CCSP Study Tips

Hello Everyone,

Tomorrow I will take the ISC2 CCSP exam. I was going to take this last year, but other priorities came up.

I will post my results tomorrow immediately after I take it...about 12pm to 2pm MST.

So, what did I do to prepare to study for this exam?
Before I answer that, let me give you some background. I have taken and passed the CISSP and CAP exams. After I passed the CAP exam, I was able to get in on the ISC2 CAP Exam writing down in Florida, which I would recommend anyone regardless of experience, to volunteer for. Everything is covered (paid for trip, food, and lodging) by ISC2.

So why do I mention that? Because every exam question that is written for an ISC2 exam must be able to be referenced within the CBK manual for that exam. The CCSP exam has a CBK...you get the picture?

Now, that doesn't mean that an exam question could be generated word for word from the CBK, just that the question and its answer must fall within the meaning and concept of the information within the CBK. in addition, each question is vetted by other classes and even then those questions may or may not be reworded to make them more clear.

That is when knowledge and experience come into play.

So, again what did I do to prepare myself for this exam?

Not much. I have been working with NIST RMF for the past two years...regardless of if it was on-premise, hybrid, or cloud. I have been in DoD IT security for the past 22 and have experience in DITSCAP, DIACAP, and RMF.

I did buy the CCSP official study guide and was glancing through some of the topics just to read them real quick when I had 10-15 minutes here and there...and quite frankly, the majority of what I was reading was already in the CISSP CBK.

I also listened to Kelly Handerhan's Cybrary.IT course while driving around. Her course is definitely something that I felt was worthwhile as she gives examples and sometimes humor.

One last point I would like to make is that I do not take exams because I have to. I take them as a challenge to test my knowledge, skills, and abilities.

I go in with no expectation of passing, in fact I already accept the fact that I will fail tomorrow. $600 isn't cheap, and I am not rich, but in this way the only one I can blame for failure is myself and let me tell you, that takes about 90% of the pressure off of my shoulders.

I am writing this ahead of time, because I know there are other individuals like me who have tons of IT/Security/Cloud experience, but are not sure if they are ready. Hopefully, this will provide those with better expectations if they are considering taking the exam with minimal study and loads of experience.

Joseph

Find more posts tagged with

Comments

DZA_

Good luck on your exam Joseph! Let us know how it goes. I've put my CCSP exam studies on hold due to the recent work engagements that I've been put on but hopefully will return to study during the Christmas downtime / early new year.

Cheers,

cledford3

Good luck and I second you advice on the exam writing workshops. I'm attending my first (for HCISPP) next week. Everything has been taken care of by ISC2 - all I had to do was respond to some emails about what date/time/airport I wanted to fly out of. I was invited based on my HCISPP credential and my Director also attended after achieving that cert. I've been studying on-again/off-again for the CISSP for over 3 years. I also have 20 years paid experience in IT security. I have no excuse for why I haven't taken the exam, other than studying is like mowing the grass with an undersized mower, but the time you finish, you need to start over! Anyhow, hoping the HCISPP exam workshop jump starts my final 90 push to get CISSP done. Just finished hanging up signs all around house identifying the date in early 2019 I've picked.

josephbutler

Hello everyone, I took the exam earlier today and did not pass. Bummer.

So the exam was just like the CISSP and CAP exams I had taken...very general/generic questions that went from one side of the universe to the other.

Out of the 6 domains tested, I received Above Proficiency on 3.

I will say that I will never attempt this exam again, and if someone were to ask me if it is worth taking, I will say no.

Congrats to those that have taken it and passed, but from my point of view, the exam does nothing to solidify anyone with cloud experience.

If you have the CISSP, then this exam is unnecessary.

Don't get me wrong, I did not study so failing was expected.

One problem I had with this particular exam was the very poor grammar that was presented. It is bad enough that the sitter has to have a very broad knowledge of cloud computing to begin with, but if they are unable to discern the point that is being made due to incorrect emphasis, or bloated concepts, then that is not a well written test.

I ran into the same thing during the CAP Writing Workshop. I think I had spent almost the entire review sessions correcting the grammer and sentence structure of the other attendees' questions as well as those submitted from previous working groups. Doing so resulted in many of the questions being rejected and put in the queue for the next working group to tackle.

I believe that time would be better spent by going for either the AWS or Azure certification routes.

cyberguypr

josephbutler wrote: »

...entire review sessions correcting the grammer...

Was that on purpose? Hilarious either way.

scasc

josephbutler wrote: »

Hello everyone, I took the exam earlier today and did not pass. Bummer.

So the exam was just like the CISSP and CAP exams I had taken...very general/generic questions that went from one side of the universe to the other.

Out of the 6 domains tested, I received Above Proficiency on 3.

I will say that I will never attempt this exam again, and if someone were to ask me if it is worth taking, I will say no.

Congrats to those that have taken it and passed, but from my point of view, the exam does nothing to solidify anyone with cloud experience.

If you have the CISSP, then this exam is unnecessary.

Don't get me wrong, I did not study so failing was expected.

One problem I had with this particular exam was the very poor grammar that was presented. It is bad enough that the sitter has to have a very broad knowledge of cloud computing to begin with, but if they are unable to discern the point that is being made due to incorrect emphasis, or bloated concepts, then that is not a well written test.

I ran into the same thing during the CAP Writing Workshop. I think I had spent almost the entire review sessions correcting the grammer and sentence structure of the other attendees' questions as well as those submitted from previous working groups. Doing so resulted in many of the questions being rejected and put in the queue for the next working group to tackle.

I believe that time would be better spent by going for either the AWS or Azure certification routes.

Sorry to hear that. One of the biggest reasons I have refrained from doing the CCSP is exactly that. I have seen CCSP guys who know nothing about practical AWS/AZURE design/deployment/controls etc (or indeed Cloud!) so I also believe you are better off doing those vendor certs.

josephbutler

cyberguypr wrote: »

Was that on purpose? Hilarious either way.

You caught that did you?

cyberguypr

To the grammar point, I fought the same issue exam development workshops with GIAC, ISC2, and CompTIA. I'm not an English major but man, some people just don't belong as exam item writers. I just finished an engagement developing an exam and I estimate that 40% of my time was spent pointing out and correcting bad writing. At some point the group gets tired of fighting and just approves blindly. That helps no one.