Just Passed my CCSK + other observations...
TheGrind CCSK, SABSA, PSM, TOGAF, Security+, AWS CCPPosts: 1Member ■■□□□□□□□□
edited December 2018 in Other Security Certifications
I'm a long time lurker, first time poster. These forums have been absolutely fantastic in helping me choose which certs to pursue plus how to complete them.
Anyway, I just passed my CCSK v4 exam and have to say it was much harder than expected. I found CCSK on this forum isn't discussed as much as other more popular certs so I decided to write with regards to a few observations about the cert plus tips on how I completed it.
Firstly, my background is Cybersecurity management. I work in consultancy where I advise large enterprises on how to improve their security posture. My clients are usually the CEO, CIO and CISOs. Given everything is cloud these days I somewhat realized that CCSK was an absolute must. For a senior manager, CCSK provides a lot of weight in terms of credentials and helps participate in conversations with Executives and other senior managers.
In terms of the exam itself, as I said before, it was way harder than I expected - even with my background in cloud. The exam consists of 60 multiple choice questions and you have 90 minutes to complete it.
The exam is open book but no matter what resources you have at your fingertips this won't really help you. This is not an exam you can 'c heat' on because 1) you just don't have time to look up the answers and 2) the questions of the exam itself are worded in such a way that you won't find the answers in the materials anyway.
Cloud Security Alliance did a great job of ensuring that the questions require the candidate to really think through each potential answer. Without giving away too much, I found many of the questions reasonably lengthy with each potential answer also requiring a lot of thought. For myself personally, I found about half the questions were relatively straight forward to answer but the other half had my brain running in overdrive.
At the end of the exam you're directed to a screen which tells you if you've passed or failed. You're also told which were your strongest domains and which were your weakest. If you finish the exam early, I high recommend reviewing all your answers using the guide if you have time. I did this for several questions and in my view I believe it was the difference between a pass or fail.
In terms of how I studied, I read through the CCSK guide multiple times, including the ENISA guide. However, I also read through a lot of material that is recommended for CCSP training as well. This included the videos on Cybrary and the CCSP Official Study Guide by O'Hara and Malisow. I also found several CCSK practice exams on Udemy and in my opinion these were the closest to the real thing. There are also flashcards on Quizlet people have posted for this exam and while they're very helpful they won't give you the answers for the exam. That being said, if you can memorize all the terms and definitions provided in these flashcards you'll naturally have a huge advantage. My final point is I don't think the CCSK study guide alone is enough to pass. Others may disagree but I found the CCSP resources being able to provide alternative narratives on what was provided in the CCSK material.
In terms of difficulty, I found the questions on software security and virtualization to be the hardest. But that's just me. Others may find these easier but the questions on these topics listed answers that could easily be debated or argued. At the end of the day there is only one correct answer but when the clock was ticking I found myself panicking somewhat.
Finally, a lot of people on this forum have asked whether they should do CCSK or CCSP. As someone who has been in the industry for a long time my answer is you should aim to do both. I'm now preparing for my CCSP exam and I don't believe it's a question of doing one cert over the other. You're not going to waste your time and if it's about cost then ask your employer to cover the exam or claim the exam cost back on tax like I do. I've followed the advice of several people and started with CCSK before moving to CCSP. The reason is because CCSK can be completed with about four weeks of study but CCSP is a longer journey to prepare for as there is more material to cover. Lastly, as an employer of security professionals myself, if a candidate had either certs I would be interested in interviewing them regardless. Both certs demonstrate a deep knowledge in the field of cloud security so in my opinion one cert is not going to advantage you over the other.
Anyway, hope this helps. Happy to answer any questions also.