cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
S3cur1tyExprt
Newcomer II

Passed my CCSP exam on 05/23! (long post)

I'm excited to share that I passed the CCSP exam on 05/23!  I want to thank everyone on this board who posted and shared their experience, study methods and tips.  I started last year preparing on and off (mostly off...lol) for about 8 months or so but didn't really get serious about my studies until March 2019.  And then I was even more focused in my study and preparation once I decided to register for the exam in May.  It's amazing how we can get motivated when money is at stake, especially when the wife says "you better pass" (lol).

 

My study and preparation are as follow:

 

  • CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide (by our friend on this board, Ben Malisow) - I read cover to cover and took concise notes.
  • CCSP Certified Cloud Security Professional All-in-One Exam Guide (Daniel Carer) - I read once.
  • The Official (ISC)2 Guide to the CCSP CBK - I read once.
  • I read the various documents and took notes:

CSA - Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
CSA - The Treacherous 12
CSA - Cloud Control Matrix
Jerico - Cloud Cube Model
OWASP top 10

 

  • ISC2 Certified Cloud Security Professional (CCSP) video course (Cybrary - Kelly Handerhan) - very good course that gave a nice overview. 
  • CCSP videos at ITPROTV by Adam Gordon. 
  • CCSP flash cards at Quizlet (installed on phone, free)
  • Anki flash card software (free) - I used this the most for my preparation.  I made flash cards from my personal notes and the various reading materials mentioned above.  You can also import the flash cards from Quizlet into the Anki software.  There is a paid iphone app that allows you to sync your data with the desktop software (really worth it!).
  • I recorded my flash cards into mp3 so I could listen to them while driving and doing parental duties (shuffling 3 kids to various practices and events during the week took up a lot of my time).
  • And lastly, after I felt comfortable with all the concepts, I did all the practice questions in the various resources mentioned.  I saved Ben's CCSP Official (ISC)2 Practice Tests for last and I completed all the practice questions at least 2 rounds - averaging in the lower 90's. You can register the book for online question bank access. (Thanks Ben! It's a great study resource)

On the day of the exam, I arrived one hour early and sat in my car to just relax and meditate.  Once I arrived in the testing center, there was a back log of testers being processed and I had to wait for about 30 minutes.  I used that time to quickly scan through my notes and flash cards.  During the exam I felt pretty good with my pace and time since I practiced taking simulated questions in batches of 65 and taking a quick 10 minute break at about the halfway point.  Since passing my CISSP in 2017 with 250 questions, 125 shouldn't be a problem (lol).  I finished the first pass of the exam in about 2 hours with about 25 questions marked for review.  I spent another hour reviewing the marked questions and also reviewing the entire exam once again. At the end I submitted the exam and I felt confident.  The test proctor came to my station but apparently I didn't confirm to end the exam.  I walked outside to the counter to give my locker key and retrieve my ID card.  During that entire time, I kept watching the printer for a document to print but did not see anything printing.  I really started to get worried at this point and all kinds of things running through my mind.  As the lady proceeded to hand over my ID card, in her hand she had a folded paper and gave it to me.  I opened it and immediately looked for the "Congratulations" but somehow to my nervousness, I couldn't find it for a few seconds.  Then finally my eyes fixed on the "Congratulations" and I was so excited!

 

Sorry for this long post but I wanted to share my experience.  During the past months, I read all the "passed" threads here on this board, Reddit, and various forums.  Each one would give me motivation and belief during the times I wanted to quit.  So hopefully I can at least inspire and help at least one person to succeed in their journey to becoming a CCSP!

12 Replies
anothername
Newcomer I

I passed as well last week. 

 

The exam was harder then i expected as I thought there were many questions that were not in the preparatory material. I also have the ISC2 official student guide. 

 

If it wasn't for my practical knowledge of being in IT and IT security for the last 20+ years to fall back on, I am not sure I would have passed. This is probably how ISC2 intends it though - a bunch of paper CCSPs without years of exposure. 

 

I spent about 2.75 hours going through the exam. Flagged about 20 questions and had them noted as 50/50 for 2 options. Reviewed those 20 in about 20 minutes and changed one.  

 

I can't share anything due to NDA, but I remember one question, that i went back through notes, books, and other resources and it just is not documented anywhere. It is a set of metrics that you would have to know/memorize, so not really a fair question if no one knows to prepare for it. Google found the answer though. 

 

Best advice - be ready to use inference skills. 

S3cur1tyExprt
Newcomer II

Congratulations on you passing as well.  I agree with you.  I used my practical experience on many of the questions and I'm so glad to have achieved this certification.

ericgeater
Community Champion

congratulations to you all on passing!

-----------
A claim is as good as its veracity.
mgorman
Contributor II

I agree with the sentiment that there are questions that fall to a broader background and experience, and I am very glad, personally.  I have seen many certs over the years become worthless, as they handed them out far too easily.  MCSE for one.  I remember when that was a serious certification, and having it meant something.  Then, over a few years, I met more and people who had one, but didn't know a thing about real solutions.  ISC2 and Cisco have done about the best job of maintaining their certs' credibility of any I've been close to.  ISACA and others may as well, I just don't know them as well.

rottweiler
Newcomer I

Congrats to everyone who has passed the CCSP exam. I also passed on 05/23 and am awaiting the official certification email. Those are some good resources for learning the material.  I used some of them myself.  I also used a number of SkillSoft videos, which my employer subscribes to, to help me learn.

 

I found that no single source would have gotten me over the goal line. Ingest whatever you can get your hands on and have time to process. For me, the final push was a week long boot camp by Training Camp. It puts your mind in an isolated mode where all you think about is cloud. I came home on a Saturday and took the exam the following Thursday...and passed. That's not for everyone, but it worked for me and several others in my class. A few didn't pass and a few still haven't taken the exam yet.  Don't wait too long!  Over time, you will forget details so plan your exam when your brain is so full of cloud knowledge that the needle is pegged on FULL.

 

Best of luck to those of you with upcoming exams!

AlecTrevelyan
Community Champion

Congratulations to you too, @rottweiler!

 

JoePete
Advocate I

Out of curiosity, I am wondering if the CCSP or CCSP-hope-to-be's have thoughts on where it fits in the bigger picture. I think the issue that is popping up in the certification world is that a cloud-specific certification has tremendous overlap with more established credentials. The reality is that you can't practice IT or information security today without being adept with cloud computing and we are seeing that reflected in things like the CISSP or Security+. At the same time, a large portion of cloud security is the same as traditional security (whether you are interacting with physical hardware or virtual hardware is often irrelevant). Sure there some things specific to cloud computing, but they seem more an addendum to the standard security body of knowledge (e.g. the CISSP) than something distinct. That's just my observation, and I am curious as to how other people view the relationship.

mgorman
Contributor II

I don't disagree that IT and cybersecurity in general have to have cloud awareness, and you are seeing some of that reflected in the general certs.  At the same time, the CCSP certainly has more focus on it, and gets into a lot more details and questions specific to cloud.  Similar to things like CSSLP, which overlaps, but is much more detail oriented in the software life cycle.  CISSP is very broad, and is intended to ensure you have a broad knowledge of the profession, which in my mind means you know when something needs to be done, and can ask the right questions to ensure it is done, but doesn't necessarily mean you can do it.  The specialties are more along the lines of being able to do it.

AlecTrevelyan
Community Champion


@JoePete wrote:

Out of curiosity, I am wondering if the CCSP or CCSP-hope-to-be's have thoughts on where it fits in the bigger picture. I think the issue that is popping up in the certification world is that a cloud-specific certification has tremendous overlap with more established credentials. The reality is that you can't practice IT or information security today without being adept with cloud computing and we are seeing that reflected in things like the CISSP or Security+. At the same time, a large portion of cloud security is the same as traditional security (whether you are interacting with physical hardware or virtual hardware is often irrelevant). Sure there some things specific to cloud computing, but they seem more an addendum to the standard security body of knowledge (e.g. the CISSP) than something distinct. That's just my observation, and I am curious as to how other people view the relationship.


I totally agree with @mgorman.

 

Having taken and passed the CISSP, CCSP, ISSEP, ISSAP and ISSMP exams (in that order), and having gathered learning materials for the CSSLP in preparation for hopefully taking that exam later this year, I can tell you there is significant overlap between all of these - unsurprising as far as the CISSP concentrations are concerned - but this just speaks to how broad the CISSP is, and that in a nutshell is why certifications that validate more in depth knowledge certainly have a place.