I passed the CCSP exam today. Here is my experience to help others
Background - I have some experience working with various cloud providers and virtualization technologies. I do not have a CISSP or have not taken the CSA exam. I chose to do the CCSP since it was more relevant to my work (and I know I cannot sit for 6 hours to take CISSP).
I passed in my second attempt. I took the CCSP training class offered by ISC2 and it was an utter waste of time. The instructor was knowledgeable however he spent hours on irrelevant topics - such as calculating the cost of AWS EC2 instances in various regions..etc. I ended up sitting at home and studying rather than wasting time in the class. The class supplied me with CBK training guide, the flash cards and a question bank (which I found totally useless since the questions are framed without any thought and are incorrect). I got pressured into taking the exam the first time since most of my class mates took the exam on the Saturday after the class and passed. Most of them had a CISSP and/or passed the CSA certification. I took the exam a week after the class and I failed - I got 679.
I took the second attempt today after studying seriously for a month. Here is what I did - I studied the CBK book twice. I took the preparation exam (which are preparation questions by ISC2) a couple of times to check my own knowledge. I tried the CCCURE one day package. Most of the questions in the exam plays on subtle differences which one might skip or not pay attention to. Its easy to narrow down 2 incorrect answers out of the 4. However it is very hard to choose the correct answer out of the remaining 2. Pls note almost all questions are worded as - Choose BEST suited, BEST possible, LEAST likely, LEAST effective choice. So unless you know the subtleties in the topics that are in the CBK, you would not be able to pass.
Summarizing - though the CBK is extremely dry and has inaccuracies, it is the single source of knowledge for the exam. I studied the CBK twice and still felt I did not thoroughly study it. A lot of ppl in the forum suggest the CSA guide or ENISA document or the Jericho model but in both my attempts I did not see any questions that were out of the CBK and covered by the other documents. IMHO if you study the CBK thoroughly and use the preparation exam questions (which mirror actual questions on the test) you should be able to pass the exam. Hope that helps and Good Luck!!
This is how the CISSP exam was in 2000. They had JUST come out with 2 study guides and none of the questions really seem to be easy to understand or answer.
I took the CISSP again in 2016 and it was very well written with distinctive answers and a lot of the same BEST/WORST/MOST/LEAST experience=based questions.
More guides will be coming for the CCSP and here is the chance for you to write one and capitalize. 🙂
Thank you for sharing your experience, I am struggling to finish with the book. Currently at chapter 13 from Darrel book, I may have to dedicate one month and just get it done. My problem is that this is first cert I didn't schedule and then study to make the deadline.
Just a thought, did you pass in 2000 and then re-take it in 2016 to update your skills? Or to challenge yourself.
I wondered, given that I found that the concentrations, really require to go back to basics and re-examine your original learning and experience.
Thank you for posting your experience. I am studying for this certification as well and have my CISSP. I've downloaded the whitepaper from Cloud Security Alliance which is good reading and also using the ISC2 study guide from Sybex.
Thanks for the info. I was considering a bootcamp style course but have had similar experiences to yours in the past when preparing for the CISSP.
I will definitely take the time to focus on the "basics"!
Thanks for the details of your experience. I took an (ISC)2 class last summer and had a similar experience. The instructor was a nice guy, very knowledgeable, but the format of the class, as established by (ISC)2 I found to be less than helpful. I hold the CISSP and have been working working full-time, struggling to find the needed time to really "fill-in the blanks" I think I may take off a month as well, even though I am an active CISO and working on Cloud Projects. I encourage our colleagues to continue expressing your concerns about the ROI for the training offered --> as an aside, I think 120 days access to the online course materials just isn't adequate - people have professional, family, volunteer and perhaps even academic commitments to arbitrarily limit to 120 days, IMHO is just plain insensitive. I believe 180 days would be more realistic, and frankly, don't believe it will cost (ISC)2 anything to offer it.