Interview with Lars Ruddigkeit
Congratulations
Hi Lars, congratulations on your new certification:
ISACA Advanced in AI Audit (AAIA)!
You are among the first in Switzerland to receive this certification. As an expert in AI and cybersecurity, an international speaker, and a holder of several prestigious certifications (such as CSA Lead Auditor and CSA CCAK in Cloud Auditing), we’d like to hear more about your journey.
Q: What motivated you to obtain the ISACA Advanced in AI Audit certification? How does this certification add value alongside your CSA Lead Auditor and CCAK credentials?
A: I believe there is a significant gap in AI assurance. Many organizations are apprehensive about the EU AI Act. AI differs fundamentally from traditional software development; yet, very few companies today can clearly state what data goes into their AI models and what the prediction outcomes are for each specific version. Ask yourself: could your company demonstrate complete data lineage from training data to the deployed model and each inference event? While business leaders view AI as a productivity booster, they may not be willing to scrutinize these tools for biases in decision-making. The AAIA serves as an extension of cloud audits, given that modern cloud environments are increasingly integrating AI into their services. I see strong synergies between cloud-specific audit certifications and the AAIA, as it both broadens and deepens assurance capabilities in this domain.
Q: What are your practical experiences with CSA and ISACA certifications, and how do you use them in your daily work and projects?
A: I wouldn't describe it as "usage" per se. Earning certifications demonstrates your investment of time and commitment to going the extra mile. They validate your expertise in risk assessment, control mapping, gap analysis, audit planning (for both internal and external activities), and incident investigation. The Certified Information Systems Auditor® (CISA®) credential is highly recognized for assessing IT and business systems and provides a foundation for the AAIA. While CISA is more focused on internal company assessments, CSA certifications emphasize third-party risk, particularly involving cloud and SaaS providers. Together, these certifications enable:
Q: What would you recommend for newcomers starting their careers in cybersecurity, especially regarding AI?
A: Don’t start with AI! Begin by learning the fundamentals of cybersecurity and zero trust. Build your knowledge in entry-level roles such as Security Analyst, SOC (Security Operations Center) Analyst, IT Support, or Software Engineering—I took the software engineering route myself. Understand what artificial intelligence and machine learning are, how they work, and their place in security (e.g., anomaly detection, NLP for phishing, AI-based forensics). Most importantly, engage with the cybersecurity community: join online forums, attend webinars, and network with professionals. In my experience, cybersecurity professionals are among the most supportive groups.
Q: What would you advise for cybersecurity practitioners who already have several years of experience and want to expand their expertise in AI and cybersecurity?
A: The advice varies depending on your main area—be it Blue Team, Red Team, or InfoSec. Your career stage and goals are crucial factors. My own expertise is in InfoSec, which spans eight domains. People often focus more on either compliance or security, depending on their roles. For someone like you, Maria, especially if you’re now encountering AI in your daily work, aim to learn and understand as much as possible. With your background, you could target the ISACA Advanced in AI Security Management™ (AAISM™) certification, expected to launch this September. Alternatively, expand your compliance knowledge with the CISA and then pursue the AAIA. Another strong option is the SANS SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals. The CSA is also developing a dedicated AI security training, expected to launch this autumn around Cyber Monday.
Q: As someone involved with CSA Swiss Chapter and international Working Groups, and as a co-author of the CSA AI Controls Matrix (AICM), you invest heavily in your career. What’s your secret to managing certifications, a busy schedule, and a private life?
A: Honestly, the secret is that we all have 24 hours in a day and seven days each week. I simply prioritize my time differently—it’s a conscious decision to spend less time on social media or watching TV. It's challenging to devote hours to studying for certifications or contributing to the profession, but with more knowledge comes ease in learning. For example, I failed the CCSKv4 twice early in my cloud journey before passing in 2019. In contrast, I passed the CCSKv5 in 2025 with a 98% score, without any extra preparation. Preparation time varies: the CISSP took me around six months, CRISC three months—both with official training materials. For the CISA and CISM exams, about 10 hours with LinkedIn Learning sufficed. I focus intensively on certifications when needed and shift my attention to other challenges like the AI CM project at other times.
Focus and dedication are key.
Q: Thank you, Lars, for sharing your insights. Would you be willing to share more and recommend others to follow?
A: Absolutely! Here are some of my favourite thought leaders in AI and security:
We are pleased to share some highlights from our most recent event.
Are you sometimes lost or even wrong? Navigate your Zero Trust Journey effectively.
Zero Trust is one of the most widely talked about cybersecurity trends today. The world of cybersecurity has come to the conclusion that the traditional security models are insufficient. ZT is a strategy to design to prevent data breaches and stop data exfiltration.
Interview with Lars Ruddigkeit