Certificate of Cloud Security (CCSK) Review

The Certificate of Cloud Security (CCSK) is an exam focusing on cloud computing and security. The exam is administrated by the Cloud Security Alliance. I have not seen a great deal mentioned about this certification but I decided about a month ago I would study for it.

What I liked is that you do not need to buy any studying material the exam is based on two documents the CSA Guidance and the ENISA: Report both these documents are free to download from the CSA website and that's all you need!

The exam itself is open book and done on-line from anywhere the cost is $345 (£212) and is 90 minutes long with 60 questions to answer during the exam you can mark answers that your not sure about and go back to any question in the exam. There is a timer at the top of the page telling you time left and how many questions you have answered. You also get two attempts at the exam if needed. The pass mark is 80% which I think is quite high. 92% of the questions are from the CSA guidance document with the remaining 8% from the ENISA document.

To prepare for the exam I simply read both the documents a few times the exam itself was not as difficult as I expected as I had read that the pass rate including both attempts was only around 55% some of the questions you could simply cut and paste sections of the question and search within the pdf study guides for the answers but the majority that was not the case and due to the time constraints if you did not know the answers the guides would not help you.

Overall I would recommend this exam to anyone that is interested in cloud computing it contains some useful material and although I am not a big fan of on-line exams as anyone could sit the exam etc. I think for the cost and with a lack of cloud computing certifications aimed at the security field this is a reasonable certification to purse. It is worth noting that the cloud security alliance has teamed up with ISC2 and are working on releasing a new cloud security certification this year this will gain more coverage due to the ISC2 involvement and is worth keeping an eye out for as well.

Comments

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Thanks for the review. I hear very little about the CCSK so it's great to hear from someone who has gone through the process.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    Did you actually take the exam and pass?
  • MSP-ITMSP-IT Member Posts: 752 ■■■□□□□□□□
    I think cloud security would be a great role. It'll be interesting to see what they and (ISC)2 will be able to come up with.
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    The (ISC)2 is looking for Cloud SMEs now to create their new Cloud cert.
  • rob1234rob1234 Banned Posts: 151
    JDMurray wrote: »
    Did you actually take the exam and pass?

    Yep password with 92%
  • GoodBishopGoodBishop Member Posts: 359 ■■■■□□□□□□
    I'm tempted to wait until ISC2 comes out with their cloud cert (merging with CCSK), before I go for it.
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Does anyone think existing certholders will be grandfathered into the new one?
    Working on: staying alive and staying employed
  • certmonkcertmonk Registered Users Posts: 4 ■□□□□□□□□□
    icon_thumright.gif Passed the exam in my first attempt.
    General impression:
    Easier than I anticipated, candidates with some background in Cloud security can handle this if they gain sufficient familiarity with the guides provided.

    Preparation for the exam
    Resources used:
    Primary: CCSK Guide V3.0, ENISA security & risk assessment guide, NIST 800-145
    Additional: NIST Cloud Security Reference Architecture, NIST SP 500-292

    Preparation approach:
    I have a background in reviewing SaaS from a security perspective for the past 2+ years. Studied the primary resources once thoroughly over a month before the exam, created a mind map of relevant facts (glad to share the mind map if anyone is interested - send an email to <nathantsuri>AT<gmail>DOT<com>), reviewed recommendations and requirements sections for each domain the week before the exam.

    Exam Logistics:
    60 Qs in 90 min; gave me sufficient time to study each question, review answer choices, pick the closest one and in some cases search through the documents for confirmation when in doubt.

    Good luck aspiring CCSK candidates!
    Nathan Suri
  • certmonkcertmonk Registered Users Posts: 4 ■□□□□□□□□□
    @JDMurray, do you know how one can volunteer/participate/contribute to the ISC2 cloud certification creation. I have been working in Cloud security space for the past 2-3 years, now have CCSK certification, I have participated in CSSLP item development in the past.
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    I would suggest contacting the (ISC)2 people you worked with for the CSSLP cert and ask about their upcoming Cloud cert.
  • fuz1onfuz1on Member Posts: 961 ■■■■□□□□□□
    Congrats. I'm really interested in this cert but didn't know what to expect in difficulty vs. an exam like Cloud+. Plus, I know Symantec's cert is the CCSK + their proprietary exam now and that's always nice to be 50% of the way there to another cert.
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • GoodBishopGoodBishop Member Posts: 359 ■■■■□□□□□□
    I'd be interested in your mind map, certmonk, I'll see if I can send you a PM.
  • bburrell804bburrell804 Registered Users Posts: 1 ■□□□□□□□□□
    Hello Sir,

    I am interested in your mind map for the CCSK exam. I am gearing up my second attempt, so you can assist me with providing your map would be a great help.
  • GoodBishopGoodBishop Member Posts: 359 ■■■■□□□□□□
    Pleased to note that I passed the CCSK v3.0 as of 12/30. Bam.
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    GoodBishop,

    Congrats on the pass !!!
    What did you use for study material... the newer documentation from CCSK?
  • GoodBishopGoodBishop Member Posts: 359 ■■■■□□□□□□
    Yep, just the two documents that were listed that you need to study. I didn't buy any books or anything from Amazon.

    I did however went through each document, and took the corresponding domains, and essentially cut and paste the answer to the domain in a document. As I was doing that, it was essentially like a review, so when I took the test, it was fairly easy.
Sign In or Register to comment.