Head in The Clouds & Feet on The Ground: The CCSP Certification

By Michael Lyman

Demand for qualified professionals may be high in cybersecurity, but that doesn’t mean competition’s not stiff for the most lucrative and prestigious jobs. How can you position yourself to rise to the top? Try looking in the Cloud.

As the focus of technology shifts from internal systems to cloud-based services, the only way for a security expert to stay ahead is to keep learning, growing, and studying. The cloud is no fad, and the changes cloud services bring to an organization’s infrastructure require a different way of thinking. My clients want help adapting their focus from system administration to infrastructure governance so I decided to go after another certification to complement my Certified Information Systems Security Professional (CISSP) certification.

I researched a bunch of different certifications to see which might best fit the work I’m doing and my goals. The Certified Cloud Security Professional (CCSP) certification developed by (ISC)² and the Cloud Security Alliance allowed me to approach a cloud solution comprehensively, focused on the technical aspects of cloud computing as well as the policy implications. And, naturally since both certifications were developed by (ISC)², the CCSP certification process had the same feel as the CISSP, which meant I could apply my experience to help prepare more effectively.

One thing I learned going toe-to-toe with the CISSP (and other challenging IT certifications) and coming out on top is that passing these exams requires a plan. Here’s the strategy I came up with and used to successfully navigate the CCSP.

1.  I took an Official (ISC)² CCSP Training Seminar

The training seminar provided a structure for the exam, which in turn helped me to create a structure for my study plan. Going with official training provides some benefits, one of them being an (ISC)²-authorized instructor who has already passed the certification exam -- so I listened for little tips and insights as we went through each CCSP CBK domain. I also got some great study materials from the seminar, including the CCSP Exam Outline, the Official (ISC)² Training Guide to the CCSP CBK, a set of flashcards, and a practice exam. I took notes directly in the training guide so I’d remember what the instructor said as we went through it.

2.  I created urgency, and a schedule

I’m one of those who schedules an exam, pays the fee, and then works backwards to create a study schedule. Paying upfront, I’ve put down real money, so now I’m committed. I bought a new notebook and on the first page I mapped out every day up to exam day with a general sense of the topic I'd focus on. Then, how hard can it be?  I just have to follow my schedule… every single day… for 8 weeks.

3.  I followed my schedule

This is the hard part. I spent between 30 minutes to 4 hours each day reading through the Official (ISC)² Guide to the CCSP CBK while taking notes in my notebook. I bought this guide to supplement my training courseware.  I lived with that CBK guide, but I didn’t necessarily stop doing other things. I still worked, went skiing on weekends, ate dinner, and generally lived my life. The difference was I looked for all the little moments, opportunities I could get to pound the information into my head.

4.  I took every practice exam I could find

By two weeks before the exam I had gone through the entire CBK guide twice and had built up a pretty good notebook. I started taking practice exams, practically every day. I had kept the practice exam I got from the (ISC)² training seminar hidden away until I was ready and I found another exam online. Taking certification exams is a skill, and practice exams get me in shape for the real thing. They also helped me see progress over the days right before the actual exam.  There comes a point where I’d get 90% of the questions correct in practice and start to think, “I can do this.” It’s a real confidence boost.

5.  I discovered other key test prep materials I needed to pass the exam

As I was taking practice exams, I was also scouring online forums about the exam as well. No one ever shares questions, but I got a sense of what people felt and, importantly, why people failed. In fact, reading these forums made me realize there were still more materials I needed to get and master if I was going to pass the CCSP exam. CCSP is based on information from the Cloud Security Alliance, NIST SP800-145, and the ENISA Cloud Computing Security Risk Assessment. These documents, and the CSA website, are critical for the exam. I looked back at my notes from the training seminar I took and realized that my instructor had mentioned all of this and that I’d forgotten! It is also outlined in the CCSP Exam Outline I mentioned earlier.

6.  I made a mental crib sheet

The testing center provides a laminated sheet and a marker for notes. Right before the exam starts there are a few minutes when the test computer displays instructions. This is the perfect time to write down lists and formulas that you may have to recall later. I practiced over the weekend getting the lists and formulas memorized so I could scribble them down quickly on exam day.  

7.  I slept the night before the exam

My exam was on a Monday morning, so I stopped reading my notes and put everything away Saturday night. All day Sunday I relaxed. Sunday night I went to bed as early as I could.

When I passed my CCSP exam, I was tired but not surprised. The exam culminated over 8 weeks of study and 4 hours responding to questions. There’s no doubt it’s a challenge, and a risk, to go after a certification like this. But, these things can be managed with preparation and attention. And the rewards, both for me and my clients, will continue on well into the future.  

The CCSP is a challenging certification to acquire, but you can do it. Use these tips to craft a plan that will work for you and open yourself up to a whole new world of professional opportunities in cybersecurity -- the sky’s the limit.

About Michael Lyman

Michael Lyman (CCSP, CISSP, PMP) is the Security Practice Lead at TPP Global Solutions, an IT, Security, and Project Management consulting firm in Boston, MA.

More About Michael