I Passed the Certified Cloud Security Professional exam on Tuesday
https://www.isc2.org/Certifications/CCSP
Key Learning Point: "Ensure whatever you deploy into the cloud is more secure than whatever you deploy in-house"
For anyone interested in doing this exam I recommend the following.
Do CISSP first (I was able to answer a lot of questions because of the research I did for CISSP)
Read the CCSP CBK book - ISBN 978-1-119-27672-2 (Twice)
Read the CSA - Security Guidance for critical Areas of focus in cloud computing v3.0 (Free Download)
Read the CSA - The Treacherous 12 (Free Download)
Read the CSA - Cloud Control Matrix (Including the New GDPR section) (Free Download)
Read the Jerico - Cloud Cube Model
Read - OWASP top 10
Ensure you understand encryption
Ensure you understand virtualization technologies
Ensure you understand the core difference between IAAS, PAAS, SAAS
Exam Prep:
Read all Of the above
Free Flash Cards from ISC2 (Downloadable to iPhone and I think android)
CCCure Exam Prep - Accessible from your desktop https://www.cccure.education/ (Paid about £50-60) Helps get into the frame of mind and question format. Not many questions found on actual exam, but still worth it.
Studied for six weeks (But CISSP helps a lot)
The Exam
125 questions in 240 Mins - Did mine in about 120 mins (70% Pass required)
Multiple Guess - straight questions but a lot of scenario based questions
More of a management approach than technical exam.
Yes I found it hard. Very broad questions (Alot of my knowledge came from doing CISSP)
My Preparation and experience was different for CISSP CAT Exam taken on 01/10/2018.
Feel Free to reach out to me if you are interested in learning more.
LinkedIn: https://www.linkedin.com/in/borisvi
Twitter: https://twitter.com/boris_vi
Congrats and thanks for sharing your guide!
Filippos
Good to know! I took the SSCP Prep course through Global Knowledge in 2015. I understood the concepts but haven't taken the test yet as the closest testing facility is about 2 hours away and the certification isn't necessarily required for the job I am doing.
Congratulations Simon.
I agree with your study recommendations.
I passed my CISSP for the second time in 2014 and I used the heck out of the Cybex books for review.
I passed the the CCSP test a couple of week ago and am waiting for my final validation.
-Gary
Hi Buddy,
So GDPR is included in this exam?
I am kind of confuse between the DDPR and GDPR.
Thank yuo
I don't think GDPR is mentioned as such. So far I didn't see it in the official study book.
Is it a good idea to go after the CCSP straight after the CISSP? Just got my CISSP and deciding between this and GSE. Not much experience with cloud though..
Depends completely on your career goals. Take a look at the various job-boards for positions that interest you and let their requirements guide you. If they tend to require certs that you do not currently hold, then pursue those certs. On the other hand, if they say "CISSP or GSEC", save your money.
When it comes to (ISC)² exams specifically, "not much experience" is a big red flag. Having passed the CISSP, I'm sure you relied on your experience just as often as the prep materials. If you have just one, passing is possible, but with both, the exam becomes easy. I would expect the CCSP to have a similar nature.