cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Simon_Johnson
Newcomer I

Passed the CCSP exam - My Thoughts

I Passed the Certified Cloud Security Professional exam on Tuesday
https://www.isc2.org/Certifications/CCSP

 

Key Learning Point: "Ensure whatever you deploy into the cloud is more secure than whatever you deploy in-house"

 

For anyone interested in doing this exam I recommend the following.

Do CISSP first (I was able to answer a lot of questions because of the research I did for CISSP)
Read the CCSP CBK book - ISBN 978-1-119-27672-2 (Twice)
Read the CSA - Security Guidance for critical Areas of focus in cloud computing v3.0 (Free Download)
Read the CSA - The Treacherous 12 (Free Download)
Read the CSA - Cloud Control Matrix (Including the New GDPR section) (Free Download)
Read the Jerico - Cloud Cube Model
Read - OWASP top 10
Ensure you understand encryption
Ensure you understand virtualization technologies
Ensure you understand the core difference between IAAS, PAAS, SAAS

Exam Prep:
Read all Of the above
Free Flash Cards from ISC2 (Downloadable to iPhone and I think android)

 

CCCure Exam Prep - Accessible from your desktop https://www.cccure.education/ (Paid about £50-60) Helps get into the frame of mind and question format. Not many questions found on actual exam, but still worth it.

 

Studied for six weeks (But CISSP helps a lot)

The Exam

125 questions in 240 Mins - Did mine in about 120 mins (70% Pass required)
Multiple Guess - straight questions but a lot of scenario based questions
More of a management approach than technical exam.
Yes I found it hard. Very broad questions (Alot of my knowledge came from doing CISSP)

30 Replies
BorisV
Viewer

My Preparation and experience was different for CISSP CAT Exam taken on 01/10/2018.

Feel Free to reach out to me if you are interested in learning more.

LinkedIn: https://www.linkedin.com/in/borisvi
Twitter:   
https://twitter.com/boris_vi

Boris Vishnevsky, MBA, DIA, CISSP
Internet: boris.vishnevsky@outlook.com
LinkedIn: https://www.linkedin.com/in/borisvi
Twitter: https://twitter.com/boris_vi
610-745-5315
filippos_K
Newcomer I

Congrats and thanks for sharing your guide!

 

Filippos

Fenix
Newcomer II

Good to know!  I took the SSCP Prep course through Global Knowledge in 2015.  I understood the concepts but haven't taken the test yet as the closest testing facility is about 2 hours away and the certification isn't necessarily required for the job I am doing. 

 

Leszek
Viewer

Congratulations Simon.
Thank you very much for your long list of resources, very helpful indeed.
Gary23
Newcomer II

Congratulations Simon.

 

agree with your study recommendations.

 

I passed my CISSP for the second time in 2014 and I used the heck out of the Cybex books for review.

 

I passed the the CCSP test a couple of week ago and am waiting for my final validation.

 

-Gary

laracissp
Newcomer I

Hi Buddy,

So GDPR is included in this exam?

 

I am kind of confuse between the DDPR and GDPR.

 

Thank yuo

nagarajan
Contributor I

I don't think GDPR is mentioned as such. So far I didn't see it in the official study book.

Regards,
Nagarajan Viswanathan (Raj)
rslade
Influencer II

> laracissp (Viewer) posted a new reply in Certifications on 02-21-2019 12:02 AM

> Hi Buddy, So GDPR is included in this exam?   I am kind of confuse between the
> DDPR and GDPR.

GDPR basically has the original seven DDPR requirements with th addition of
accountability, and an added list of suggested actions to take.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
It is more fun to talk with someone who doesn't use long,
difficult words but rather short, easy words like 'What about
lunch?' - Pooh
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
conma293
Newcomer I

Is it a good idea to go after the CCSP straight after the CISSP? Just got my CISSP and deciding between this and GSE. Not much experience with cloud though..

denbesten
Community Champion

Depends completely on your career goals.  Take a look at the various job-boards for positions that interest you and let their requirements guide you.  If they tend to require certs that you do not currently hold, then pursue those certs.  On the other hand, if they say "CISSP or GSEC", save your money.  

 

When it comes to (ISC)² exams specifically, "not much experience" is a big red flag.  Having passed the CISSP, I'm sure you relied on your experience just as often as the prep materials.  If you have just one, passing is possible, but with both, the exam becomes easy.  I would expect the CCSP to have a similar nature.