After studying for about a week, I passed the CCSK exam yesterday. This was my first cert which had governance, risk management, legal and other non-technical stuff in it, so I was a bit worried. The study materials consisted of a bunch of documents that you needed to read and understand. The main study material, CSA Security Guidance was easy to read, but very repetitive and sometimes odd. CSA CCM is just a bunch of controls in a spreadsheet and I found the ENISA boring as well.About the exam: $395, you have two tries, open book and if you look hard almost all the answers are in the materials. 60 questions for 90 minutes, 80% or above gets a pass. For most questions the answers were straightforward, but for some I had rely on the book to understand what they meant and a few questions were really badly worded or didn't make sense, so I could only guess the right answer. Because of the problematic questions, I felt that the exam was somewhat harder than I expected and felt that I could easily fail on stupid things, so after I answered everything and I double checked some of the questions.The exam is graded immediately, I got 88% with some errors in cloud concepts, business continuity, virtualization and application security. I felt like I learned a lot, but whether it's worth it will depend on how the job market recognizes the cert, as the materials itself were free.