Global Email: [email protected]
    RedLegg Americas, United States Phone: 877 811 5040
    Robusta Technology & Training Co. Ltd. APAC, Vietnam Phone: (+84) 939 586 168
    Email: [email protected]
    Securosis, L.L.C. Global, US-based Email: [email protected]
    Symantec Global, United States Web:
    Vertical Distinct APAC, Asia Phone (Malaysia): + 603 6140 6398
    Phone (Singapore): +65 6838 5626
    Email: [email protected]
    ZIONSECURITY NV EMEA, Belgium – region Brussels Phone: +32 16 29 79 22
    Email: [email protected]
    Address: Wingepark 5B/102, B-3110 – Rotselaar

    CSA Authorized Instructors

    Completion of the CCSK and CCM Train The Trainer courses demonstrate a superior level of knowledge of all CCSK and CCM course material and the ability to convey CCSK and CCM course concepts to others. As such CSA hereby authorizes the following instructors to deliver CCSK Foundation, CCSK Plus, and CCM courses.

    CCSK Authorized Instructors

    Instructor Certificate Bio
    Rich Mogull CCSK Authorized Instructor Certificate Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. He is a prolific writer and featured speaker at the security industry’s largest events, including RSA and Black Hat. Rich was previously a Research Vice President at Gartner on the security team and co-chair of the Gartner Security Summit.
    Jon-Michael Brook CCSK Authorized Instructor Certificate Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries.
    Peter van Eijk CCSK Authorized Instructor Certificate Peter van Eijk is one of the world's most experienced cloud trainers. He has worked for 30+ years in research, with IT service providers and in IT consulting (University of Twente, AT&T Bell Labs, EDS, EUNet, Deloitte). In more than 100 training sessions he has helped organizations align on security and speed up their cloud adoption. He is an authorized CSA CCSK and (ISC)2 CCSP trainer, and has written or contributed to several cloud training courses.
    Mohamed Malki CCSK Authorized Instructor Certificate Mohamed Malki is an active member in Colorado cyber security community and global contributor to cyber security trainings and certifications. Mr.Malki is CISSP-ISSEP, CISA, CISM, CEH, Triple AWS Certifications (Arch, Dev, and Pract) , CSA CCSK, ISC2 CCSP, CompTIA Cloud+ and CSA+ Subject Matter Expert (SME). Mr. Malki is the director of enterprise security architecture and HIPAA officer with Colorado Governor Office of IT. Mr. Malki is the chairman of OIT Cloud Computing Governance Community with task to coordinate and collaborate cloud services consumption throughout the enterprise. Mr. Malki holds masters in electrical and computer engineering.
    Moshe Ferber CCSK Authorized Instructor Certificate Moshe Ferber is a recognized industry expert and popular public speaker, with over 20 years’ experience at various positions ranging from the largest enterprises to innovative startups. Currently Ferber focuses on cloud security as certified instructor for CCSK & CCSP certification and participate in various initiative promoting responsible cloud adoption.
    Masahiro Morozumi CCSK Authorized Instructor Certificate Masahiro Morozumi is an Executive Director and a founding member of CSA's Japan Chapter. Masahiro has been working in information security since 2003, and founded his own consulting firm in 2014 with the aim of promoting Cloud adoption through providing consultation to SMEs on how to move to the Cloud securely. He has been the CCSK trainer for HP in Japan since September 2014.
    Ricci Ieong CCSK Authorized Instructor Certificate Dr. Ricci IEONG, Principal Consultant of eWalker Consulting (HK) Ltd, has over 20 years of industry experience in the Information Technology Industry as well as more than 17 years of experience in IT Security area specialized in Security Risk Assessment, IT Audit, Penetration Test and Computer Forensics Investigation. He is an Adjunct Assistant Professor in a university in Hong Kong, program director in HKUSpace on Digital Forensics Diploma course, authorized ISC2 Certified Cloud Security Professional (CCSP). He is also the Vice Chairman of of Professional Development of Cloud Security Alliance (HK & Macau Chapter) and an active speaker in many security events in Hong Kong and Asia Pacific region.
    Roberto Bonalumi CCSK Authorized Instructor Certificate Roberto Bonalumi is a freelance electronic engineer with 20 years of experience in information technology and security. He developed his experience in several consulting companies and with customers in financial and telecommunication industries, working as a technical specialist and as a PM for many security projects.

    He is also an (ISC)2 CISSP official trainer, co-founder and director of (ISC)2 Italy Chapter, member of CSA Italy Chapter and member of Digital Forensics Alumni association.
    Graham Thompson CCSK Authorized Instructor Certificate Graham Thompson has over 20 years information security experience assisting large enterprises and government agencies secure data and workloads. Dedicated to cloud security since 2010, Graham has built cloud implementation guidelines for the Government of Canada and has implemented and assessed cloud security for multiple NYSE and NASDAQ publicly traded companies in the financial, retail and telecommunications sectors. In addition to delivering awesome CCSK courses that address real-world challenges, he is an authorized instructor for both CCSP and CISSP courses by ISC2.
    James Arlen CCSK Authorized Instructor Certificate James currently works for one of the largest SaaS and PaaS global vendors providing advice and support for Public Cloud initiatives. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James has been involved in information security policy, process, procedure, and architecture improvements for internationally known manufacturing, service and financial organizations. James is one of the authors of the CCSK and the CSA Guidance v4.

    CCM Authorized Instructors

    Instructor Certificate Bio
    Jon-Michael Brook CCM Authorized Instructor Certificate Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries.
    Neha Thethi CCM Authorized Instructor Certificate Neha works with BH Consulting as an Information Security Analyst in Dublin, Ireland. Her role includes carrying out security assessments for cloud environments, digital forensic investigations, vulnerability assessments and conducting audits against the ISO 27001 security standard. She has contributed to published security research and white papers on cloud security. She has presented at industry events including SecureCloud 2016, B-Sides London and Source 2015. Neha has lectured on subjects like digital forensics, web development and business continuity.

    Certifications achieved - AWS Certified Solutions Architect - Associate, Certificate of Cloud Security Knowledge (CCSK) (CSA), GSEC Certified Professional (SANS), AccessData Certified Examiner (ACE), ISO 27001 Certified ISMS Lead Auditor.
    Brian Honan CCM Authorized Instructor Certificate Brian Honan, CEO of BH Consulting, has over 25 years’ experience in Information Security and is one
    of Ireland’s foremost experts in cybersecurity. Over his long-established career, he has worked with
    organisations, ranging from SMEs to large, multinationals, Government departments in Ireland and
    the UK and Government security agencies, such as the European Network and Information Security
    Agency and the European Commission. He is also an appointed special advisor on Internet Security
    to Europol’s CyberCrime Centre (EC3). Brian regularly presents at industry conferences including the
    RSA Conference (Europe and US), B-Sides London, Source Conferences, Cloud Security Summit,
    Infosec Europe and IDC IT Security Seminar.