Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ISC2 Team

CISSPs: How did you prepare for the CCSP exam?

As a CISSP who studied for and passed the CCSP exam, how did you prepare?  What did you find valuable?  Did you learn through self-study, if so, what books did you buy?  Did you attend an official training course, if so, which one?  What was your study plan?  What's your secret for success?  We want to hear from you! 



98 Replies
Viewer II

Read the Sybex book cover to cover and understand every topic inside out.


There were a few technical questions in the exam as well, so know your crypto.

Viewer II

I combined an official course (Provided by See Security Israel) which provided the structure, and mostly self-studies. I primarly used Shon Harris CISSP All in One exam guide, and the (ISC)2 flash cards.
I took the exam less than 2.5 months after starting the course (the last lesson was on the day of the exam LoL).

Not easy but definatly doable.


BTW a few months later I joined the college and am an official CISSP and HCISSP instructor (close to 3 years 🙂 )

Newcomer II

Hi all!


I successfully passed my CCSP exam yesterday! So it seems I was well prepared. As a CISSP, I think the certification is doable, as some content from CISSP is common to CCSP. I mainly used self-study and took no bootcamp or so. Of value :

- The great book "Official (ISC)2 Guide to the CCSP CBK" from Sybex

- Several mobile apps on Android : (ISC)2 CCSP Official Study, ISC CCSP Practice Test 2017 and CCSP: Certified Cloud Security Professional.


So my advice : take 1-1.5 hours a day during 4 to 8 weeks, practice, identify your weak points, go back to the study guide (the one for CISSP may be useful as well) and practice again till you feel confortable.


Good luck!


Viewer II

I learned from the practitioners who are in the trenches everyday (attending workshops, webcasts, conferences).  I read articles from practitioners in various e-publications and blogs.  I studied the

2 guides from the Cloud Security Alliance (CSA) - ultimately preparing for and attaining my CCSK

certification.  I attended CSA CloudBytes webinars.  I read whatever cloud security related articles

appeared in the ISC2 magazine "InfoSecurity Professional". Finally, I rounded out my preparation

by studying "The Official (ISC)2 Guide to the CCSP CBK" book.


I've been working with Cloud for a few years before decided to take the CSSP exam, I did self study and was in the earlier day of the exam, so not so many materials available, I got the CSSP exam outline first, as reference on the exam topics, then I studied the following: first of all the NIST SP 800-145 (need to really understand this, but if you've experience working in Cloud, it should be easier) then CSA Guide, ENISA Cloud Computing Security Risk Assessment, Cloud top threats and SAFECode & CSA Practices for Secure Development of Cloud Applications.

As you see, most of the materials are available from CSA. Additionallly, I refreshed my knowledge on the CISSP domains that relevance to CSSP six domains. This really helpful, as the security knowledge foundation stays relatively the same.

One learning that really guide my during the exam was "we only own DATA on the cloud", this was the most concern of all in protecting our assets on the Cloud, this would determine "who do what" in the Cloud service models.

During the exam, read the questions carefully and take time to understand them. That's all. Thanks.


Newcomer II



I think the question is referring to CCSP prep and not CISSP prep.  (Many of the responses refer to the CISSP.)


I took the exam in December 2015.  My prep was to read everything listed on the recommended reading list. This was very helpful since the cbk was not yet available. Then I found a live course in Sydney. It was a cost to come from New Zealand but it was worth it.  


The exam focuses on cloud.  So having a CISSP does not guarantee that you will pass the CCSP.


Do not expect exam questions to be available at (ISC)2 courses - either in the book or from the instructors.  There is a very strict process that must be followed.  If anyone wants to know about this process, I suggest that they volunteer for a JTA and go tthrough the exam development process.


I also did not use or trust question banks.  Their validity is questionable.  If anyone submits questions to question banks, then their ethics may also be questionable.


I self-studied using the Shon Harris (sixth edition) guide as my go-to reference.  I created mind-map sets for each CISSP domain based on the book.  The maps gave me a visual and mental scaffold on which to hang the details as I read the book.


One thing I really like about this approach: I found I didn't have to write detailed notes as long as I reviewed the mindmaps quickly each day (about 20-30 minutes).  The constant visual review cemented the domain framework in my head and made it easy to recall and apply details as needed. 


After two months of studying (1 to 2 hours per weekday), I passed the CISSP on the first try and did not feel it was a particularly difficult exam. 


I used a similar approach on subsequent CRISC, CISA, and PMP exams, passing each on the first try.  At least for me, the combination of a good reference book and mind mapping works really well!

Newcomer I

I took a course at a community college, and a couple years latter (present day), decided to pursue the certification and purchased the official CBK. Was I pleasantly surprised to find that the community college was totally inefficient. After reading the CBK from cover to cover, and watching countless video's, I felt the need to further my learning by purchasing lab's from a reputable vendor. I am finding that these lab's do not reflect the content of the CBK.


I'm concerned that the on-line sample tests, vendor lab's are not going to fully prep me for my up coming exam. It looks like the only credible source of testing ones knowledge, is the video's and the official CBK.

End of November is fast approaching, and I'm concerned that there really is no viable source of testing ones knowledge prior to the actual testing.


So, I thank you ISC2 for the CBK!

Newcomer II

There is a similar thread on how to go about passing the CCSP - Re: CCSP. Basically here is what I said over there.

I went through the studying process a while back and passed. Here is a a summary on what I did to pass a a couple of tips. Hopes this helps.


I'll be glad to help answer any questions or help with approaches.



Viewer II

I have 15+ years of direct experience with yearly IRS security assessments, SOC audits, etc. so that helped considerably but I used Safari Books Online to help me prepare for my CISSP exam. I used the CISSP flashcards on the (ISC)2 website as well and studied the exam layout/type of questions.