Menu Home

CCSP Exam Thoughts

By on ( Leave a comment )

I took the Certified Cloud Security Professional (CCSP) exam from ISC2 a while back and wanted to share a few thoughts.  As you may be aware, both the CISSP and CCSP exams are managed by the same organization: ISC2.  After getting my CISSP in June of 2022, I started looking for another certification to tackle over the winter.  At that time, I had some AWS certifications that were expiring, and I was annoyed that AWS didn’t provide any way to maintain them other than to just re-take the same exam again.  I can see re-taking an exam when there are significant changes, but there is no value in just taking the exact same test over and over again.  This lead me to think about certifications that have reasonable maintenance requirements, such as via continuing education.

CISSP and CCSP allow you to maintain your certification by completing qualifying continuing education.  This made the decision to go with CCSP an easy one, because I could generally use the same continuing education credits to keep both the CISSP And CCSP current.  Two certifications for the effort of one.  Sign me up!

About

The Certified Cloud Security Professional (CCSP) is an advanced security related certification managed by ISC2 that is focused on protecting cloud based assets.

Candidates must pass an exam and have at least 5 years of professional experience in a related field. To validate this experience, you can either get someone who is already a CISSP/CCSP to endorse you or you can get your work history evaluated by ISC2.  If you are already a certificate holder from ISC2, then you can endorse yourself.  When I took the CCSP, I was already a CISSP, so I was able to endorse my own work history.  When I did this, it took 28 days for my self-endorsement to complete in the system.

The proctored exam is 150 questions multiple choice, and you have 4 hours to complete it, with a passing score of 700 out of 1000.  Unlike the CISSP, the CCSP exam is not an adaptive exam.  Its just straight multiple choice and will always run to 150 questions.

Domains are what the exam calls the various topical areas of the exam. Here are the domains and their respective weights as it relates to scoring in the exam.

Domain Weight
Cloud Concepts, Architecture and Design 17%
Cloud Data Security 20%
Cloud Platform & Infrastructure Security 17%
Cloud Application Security 17%
Cloud Security Operations 16%
Legal, Risk and Compliance 13%

Prep

There is a lot of overlap between the CISSP and CCSP.  If you are already a CISSP and also have a cloud architecture type certification from AWS, Azure, Google, or similar, then you probably already have a lot of the necessary knowledge for this exam.  This was my track.  I was already a CISSP and also had AWS Solutions Architect Associate and AWS Cloud Practitioner.  I think the content from those exams more or less covered the CCSP, so preparation was pretty easy.

Here is what I did to prepare:

  • I followed the CCSP Subreddit to hear what other people were saying about the exam and what resources they were using.
  • My main study tool was the Pocket Prep app, which is a mobile app that supports multiple tests.  The app keeps track of how much you studied and your scores, which is cool.  I studied for 2hrs and 18 minutes, with my average score across that time being 78%.  I think that generally, the exam is easier than these questions.
  • I started to read CCSP For Dummies on kindle, which was recommended in the CCSP subreddit.  I felt like I knew most of the content and didn’t read past the first chapter or two.
  • I bought the official Sybex CCSP study guide, but didn’t even open it once.
  • I bought the Boson practice tests, but they seemed so far off based from everything else I saw that I abandoned them.  I’ve had good luck with Boson for other exams, but I cannot recommend them for CCSP.

Overall, I think my recommendation would be to get the CCSP for Dummies book and the Pocket Prep app.  That’s probably all that you need.

Exam Day

Give yourself extra time at the exam center before your exam.  There are more hurdles since the last time I took a proctored exam in person.  The test center took palm prints of both hands, pictures, pat down, etc.  Took them a solid 20 minutes to get me checked in.  Since the CCSP exam has such a long window, there will only be 2 seatings per day at most test centers.  This means that you end up going to the test site as soon as they open, and it takes those proctors a while to get going in the morning.

Click through the questions and answer them, one at a time. Keep clicking the correct answers until it says that you are done! It took me 1hr and 54 minutes to complete the exam, which ends up being about 45 seconds per question.  If I remember correctly, it didn’t say if I passed or not on the screen.  You walk over to the proctor to get your printout and that’s where it says your results.

Good Luck!

If you found any of this information useful or recently took the exam yourself, please let me know in the comments below!

Categories: Cybersecurity Tech Soup

Tagged as:

Rick Gouin

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.