There have been no new posts in the last few weeks as I have been preparing for the CCSP. This is another one of the many articles about how to pass this exam and get one of the most prestigious (ICS)2 certifications. Based on my experience reading this kind of articles is quite useful, especially the days before taking the exam.
To begin with, let us start by describing the CCSP certification. This certification requires the candidate to have a certain amount of experience:
- 5 or more years of experience working in IT, of which 3 must be in the IT security field and 1 must be in one of the CCSP CBK domains.
- It is possible to substitute the years of experience in a CBK domain by obtaining the CSA CCSK certificate.
- It is also not necessary to fulfil these requirements if the candidate holds the CISSP certification.
However, if you do not have the required experience, it is possible to take the exam and become an associate, having from then on six years to fulfil the requirements and obtain the certificate.
It is designed for those people who want to orient their career towards the security of Cloud Computing technologies. On its website you can see the syllabus, but basically it includes the concepts, architecture and design of the cloud, the security of data, the different platforms, infrastructure, applications and cloud operations, and the risks and compliance with the law for these technologies.
The most interesting thing about this certification is that it is not related to any particular provider, so the information obtained is valid for any technology (AWS, Azure, Google Cloud, etc.).
When I was in my final year of my degree I started working at GMV, where I spent two years in the cybersecurity department as a Junior Pentester. There I got my CompTIA Security + certification.
I then moved to Ireland and have been working here for two years as a Security Analyst at Global Payments.
Although (ICS)2 offers a course to prepare for the exam, I decided to study for it on my own. To do so, I bought the book “CCSP Official Study Guide” by Ben Malisow, as well as the “CCSP Official Practice Tests” by the same author.
Although in the book itself the author says that this source is not enough to get the necessary knowledge to pass the exam, in my opinion it covers about 80% of the syllabus.
My approach was to first study all the topics in the first book and then take all the tests that appear at the end of each topic. They are simple tests that help you to get a feel for what you need to know.
After that I moved on to the tests in the test book, which are a bit more difficult and in my opinion the closest to the tests in the exam.
Finally, I took the four assessment tests that appear in both books.
I recommend these books because you can register on a website and take the tests both on the computer and on a mobile app, with the possibility of taking a test with all the questions answered incorrectly, which is really useful for reinforcing the weaker areas of knowledge.
In total I estimate that I answered around 2000 questions before taking the exam.
Security Guidance CSA, which you can download for free from their website. I recommend it because it covers a good part of the syllabus and is very well explained.
Two days before the exam, I discovered through a discord channel some notes, 57 pages in which a user compiled definitions and summarised concepts. A quick read was very useful to cover some topics that Ben Malisow’s book only touches on superficially, such as the “Supply Chain Vendor Categories” chart or the principles of PCI DSS. If you are interested in getting them, they are anchored in the #ccsp channel of that discord, its author is the user @quietstorm950.
The exam consists of 125 multiple-choice questions, with 4 options each, and you need to score 700 out of 1000 to pass. Incorrect questions do not count against you, and once you have answered a question you cannot change your answer.
It is not a complicated exam on a practical level as the OSCP, but it is important to understand in depth all the topics and know how to apply them to real life, as most of the questions pose specific cases in which you have to choose the correct way to act based on what is exposed in the CCSP CBK. It is therefore necessary both to have acquired the knowledge and to know how to apply common sense.
This is the methodology I have followed to prepare for the certification and it has worked for me, I hope this information can be useful for you too.