Passed CCSP - May 18th 2021
If you’re reading this write-up then you’re in the path of becoming a CCSP or at least express interest in cloud security. Here’s my journey into the CCSP exam. Back in 2017-2018, I had attempted to write the CCSP certification, I had just came off writing the CISSP and CISM back to back and I felt pretty burnt out. Ultimately I did not pass my first attempt when doing the CCSP however that did not deter me from attempting to take the exam a second time. At the time, I’d thought I could probably clear the exam having less cloud experience than I did and cleared the CISSP although this was not the case. People advised and still to this date that the CCSP is in some respects difficult than the CISSP if you don’t have the relatable knowledge/experience.
The first attempt I had used the AIO/OSG/CCSP CBK and their
respective practice exams. I chalk up the first attempt due to not having
enough of the security managerial mindset + experience in the context of cloud (this
This time I had more support from my work experience being in an architectural role and dealing with the many facets of cloud security from Microsoft’s public cloud offering and O365 services. Leveraging Certification Station and hearing other people’s CCSP journey stories aided as well. Here are some of the study guides and questions that I’ve used during the 2nd time studying:
- CSA Guide 4.0 – I didn’t use this much but referred to this as a reference guide. During my original studies, I had read through this cover to cover
- Cirrus 8000k Guide – I’ve went through this document from top to bottom; great summary guide
- Quietstorms950’s CCSP Master Study guide V2 – Solid notes and summary guide leading up to the exam date
- CCSP OSG Ben Malisow: Content was easy to follow and easy to understand
- CCSP for Dummies: Provides a different and fresh perspective to some of the topics and presentation for CCSP material
- Prabh Nair’s CCSP Videos – Played content on 1.25x. He does mention several areas to focus on i.e. federation, SDN, etc.
- Certification Station – Just being in the channel helps! You learn a lot from other test takers.
My mentality here was to do as many question as possible just like how people end up saying that they did several thousand questions when it came to the CISSP exam. I had followed the same approach. I tried to consume as many questions as I did
- OSG Study Questions – Great for solidifying knowledge (a lot of volume of questions)
- AIO Study questions – Great for solidifying knowledge
- CCCure – Not many but I’ll take what I can get; the questions here are not bad but I thought there was more value in the original CISSP question banks since the exam bank has a lot more questions
- Kaplan/CyberVista; The questions here were more difficult compared to the question banks, this made you think like a security manager when dealing with cloud services
- CCSP Cloud App Mobile (Android)– The one with the blue lock – I did this whenever I had a chance, lunch break too!
- Destination Certification – Rob Witcher’s CCSP flash cards, if you like flashcards, the terms are on point and accurate.
- PocketPrep/IT & Security – Another question bank although I think they got a handful of their questions from the AIO book (you might see some redundancy here)
Writing The Exam,
Without going into too much detail, I found myself that the questions were very nuanced in a way that they could take a fairly simple concept and make you think that you didn't know the answer to that very term. I found myself deducing a lot of the questions down to a 50/50 chance and then leveraging whatever experience and rationale I had behind the question. There is no "back" button that they had in previous exams so be careful if you're depending on using the back button to answer the questions later on. I finished the exam within 2.5 hrs which I would say is accurate timing for me considering that was the pace I was going at when doing the other question exam bank. Luckily for me at the test centre, I was the only one there for pretty much the entire exam (I wrote the exam at 9 am) but in the end, it was worth it. Tidbit: Really read the question inside and out, take the time to understand the context that they're asking and which side they're asking from -- Cloud Consumer or Cloud Service Provider as that almost tricked me a few times.
If this post continues to inspire you or you’re planning on taking the CCSP certification, good luck on your journey.