Passed CCSK

ottucsak

After studying for about a week, I passed the CCSK exam yesterday. This was my first cert which had governance, risk management, legal and other non-technical stuff in it, so I was a bit worried. The study materials consisted of a bunch of documents that you needed to read and understand. The main study material, CSA Security Guidance was easy to read, but very repetitive and sometimes odd. CSA CCM is just a bunch of controls in a spreadsheet and I found the ENISA boring as well.About the exam: $395, you have two tries, open book and if you look hard almost all the answers are in the materials. 60 questions for 90 minutes, 80% or above gets a pass. For most questions the answers were straightforward, but for some I had rely on the book to understand what they meant and a few questions were really badly worded or didn't make sense, so I could only guess the right answer. Because of the problematic questions, I felt that the exam was somewhat harder than I expected and felt that I could easily fail on stupid things, so after I answered everything and I double checked some of the questions.The exam is graded immediately, I got 88% with some errors in cloud concepts, business continuity, virtualization and application security. I felt like I learned a lot, but whether it's worth it will depend on how the job market recognizes the cert, as the materials itself were free.

Info_Sec_Wannabe

Great job on the pass!

Haven't decided yet on whether to pursue CCSK or CCSP as my employer is slowly moving into the cloud...

ottucsak

Thanks! To be honest I went with the cheap and easy way. Version upgrades have been free, no need to collect CPE, don't have to pay renewal/membership fees, plus I don't really like ISC^2.

Mike7

I agree on the free upgrades and lack of membership/renewal fees. CCSK is from CSA while CCSP was created by both ISC^2 and CSA, and is being positioned as a sort of CCSK++. The fact that ISC^2 issues CISSP means that CCSP is more recognised and is (at least around my area) more recognised and in demand.

My anecdotal observations suggest CCSP is more difficult to pass than CCSK. Given the amount of overlap with CISSP , go for CCSP after passing CISSP and having acquired some experience with cloud deployments. That is if you are keen.


See https://blog.cloudsecurityalliance.org/2018/04/24/ccsk-vs-ccsp-an-unbiased-comparison/ for another view.

ecuison

Congrats. I just passed the CCSP today and I hated studying for it. That test was ******* hard (pardon my languate)! I'll take a stab at the CCSK.

SteveLavoie

Well ISC2 and CSA developped both exam together. CCSK as the introduction then CCSP as the "master" level certification.

So if you did write CSSP, there is no value to get CCSK unless you are a certification junkie.

ecuison

Well, I figured that since there are no AMF fees and it's a GFL cert plus still having the knowledge in my head, it wouldn't hurt. But yes, I am very aware who created the CCSP certification exam.