Some months ago I came here for the first time to post my experience with the CISSP exam, that I had just passed. See this long post and this one a little (not much shorter). After the process of endorsement, I am currently a CISSP. One week a half after CISSP exam, I passed CISM, what was a little trickier than I expected but not specially hard with the CISSP study I had gone thru. But we're not on ISACA forums, so let's move on.
This wednesday June 5th I sat for the CCSP exam, which I passed. So here are my thoughts.
First of all, with regard to the hardness of the exam, there is something relevant to consider. While I spent a couple of months quite focused in the CISSP study, in this case I barely spent a couple of weeks studying, probably about 40 hours total. When I sat for the CISSP, what frightened me was that I didn't know what to expect in the exam (i.e. questions type, language, subjects, etc.). In this case, in general terms I knew what to expect (as both exams are from ISC2), but I felt much more insecure with regard to my knowledge. At the end, studying for the CISSP proved to be very valuable, because many terms that the CCSP material uses were already familiar to me. In other words, I don't think I wouldn't have passed CCSP without studying for CISSP, but that's probably up to one's experience (for example, I don't think I would have passed CISSP without my +15 years of InfoSec experience).
Another element to consider is the type of exam. Back in March I did the adaptive CBT CISSP exam, what implies that after answering a question you cannot go back. You just move ahead. In the case of CCSP, as with CISM, you can review and flag questions, what can led you to some overthinking. I had flagged about 25% of the 125 questions when I reached the last question, in approximately 100 minutes. It took me 15 minutes or so to review the flagged questions and after a couple of hours I was done with the "Congratulations" printed sheet in my hand.
So, did I find the exam hard? Not hard, but not exactly easy either. Having done the CISSP exam and the previous intense studying helped a lot, and my experience in other IT fields did help too, but when I began studying there were a bunch of concepts I was not very familiar with. So if you are not into cloud computing but have experience and good knowledge of InfoSec, you will need to study a little, at least. As with the CISSP, you will need also some inference abilities, because sometimes it's not that you know the answer, but that you can rule out the other three options (or at least two, and then make some deep reasoning... or guessing).
When I planned for the exam, I was very ambitious (CSA, NIST, ENISA, etc.), but I got more practical as the exam date approached. My study materials were the following:
My thoughts on those materials are:
That's pretty much all. As I said with CISSP, it's an exam you can do with some effort, that will depend on your InfoSec, IT and Cloud experience, and if you have done CISSP before.
Hope it helps.
Congrats on passing both of those exams.
Just proves that hard work and diligence pay off.
I would like to know if you have a method for pre-exam study efforts?
Do you spend more time reading through exam guides, and other reading sources, or do you spend more time doing pre-test and less time reading through reference sources?
I know that for the most part many individuals log in to the different certification communities in search of what is the best or most effective study method(s) and resources used to study prior to the different certification exams. Your post had some really good information and should provide insight to those seeking answers to for the easiest solution. Put in the time, get the experience, and seek guidance for issues or concerns that give the trouble. I am extremely happy for you and again Congrats on your accomplishments.
Thank you for your words. Regarding my method, I wouldn't say I have one, but I can describe you my usual approach.
I usually start with the official material study and any other "general" book or reading source, and highlight it from beginning to end. Enough to have a good general overview, but not too much so I don't have time for doing tests. While doing so, I usually take photos of concepts or diagrams I find useful (or hard to memorize), and I go thru them on the bus or while commuting. I find highlighting it very useful, as it forces you to read slower, and even reading a sentence before highlighting.
After highlighting materials, I do a bunch of tests, and keep taking photos of things I didn't remember/get/understand (that's why explained answers to tests are so important to me). After some time, I do a quick read of the highlighted materials and go back to the tests. At this time, I can have a hundred pictures of concepts, pictures, diagrams and figures in my smartphone. Let's say it's a custom type of flashcards.
I keep doing tests, and from while to while, I go to Internet to search or to go deeper in some concepts, while keeping reading the smartphone custom "flashcards" when commuting, being bored, waiting for somebody, etc. Mostly in the case of CISSP, I recall as if the materials were constantly on my mind. If I had a pause, I opened the gallery and went thru the pictures, giving them a glance and a quick look. I think the idea is to get you focused on the materials as much time as possible, feeling that it fills all the gaps you have unused time.
Hope it helps. Thank you again for your words 🙂
My thoughts on those materials are:
- The book is easy to read, not too deep. I found it helpful but (maybe) some chapters too high-level.
What would you recommend changing with the book? Where did you find that you needed to dig deeper?
It was a general impression, not something very specific, but allow me some time and I'll try to elaborate on it. Maybe I expected more technology-related examples or some technical insights, even though I know (ISC)2 is vendor neutral, so that makes things harder.
In any case, do not misinterpret me. I think the book is a very valuable resource to learn, understand and refresh concepts, related to cloud computing and anything related to it, even marginally. It is a good book, by all means, to prepare to the CCSP.
You also have to take into account that I passed CISSP two months before the CCSP exam, and the material of CISSP covers part of the CCSP contents, so most of it was already familiar to me. If I had gone directly for the CCSP without studying previously for the CISSP, it's very possible that things would have changed quite a lot.