My Tips for Passing the CCSP

This weekend I provisionally passed the CCSP, thanks to the help of those who taught the CCSP boot camp at my local ISSA SV chapter (Kelly Robertson and Eric Taylor of Atos, as well as Jimmy Sanders of Netflix). Their help, guidance, and encouragement were super helpful. 

This test is a bit easier if you have some hands-on cloud experience. Having worked with "Forti-cloud" products (FortiCWP/CASB, FortiWeb on Docker, implementing Fortinet products in AWS/GCP/Azure, and even integrating FortiAuthenticator), I felt I had somewhat of an edge over simply doing the study material. For those who would like to take the test, know that (unlike the CISSP study prep) all CCSP study material seems to fall short of what is actually on the test. Had I not gotten some last-minute tips from Dr. Lyron Andrews, Kevin Henry, Gwen Bettwy, Prashant Mohan, and Prabh Nair, I likely wouldn't have passed on my first try.

Picture the CCSP as a circle, and videos, books, test questions, youtube videos, and Reddit posts all are shapes that slightly overlap in different ways to that central circle. Still, no one course completely covers it, and even collectively, they don't cover it all. It's not a straightforward test based on the official test prep material, unlike some of the other tests out there. Further complications arise when you see that cloud vocabulary is not consistent, the prep material has many mistakes. The questions also seem to have been written by non-native English speakers. 

Below is a list of material I used, along with test techniques that I found helped.

Videos

• Kelly Handerhan - Cybrary.IT
• LinkedIn Learning — Mike Chappel
• IT Pro TV - Adam Gordon
• Pluralsight - Dr. Lyron Andrews 
• Pluralsight - Kevin Henry

Books

• Ben Manilow (2021)
• Adam Gordon (2016) 
• Dan Carter - All in One (2018) 
• Security Guidance 4.0 (recommended by Prabh Nair)
• CCSP for Dummies (2020)

Test Prep Questions 

• CBK (2016) - Adam Gordon 
• Ben Manilow questions
• All in one (separate book on questions) 
• Kaplan CCSP tests (275)
• Pocket Prep CCSP (500) 

Last min guides (read last week) 

• Mike Chappel guide
• Prabh Nair - YouTube videos (PROTIP - start with this video by him). 
• CIRRUS (8000 ft of CSSP) - Prashant Moshan 
• Cloud Guardians - Gwen Bettwy

Networking Groups

• SV ISSA (Slack) 
• Certification Station (Discord Channel) 
• ThorTeaches (Discord Channel)

Techniques and methods I found helpful:

• Plan of Attack — For certs, I have a 90 day ish plan that goes (in this order) videos, books, questions (recording missed ones), last-minute review guides, and then a final review of missed questions.
• Questions, questions, questions -- take them all, even though your hardest of these sample questions there may only make up 10% of the test. The other 90% are second and third-order tests beyond the difficulty of these tests. 
• Learning ISO / NIST standards - While you don't have to know them technically, it helps understand what they cover (cloud security, risk framework, etc.). I appreciated Prabh Nair's breakdown of these domains and making them very understandable and non-intimidating.
• Question Everything — Rather than just glossing over odd terms, conflicting terms, or even inaccuracies, take the opportunity to email some SMEs in the field when you feel something is outdated. For example, CASB was underrepresented in the preparation material, even though several questions were on the exam. The training material contradicted itself several times (e.g., pen-testing cloud assets is ok vs. not ok). Ask yourself questions along the way (e.g., what is the difference between portability and reversibility?). 
• Notes — while all my methods were digital, I used the Apple pencil to mark up my PDFs and then used a Remarkable 2 pad to write "paper" notes during the videos. 
• Updated Info - Constantly check Reddit and Youtube (e.g., Prabh Nair) for updates on topics. For example, Prabh's video on SAML helped me knock out 4-5 questions. 
• Schedule a test, then take it. I plan tests around 3-6 months out and then spend anywhere from 15 - 60 min per day going over the material I listed above. A month or two in advance, I schedule a PTO day right before the test to go through all the questions that I had previously missed.
• Send the elevator back down! Once you get your cert, reach back to the others in your study group and help out the others who might be struggling. It's a good way to reinforce what you learned and also build your network.

A final note — I do not have much faith in expensive boot camps, particularly ones I see advertised for CCSP. Most of the people I know who attend them never get the certification. To make the most of them, you have to have a good foundation ahead of time, and if that is the case, then that makes those little bits of knowledge quite expensive (unless your employer is covering the cost).

If anyone would like some guidance on this, please feel free to reach out. My email is [email protected], or call me at 408 217 1505.