Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I

Passed the CCSP exam - My Thoughts

I Passed the Certified Cloud Security Professional exam on Tuesday


Key Learning Point: "Ensure whatever you deploy into the cloud is more secure than whatever you deploy in-house"


For anyone interested in doing this exam I recommend the following.

Do CISSP first (I was able to answer a lot of questions because of the research I did for CISSP)
Read the CCSP CBK book - ISBN 978-1-119-27672-2 (Twice)
Read the CSA - Security Guidance for critical Areas of focus in cloud computing v3.0 (Free Download)
Read the CSA - The Treacherous 12 (Free Download)
Read the CSA - Cloud Control Matrix (Including the New GDPR section) (Free Download)
Read the Jerico - Cloud Cube Model
Read - OWASP top 10
Ensure you understand encryption
Ensure you understand virtualization technologies
Ensure you understand the core difference between IAAS, PAAS, SAAS

Exam Prep:
Read all Of the above
Free Flash Cards from ISC2 (Downloadable to iPhone and I think android)


CCCure Exam Prep - Accessible from your desktop (Paid about £50-60) Helps get into the frame of mind and question format. Not many questions found on actual exam, but still worth it.


Studied for six weeks (But CISSP helps a lot)

The Exam

125 questions in 240 Mins - Did mine in about 120 mins (70% Pass required)
Multiple Guess - straight questions but a lot of scenario based questions
More of a management approach than technical exam.
Yes I found it hard. Very broad questions (Alot of my knowledge came from doing CISSP)

30 Replies
Newcomer I

Thanks that's a really good answer. My background is more at the tactical operstions level rather than architecture which I think is more what the CISSP and CSSP are aimed at, I have zero experience in cloud technology but see it becoming more and more relevant, wanting to understand how these google and AWS hacks work basically, and safeguard my career. But your right, I leaned heavily on my experience for CISSP, maybe I wait for some direct contact with cloud, could use some CPEs later anyway to keep the CISSP in check.

Thanks very much for your considered reply