My CCSP experience and comments
I took and passed the CCSP exam this morning. This is my second (ISC)2 exam after CISSP and CSSLP.
My main study guide is the CCSP All-In-One with the CCSP CBK as supplementary reading, with a brief read-up on CSA Guide v3.
The AIO was published in Nov 2016; I bought the eBook from Google Play Store in Jan and started studying in Feb. I had experience with AWS, web programming with REST/SOAP and SAML, and had interfaced with customers while working in a PaaS vendor environment. Which means that I only have to focus more on about 3/4 out of the 6 CCSP domains, i.e. architectural concepts, data security and legal/compliance.
Comments? The CCSP exam is "most appropriate for those whose day-to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services." (taken from ISC2 CCSP site). In short, what are the new security considerations when moving out to the cloud or using cloud services? What are the new risks from cloud computing? These security considerations can be technical, policy compliance and even jurisdiction. Cloud computing has advantages. At the same time, organisations lose some control when moving to cloud. What control do they lose? What are the options available to address these new cloud-related risks? Who is responsible for what aspects of security? Cloud provider or cloud customer? How does an organisation ensure their data in the cloud is secure? The location of cloud provider DC is important from a legal, privacy and compliance perspective. How does one ensure compliance with different laws?
Hope this helps those interested in the exam.
My main study guide is the CCSP All-In-One with the CCSP CBK as supplementary reading, with a brief read-up on CSA Guide v3.
The AIO was published in Nov 2016; I bought the eBook from Google Play Store in Jan and started studying in Feb. I had experience with AWS, web programming with REST/SOAP and SAML, and had interfaced with customers while working in a PaaS vendor environment. Which means that I only have to focus more on about 3/4 out of the 6 CCSP domains, i.e. architectural concepts, data security and legal/compliance.
Comments? The CCSP exam is "most appropriate for those whose day-to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services." (taken from ISC2 CCSP site). In short, what are the new security considerations when moving out to the cloud or using cloud services? What are the new risks from cloud computing? These security considerations can be technical, policy compliance and even jurisdiction. Cloud computing has advantages. At the same time, organisations lose some control when moving to cloud. What control do they lose? What are the options available to address these new cloud-related risks? Who is responsible for what aspects of security? Cloud provider or cloud customer? How does an organisation ensure their data in the cloud is secure? The location of cloud provider DC is important from a legal, privacy and compliance perspective. How does one ensure compliance with different laws?
Hope this helps those interested in the exam.
Comments
-
scasc
Member Posts: 465 ■■■■■■■□□□
Nicely done - do you think the AIO book is enough to pass?AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia... -
Mike7
Member Posts: 1,107 ■■■■□□□□□□
The AIO is easier to read than CCSP CBK and serves as a good starting point. If you have the cloud experience, and read up on the weak areas, I believe it is possible.Nicely done - do you think the AIO book is enough to pass? -
scasc
Member Posts: 465 ■■■■■■■□□□
Many thanks for the response. I will check out the AIO guide and perhaps supplement this with the other docs like CSA/ENISA/NIST to ensure all bases are covered. But will mainly focus on the AIO guide and dip into the others as I need to get the cert for work purposes and don't have much time to go through so many things.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
-
Mike7
Member Posts: 1,107 ■■■■□□□□□□
You're welcomed. All the best and hope to see your "pass CCSP" post soon.
-
scoobydoes
Member Posts: 25 ■□□□□□□□□□
Congratulations! I have this exam on the back burner for now, but appreciate the information on it.
-
scasc
Member Posts: 465 ■■■■■■■□□□
Many thanks my friend. Will def do a post when I can as I have a few other things going on at the moment - but will get there. AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
-
Mike7
Member Posts: 1,107 ■■■■□□□□□□
Congrats on passing the exam!
@djcarter,
From djcarter's profileCertifications:CISSP, CCSP, CISM, CISA
Location:Maryland
And your posts are all CCSP related.
From CCSP All-In-One bookBiography
Daniel Carter was born Ohio, and has lived Missouri, New Jersey, Connecticut, and now Maryland for over 20 years. He has worked in the IT and Security fields for over 20 years, and holds a degree in Criminology from the University of Maryland, and a Masters degree in Technology and Security Management from the University of Maryland, University College. Daniel currently holds the CISSP, CCSP, CISM, and CISA certifications
One and the same?
If yes, thank you! Your book helped me pass the exam!
-
djcarter
Member Posts: 44 ■■□□□□□□□□
Maybe yes, one in the same!
I am so glad to hear that it helped you pass, and congrats! -
boy123i
Registered Users Posts: 2 ■□□□□□□□□□
hey mike
how are u doing mate?
i need to speak to asap its very important
can u plz add me on skype of fb
skype : heart.specialist2
fb: https://www.facebook.com/PentesterHanan
its about ecsav9 -
boy123i
Registered Users Posts: 2 ■□□□□□□□□□
Cool!
hey mike
how are u doing mate?
i need to speak to asap its very important
can u plz add me on skype of fb
skype : heart.specialist2
fb: https://www.facebook.com/PentesterHanan
its about ecsav9 -
Mike7
Member Posts: 1,107 ■■■■□□□□□□
hey mikehow are u doing mate?i need to speak to asap its very importantcan u plz add me on skype of fbskype : heart.specialist2fb: https://www.facebook.com/PentesterHananits about ecsav9
Hello! You can post your questions to the EC Council section. A number of TE members have taken and passed ECSAv9 exam and are willing to assist. I already did a mini review at http://www.techexams.net/forums/ec-council-ceh-chfi/123986-ecsa-review.html
Please do not ask about exam questions, brain **** or how to do the hacking challenges. Thank you!
