I had recently posted this on a different thread, but I figured I'd post it here (with a couple of minor edits) since I think it may be helpful:
I just took the exam on Saturday 7/28 and passed on the first attempt. I also hold a CISSP, which helped, but more than anything, I agree that having significant real-world experience in the subject domains coupled with a deep and functional understanding of the topics is a real key.
And, of course, don't forget strong reading comprehension, critical thinking skills and the ability to synthesize information and make good qualitative judgements given situations where all answers or options may be relevant or arguably correct (or at least plausible in some way) - typical skills to succeed on any ISC2 exam (and in real life).
As this is a cloud-focused security exam, the biggest help for me personally was that I have close to two decades of experience in infrastructure, security and software development, including over a decade of significant real-world experience specifically in modern cloud and cloud software development ranging from technical to architectural to managerial.
With my background and experience, I felt right at home with both the material itself and with the exam content. On the other hand, this is definitely a specialized exam that has good bit of detail and nuance, and if you don't have the background and experience in cloud, software development and the related areas and are just trying to learn it for the first time from the study material, then it can be tough.
In fact, going in, even though I had a lot of experience and felt that I prepared thoroughly for it, I still felt pretty nervous and not sure what I was walking into having read stories of people failing not once, but in some cases multiple times - people for whom this was their first ever exam failure despite holding multiple difficult to obtain information security credentials. I really thought I was going to walk into an exam that was deliberately ambiguous, tricky, poorly written or otherwise not at all congruent with my experience or any of the any of the material I used to prepare.
I am happy to report that was NOT the case at all and that in my experience, the exam questions were very clear, well written and none of the questions were unfair or in some way inconsistent with the objective domains of the exam. As anyone who has taken any ISC2 exam knows, you can expect the exam to test your ability to comprehend, infer and synthesize information to make judgements based on experience and working knowledge - not just be able to memorize and recall facts or simple definitions. So again, this is where the real-world experience and working knowledge of the broad array of topics gives you a huge edge.
The study materials and other material I used covered the vast majority of topics, though not 100% and were not a substitute for real world knowledge and experience. They were as follows:
1. ISC2 CCSP Official Study Guide - Good, in-depth overview of topics. Decent practice questions/tests, but not nearly as good as the official practice tests
2. ISC2 Official Guide to the CCSP CBK (2nd Edition) - Good, in-depth overview of topics. It filled in, explained better, and/or went through a lot of relevant areas that the official study guide did not, so I highly recommend this no matter what other material you choose to use.
3. ISC2 CCSP Official Practice Tests: Large number of very good practice questions across all domains (100-150 each) and 2 full length practice tests. The questions were much better written and edited than the official study guide and were a much better measure of preparedness. Highly recommended. I didn't bother with the book, I just used the online test engine.
4. CCSP All-in-One Exam Guide: I started to read this, but had already read so much other material, I didn't get too far. Plus, I was kind of turned off by the large number of typos and really poor editing job (at least in my Kindle version). Instead, I primarily used the practice questions/exams and the computerized test engine as yet more practice for the exam.
5. CCCure Practice Questions: A couple days before the test, I wanted to try some fresh practice questions I had not seen before, and so I subscribed to CCCure to try their CCSP questions. Overall, I would say they're pretty good. If you opt to use them, you can go with their shortest subscription because there are only 198 questions. They were a good last minute exercise to test my comprehension and retention.
6. CSA: I scanned through the CSA site, programs and some of the CSA documents, but not in too much detail. It was more for familiarity with them.
Beyond preparation and experience, I would say that test taking strategy and skills are also very important. I have taken more professional certification exams than I care to admit, and part of the key to long term success in these exams (especially the harder ones) is good test taking skills and strategy.
Some of my tips and practices are:
1. I complete the entire exam as quickly as I can (I don't rush, however) and don't allow myself to get stuck on any particular question. If I am not sure, I will still choose an answer and mark it. Once I have at least seen and answered all of the questions, there is no more "fear of the unknown" and I have a much better comfort level, feel more relaxed and can better concentrate on those questions where I want or need to spend more time and review.
2. I immediately and habitually eliminate any obviously incorrect answers for any questions. Even in a case where you don't know the right answer with certainty, often this can either get you to it by deduction, or at least give you a 50/50 chance. And where you are fairly or totally certain, having a habit of immediately striking the wrong ones makes the choice even more obvious.
3. I review the entire exam a second time from the beginning. I find that I am in a more relaxed state the second time around since there are no surprises. I am thinking clearly, and generally I do make good decisions with regard to changing answers on occasion provided it is obvious and I am confident about the choice. Otherwise, I do not do it out of fear or uncertainty or second-guessing. If I am really not sure, I will just leave it and not sweat it.
4. With any examination of this sort, I always treat it like a numbers game. I know the score I need to pass, and so I know roughly the number of questions that I can get wrong and still pass the exam. Therefore, I will tally up the number of questions that I am certain I answered correctly versus those I am not. Having eliminated obviously wrong answers even on the ones I am not sure of, I know I have a high likelihood of answering at least some percentage of those correctly. Based on that, most of the time I am able to know with a high degree of confidence by the end of my review whether I have passed the exam or not. If the number of questions I am certain I have answered correctly is well more than the number needed to pass, then I am pretty relaxed in reviewing the ones I was not certain of. On the other hand, if the number I was certain of were very low or insufficient to pass, I would spend much more time and be much more careful in my review.
Anyway, that's my experience with preparing for and taking the exam. Hopefully that is helpful and good luck!
Thanks so much for this-- it is really incredibly helpful, and full of great insight. Congrats on passing the exam! I'm going to share your notes with all my future students.
Thanks, Paula! So glad I could be of assistance-- congrats on the cert and welcome to the club. Which country? That's a high honor!
@sdonahue013 this is really good advice. I passed the CCSP back in late December and the key thing that you mention that also helped me is simply years of experience in IT and especially infrastructure. I have been a CISSP since 2005 and a ISSMP since 2011. Been around the block. Last month I attended my first ISC2 item writing workshop in Tampa and it just happened to be for the CCSP. I had been asked to do others throughout the year but had conflicts. I was a bit apprehensive about doing this because it was my most recent certification and wondered if I would be in over my head. It was a really enjoyable experience and opened my eyes a lot to the test creation process. I participated fully with the perspective of the test taker. I am heading back in Feb to participate in a CISSP item rework workshop. I highly recommend these workshops and giving back to ISC2 via test item development.
Okay, I'll add my voice to the chorus. I'm a U.S. Navy veteran from the 70's, which facilitated free online cybersecurity training through a program called "Hire Our Heroes" with training certified by the U.S. Department of Homeland Security.
I've taken dozens of their courses over the years, and Ben was the instructor for the CISSP one. The videos were great, as they were shot during an actual class, and it wasn't necessary to take notes because every spoken word was transcribed and presented in an accompanying PDF file. With his videos, additional training from another instructor that used to work for me, Ted Udelson, and decades of hands-on experience, I passed the CISSP in one-half the allotted time, including all of my breaks.
One day last summer, I came home from work to have my wife inform me that we were going to the (ISC)2 Security Congress in October of 2018. (It was in New Orleans, a city we'd always wanted to visit.). When I saw that Ben was teaching a compressed 16 hour boot camp for the CCSP - the next certificate I wanted - I asked her to "make it so." Having discovered what a great instructor Ben is through the DHS videos, I knew that I wanted to take his class. When I met Ben the first day, I told him how much I'd learned from him, and how he had given me the confidence to know that I would pass the exam easily. (He was right.)
That was for the CISSP. If you're looking for CCSP practice questions, his book is all you need if you truly have the relevant experience (no book can replace hands-on knowledge and experience, in my opinion). If you can answer his questions, you'll pass the exam, it's that simple. I took his class in early October, then scheduled and passed the exam two weeks later in half the allotted time, piece of cake.
Ben, the next time I see you I think you owe me a candy bar!
Well, dammmmn-- I am humbled and flattered by that, Lloyd. I don't think there's an instructor in the world who wouldn't be moved by such a testimonial, and I'm for sure no exception. I thank you, and offer you all the candy there is to have. Much obliged, sir.
Every word is true, Ben. Having been through your bootcamp, as compressed as it was from 5 days into 2, and using your practice questions, I whipped through the CCSP in 2 hours, and there was only a handful of questions I didn't know the answer to. Granted, I have 8 years of experience in cloud cybersecurity on top of my CISSP, which, although not required, is a background I strongly recommend. But even if someone only has the requisite 5 years of experience, your book is the best prep material I can recommend.
(And don't tell my wife about the candy, I'm supposed to be on a diet.)