Passed CCSP - Certified Cloud Security Professional

NetworkNewb

From their site , https://www.isc2.org/ccsp-how-to-certify/default.aspx :

Here are the steps to get your CCSP certification from (ISC)²:

1. Obtain the Required Experience

Candidate must have a minimum of five (5) years of cumulative paid full-time information technology experience, of which three (3) years must be in information security and one (1) year in one of the six (6) domains of the CCSP examination. Earning the Cloud Security Alliance’s CCSK certificate can be substituted for one (1) year of experience in one of the six (6) domains of the CCSP examination. Earning (ISC)²’s CISSP credentialcan be substituted for the entire CCSP experience requirement.

NetworkNewb

As the endorsement, I would look at their endorsement page, https://www.isc2.org/endorsement.aspx :

When applying for (ISC)² certification, you must be endorsed by another (ISC)² certified professional in good standing before the credential can be awarded. This requirement applies to all credentials, even if you already hold an (ISC)² certification, as the domains for each credential vary.

Changeling

Thanks NN.

TheFORCE

NetworkNewb wrote: »

As the endorsement, I would look at their endorsement page, https://www.isc2.org/endorsement.aspx :

When applying for (ISC)² certification, you must be endorsed by another (ISC)² certified professional in good standing before the credential can be awarded. This requirement applies to all credentials, even if you already hold an (ISC)² certification, as the domains for each credential vary.

This is not true, not for the CCSP. For the CCSP you do not need to be endorsed by another person if you already hold the CISSP certification. This is actually in the endorsement form.

Changeling

For the avoidance of doubt, I submitted my endorsement form earlier today. No evidence provided and self endorsed. Endorsement accepted by ISC2.

NetworkNewb

Nice, congratz!!

Seab

Any one can compare how difficult is this exam compare to cissp ?

TheFORCE

Seab wrote: »

Any one can compare how difficult is this exam compare to cissp ?

Considering it has half the questions of the CISSP and 2 hours less of time, it cannot be really compared. But, the CCSP is a stand alone test and with that in mind, people that already have a CISSP will find it a little easier than those without one. CSSP is not very technical but as the CISSP it does go over a lot of the necessary cloud technologies, challenges, requirements, laws, regulations, policies etc etc. so you do need to have some background with cloud. Having taken both, CCSP was easier for me at the time i took it.

mog27

Which NIST publications in particular are useful to read for the CCSP?

cyberguypr

Off the top of my head: 800-125, 800-144 through 800-146

steve.taylor

Gents,

I'm thinking of doing this certification next. I have a couple of questions:
1) Has anyone done the (on-demand) online training that isc2 offer? Is it any good?
2) Has anyone done the training that itpro.tv offer? It looks as if it's taught by Adam Gordon, the author of the CCSP CBK (or someone with the same name). Is the training any good?
3) Does anyone know if the second edition of the CCSP CBK is much improved over the first edition?

Broad questions, I know, but I'd appreciate any feedback. I'm currently trying to figure out how I'll study for this certification. For all of my previous ones, I've just read the textbook, and that's been enough. However, I'm thinking of investing a bit more time in this area, since I'd like to become a full-time security architect.

TheFORCE

You have enough experience to pass it with just the ccsp cbk.

mog27

steve.taylor wrote: »

Gents,

I'm think of doing this certification next. I have a couple of questions:
1) Has anyone done the (on-demand) online training that isc2 offer? Is it any good?
2) Has anyone done the training that itpro.tv offer? It looks as if it's taught by Adam Gordon, the author of the CCSP CBK (or someone with the same name). Is the training any good?
3) Does anyone know if the second edition of the CCSP CBK is much improved over the first edition?

Broad questions, I know, but I'd appreciate any feedback. I'm currently trying to figure out how I'll study for this certification. For all of my previous ones, I've just read the textbook, and that's been enough. However, I'm thinking of investing a bit more time in this area, since I'd like to become a full-time security architect.

I am doing the on-demand training now (on the next to last domain - Operations.) I try to watch 4 or 5 videos a week. They give you 120 days access to it and you must complete a practice exam at the end. The training book is in digital format, but I sent it to a printing company to print out the massive amounts of pages and put it into a binder for me (cost roughly $20). I like having the book in my hand rather than on the screen. The training book for the on-demand training seems very similar to the first edition of the CCSP CBK book, without the end of chapter questions. It does have some matching/fill-in-the-blank exercises. The on-demand training and books are all authored by Adam Gordon, so you are just getting his perspective on it. The training seems fairly high level; I wouldn't feel confident taking the exam just by the on-demand training. It also seems repetitive in some areas. I ordered the new 2nd edition CCSP CBK book recently. It seems pretty similar to the first edition, with maybe a few additions just by skimming through it. If you are an ISC2 member, there is a code to get 50% off through Wiley publishing but it's not listed on the ISC2 page. I had to talk to ISC2 and Wiley and after several failed attempts (they gave me discount codes that didn't work), finally got a discount code that worked. Cybrary also has CCSP videos now but haven't watched them yet.

steve.taylor

Thanks for the information, mog27. I've decided that I'll just order the book from Wiley once Wiley Australia have it in stock. I'll see how comfortable I am with the content before I decide if I also need the online training.

zxbane

I just purchased the CCSP from Wiley with a member discount and I selected the electronic option, hoping it would be a PDF... No, it is a ACSM file type and you have to download additional software and create an adobe account to read it. Awful..

mog27

zxbane wrote: »

I just purchased the CCSP from Wiley with a member discount and I selected the electronic option, hoping it would be a PDF... No, it is a ACSM file type and you have to download additional software and create an adobe account to read it. Awful..

Sounds like it is worth just getting the hardcover book.

steve.taylor

If Wiley Australia ever had it in stock...

JoJoCal19

steve.taylor wrote: »

If Wiley Australia ever had it in stock...

Order it from Amazon US. I've ordered stuff from Amazon UK before when I couldn't find it readily available in the US.

Rebootny

I am planning on trying the CCSP soon, I am already a CISSP.

Would studying for the CSA guide be enough?

Which NIST publications do I specifically need to overview?

Hougno

Folks: Thank you so much for your support. I was very much encouraged by Force postings, and I decided to give it a try. I study on average for 4 hours a day for 2 months, and read pretty much all related NIST's publications on Cloud Computing and Security controls. I supplemented my readings with ENISA and CSA. I also read once, the older version of Adam Gordon book on the subject. I found the book being water down and bit repetitive of the documents i mentioned above.
My reaction from the exam: The examination was not too difficult but, the semantic was bit off not to the point; therefore you need to be patient and mindful while taking the exam. Overall, the exam was not challenging at all. But, the exam taker must be familiar with Secure SDLC and all the web attack vectors.
Good luck!

abhiku

Hougno wrote: »

Folks: Thank you so much for your support. I was very much encouraged by Force postings, and I decided to give it a try. I study on average for 4 hours a day for 2 months, and read pretty much all related NIST's publications on Cloud Computing and Security controls. I supplemented my readings with ENISA and CSA. I also read once, the older version of Adam Gordon book on the subject. I found the book being water down and bit repetitive of the documents i mentioned above.
My reaction from the exam: The examination was not too difficult but, the semantic was bit off not to the point; therefore you need to be patient and mindful while taking the exam. Overall, the exam was not challenging at all. But, the exam taker must be familiar with Secure SDLC and all the web attack vectors.
Good luck!

I agreed with Hougno. I passed the exam on Saturday morning and didn't find it that difficult. I took under a minute for each question and was fully done in about 90 minutes. I did change the answers on about 6-7 qns on review. I pasted the pics of my study files in other thread. These are pretty much CSA, ENISA, ISO, NIST and other cloud sec publications.

Good luck!

Hougno

Submitted my endorsement form in the morning, Self-endorsement (pretty) left the endorsement portion of the application blank, got my acceptance letter after i got back from lunch (hoo hoo hoo). like my boy used to say Super fast Daddy!
Passed CISSP and CCSP in 9 months time.

mog27

Has anyone taken the Cybrary.it CCSP class? Did it help on the test?

Rebootny

mog27 wrote: »

Has anyone taken the Cybrary.it CCSP class? Did it help on the test?

I would be interested in the answer as well, but from what I see from the videos I don’t believe it would be sufficient to cover the exam. There is a lot more material and concepts to be studied. I think the videos would help to summarize and watch right before going in for the exam.

Hougno

It was helpful, but not useful

ItsmHarun

Congrats!

beads

The course looks like its useful in that it provides 40 CPEs which can be priceless for those who put off registering there CPEs toward the end of the cycle. Not to mention those 40 CPEs are virtually audit proof now aren't they?

Other than that I would consider this course to be much like anything else ISC(2) publishes.

- b/eads

Ccsp wannabe

Does one get to know if they have passed or failed right away? I did not any decision at the Pearson vue center, so was wondering when is the result communicated. I gave the test in US.

TheFORCE

You get the results right away and then receive an email with the confirmation that your results are correct and that you have passed 100%.

Hougno

According to ISC2, The following counts reflect the number of members per credential as of July 1, 2016
[h=2]CISSP[/h]

United States
70842


[h=2]CCSP[/h]

United States
517