By Rehan Bashir GISPP Member.
I recently passed my Certified Cloud Security Professional (CCSP) exam. Since I took the exam, I have been asked by many aspiring exam candidates to share my study and exam experience. Before I write about it, I would like to briefly mention the requirements for this exam.
As per (ISC)2 – “To qualify for the CCSP, candidates must pass the exam and have at least five years of cumulative, paid work experience in information technology, of which three years must be in information security, and one year in one or more of the six domains of the (ISC)2CCSP Common Body of Knowledge (CBK®).”
The CCSP exam evaluates expertise across six security domains. (Think of domains as topics you need to master based on your professional experience and education.) Passing the exam proves you have the knowledge and technical skills to effectively design, manage and secure data, applications and infrastructure in the cloud using best practices, policies, and procedures.
Reference: (ISC)² – Ultimate Guide CCSP – 2018
The CCSP exam has 125 questions, the amount of time allowed for taking the certification exam is 3 hrs. and you will need a score of 700 out of 1,000 to pass the exam. The official certification exam outline can be downloaded from the (ISC)2 website. I highly recommend going through this document to understand topics in each of the six domains.
I initially started to study for the certification exam in May of 2020 with an online study group. I consistently attended the weekly sessions for about 3-5 weeks covering only a couple of chapters. Between professional and personal commitments, I was unable to continue with group study sessions and also did not do any reading until January of 2021. I rejoined the study group and to my pleasant surprise, the group was still active on and off during last year and had made some progress in their own efforts yet not very consistently.
After I rejoined the study group, we collectively formulated a study plan and decided to spend two hours daily at the end of the day via Zoom. There are quite a few books and resources available in the market to help study for the exam. A list of official CCSP study resources can be found on the (ISC)2 website. As a group, we decided to go through the Official (ISC)² CCSP Study Guide, Second Edition by Ben Malisow. We read the book cover to cover and discussed various topics as we went along. Having members with varying levels of information security experience in multiple domains was really helpful as a part of the collective effort.
Once we went through the study guide completely, we picked up Official (ISC)² CCSP Practice Tests, 2nd Edition and reviewed questions for each domain. This exercise helped us in identifying areas that required more of our attention.
There are a few general points that I want to highlight:
- As I mentioned earlier, there are a number of resources available to study ranging from books, study groups, and online videos such as YouTube and LinkedIn. Collectively these resources provide a tremendous benefit. Pick what works for you.
- Based on what fits your study style, pick one resource as primary (book, video, or group session), and use the rest of the resources as complementary to better your understanding of various subject topics.
- I loosely incorporate Feynman Technique in my learning. Treated each CCSP domain as a topic, I spent more time studying areas in which I was not proficient.
- During exams, it is very important to read questions carefully. Do not rush to answer any question without knowing the spirit of the question. I saw questions in the exam where I found myself clueless but to the best of my ability, I answered them.
Below I am sharing some of the study material that I found very helpful:
- CIRRUS 8000 ft. view of CCSP exam by Prashant Mohan
- CCSP review videos on YouTubeby Prabh Nair
- Summary slidesby Linux Academy
- CCSP training videos on LinkedIn by Mike Chapple
I hope everyone finds this little write-up helpful in their journey to become CCSP.
For the past few months, I have been doing free online review sessions for CCSP in collaboration with the GISPP Platform. These video sessions are freely available on GISPP Website as well as the GISPP YouTube channel for anyone to watch.
I hope everyone finds them useful in their journey to become cloud security professionals.