How I passed CCSP and My Thoughts
Stephen Mac
Sr. Principal Security Engineer @ BAE Systems, Inc. | CISSP, CCSP, AWS Certified Security Specialty
Disclaimer - I'm going to be transparent with what I did to pass CCSP and this is not to be used for advice. I’m not here to encourage or tell you to get this certification. I'm simply giving you a glimpse of my study habits and thought processes leading up to the CCSP exam.
Background
I guess I should start with a little background about my experience and provide you some context in my history of pursuing certifications. As you can see in the below images, I had my fair share of failures and I don't regret any of it. I'm not a person that goes into debates and arguments about certifications or no certifications. You'll rarely see me comment on any of that because I'm on my mission and I'm in my own lane doing my own thing. A professional goes to work.
I started my cloud journey in November 2021 when I found out that I needed to be able to communicate and participate in meetings for my role. This is when I decided to pick AWS as I was researching the market cap for cloud computing and the opportunities available. In my job, I was able to work in a live production cloud environment and had hands-on experience with AWS serverless technologies and I've also dabbled into kupernetes/containers on my own time. Last year in 2022, I read the NIST SP 800-204C Implementation of DevSecOps for a Microservices-based Application with Service Mesh in order to learn more about industry best practices in regards to securing Infrastructure as Code (IaC) applications.
As you can see, I've taken multiple ISC2 and AWS certifications, but I often fail and I do it fast (sometimes purposely so I can be in a state of rage). I never really looked at the exam fees because nothing is going to stop me from investing in myself. No matter where I'm heading, the money will ebb and flow regardless
Let's Begin
Now let's talk about the Certified Cloud Security Professional (CCSP). I decided after playing Call of Duty Modern Warfare 2 for the last past couple of months, that I was finally going to do something productive with my life to further my career development. I chose to pursue CCSP because originally I ended up re-scheduling it once and then cancelling it for December 19th and that cost me some $150.00 in fees ($100 Cancel Fee + $50 Rescheduling). This was way back in earlier 2022 when I set out my goals. Usually, I set aside a personal budget for self/career-development each year and commit that expense as an investment to myself. I'm a type of person that likes to charge very aggressively in the beginning of the year and it forces me to kickstart the engine to build forward momentum.
Upon researching online for recommended resources, I saw online that many folks recommended the official book, so I went on Amazon to buy the latest Official Study Guide 3rd edition. I also downloaded the latest CCSP exam outline to review the domains and their average weight.
Right after receiving the book on December 20th, I ended up preparing a post to share on LinkedIn. You might be wondering why I need to share this with the world and not just work silence. Well, it's because I can also be lazy and to hold myself accountable, sharing it to the world does that for me. The pressure can be very beneficial for personalities like mine and I love to feel the thrill of achieving something after undergoing stress, suffering, or any pain so that I can get a reward at the end. To be great, I believe that you have to be able to execute under pressure. As the basketball player Robert Horry once said, "Pressure can burst a pipe, or pressure can make a diamond."
I’m not a person that is scared to look like a fool and to me, these certs are just a means to an end for my plans that I have in the future. I want to make it clear that I primarily do this for fun and there are no real reasons that I can explain. An exam is just an exam and when the time comes to find out if you can perform at the job, people will find out eventually.
So, I booked the CCSP exam at Pearson VUE ISC2 for the earliest available date in my area, which was January 4th, 2023. I didn't want to wait until February because I believe in failing fast and learning by doing. If I fail, I'll just go back after 30 days. 14 days is my typical for my engagements and I personally hate spending months out my life to get any certification. The real damage as we all know is performed when no one is looking whether it is on the job working on a project, during home labs, and others activities.
领英推荐
Study Time
After making a LinkedIn post about it, I started to open the book that night to read the first chapter and see what the exam was all about. Chapter 1 covers architectural concepts and cloud concepts that I had already read about many times before in other certs. For example, it talks about what cloud computing is, the different categories of cloud services (SaaS, PaaS, IaaS), and the different cloud deployment models. I kept thinking to myself, 'Ugh, this is going to be one of those certifications where I've seen it too often.' The book was 300 pages of content and included chapter assessment questions at the end of each chapter. As I went through the chapters, I realized that my previous CISSP and AWS notes that I took in the past already covered these topics. At this point, nothing really was surprisingly new to me.
When it takes you 4 attempts to finally pass CISSP, I'm sure you can understand where I'm coming from (I read the Sybex CISSP book 4+ times over and used so many resources). I know what common criteria is. I'm familiar with all the regulatory frameworks. I honestly skimmed through the book especially in areas where I felt strong. One week went by and I was still on page 150. I ended up finally completing the book on January 2nd, which gave me a day and half to review. As you can tell, I sped through it and didn't take this exam too seriously because the concepts were too repetitive.
Finally, January 4th test day arrived. I woke up at 1 AM the day of my exam to do some last minute review because I couldn't sleep. While multi-tasking, I recently got hooked onto ChatGPT as I finally got a chance to use it and this distracted me for about an hour. Finally around 2 AM, I was able to commit about 4 solid hours while looking at each bullet point in the CCSP exam outline and trying to restate the information out loud as if I was trying to explain to someone who didn't know it. This is my way of not only understanding the concepts, but also being able to articulate and form my thoughts on it out loud. I went through all 6 domains and 6 AM soon came by. I started to make my way to the Pearson VUE testing site in DC and arrived around 7am to make sure I was early. I then drank a 5-hour energy shot to give me a caffeine boost prioring to going in and is my usual routine for taking exams.
CCSP Exam Time
At 7:15 AM, I went in feeling pretty confident but maybe somewhat arrogant you could say. I walked into the Pearson VUE office and the testing staff processed me in. I sat at my designated computer and it was game time! While working through the 150 questions, I breezed through majority of the questions and rarely did I come to a point where I had to split and guess a 50/50. My thought process here when I did encounter a question that I was stuck in, I kept thinking back, how would I achieve what they are asking if I were to do this in AWS? I used this approach throughout the entire exam and that might have been the key difference maker. I’ve read so many stories about CCSP on LinkedIn and on Reddit about how difficult this certification exam was, but I felt the complete opposite and as a person who regularly fails, this was a strange yet good feeling.
I finally clicked 'submit' and retrieved my test result printout from the test proctor. It's always nerve-racking to wait and see your ISC2 exam results. Sometimes the test proctor will look at the name and then flip it over to hand it to you, or you might have experienced a situation where they look at it and then give you a certain face. That face of you know you failed lol. That happened to me 3 times when I failed the CISSP in the past. On my fourth attempt, I didn't even look until I walked out of the room. When I flipped my CCSP printout over, I saw that I had successfully passed.
Honestly, going into the exam, although I was feeling confident, I know that I didn't put much effort into studying compared to the AWS-SAA or AWS-SEC. I didn't watch any videos for CCSP and only did the practice questions at the end of each chapter, but they were too easy and straight to the point. I didn't really change my study approach and I took minimal notes under three pages in length.
Final Takeaway
Worth it? From my view, absolutely! The CCSP overall I think was about 60% CISSP CBK and 40% Cloud topics from my perspective. If you have cloud experience and have taken ISC2 certfications before, I don't think this CCSP will be that challenging.
Good luck to all you future CCSPs!
-Stephen
Overview of Resources:
Cloud Architect @ Tilray Brands | Adjunct Professor for Applied CS & IT | Experienced in IT Infrastructure, DevOps/SRE and Cybersecurity Domains
2 年Totally agree with your sentiments about the exam. Had the same experience myself as well.
Multi-Cloud Security Architect | AI/ML Security in Azure, K8S, AWS, GCP Certified
2 年Love the hustle Stephen Mac