This is for all the people aspiring to be a CCSK.
Why did I pass CCSK
On Monday 02.05.2016 I passed the exam and become CCSK certified.
Getting this kind of certificate is an important event in the life of security professional.
Actually, I decided to get CCSK certified late 2015. The main reason was to confirm and structure my knowledge in Cloud Security area. It gave me professional instrument – comprehensive model.
For that time, I’ve already had CompTIA Security+, Ph.D. in information security and other vendor’s certificates. Cloud computing was identified as the top area of information security. I was interested getting something more cool and perspective. I was choosing within CCSK by Cloud Security Alliance and Cloud+ by CompTIA, CCSP by (ISC)². All of them are globally recognized in cloud security certifications. I stopped on CCSK as:
- I’ve already used CSA approach to cloud security on my consulting practice and I was satisfied with the results.
- CIO.com in 2013 listed CCSK at #1 on the list of Top Ten Cloud Computing Certifications.
- CCSK is rare and young cert. I like this.
- Free preparation materials.
- No CPE, no recertification, no annual fees or certificate maintenance, no experience requirements, no expiration date.
- It’s vendor independent.
And here is how CSA praise CCSK:
“As enterprises and consumers move greater amounts of sensitive information to the cloud, employers struggle to find information security leaders who have the necessary breadth and depth of knowledge to establish cloud security programs protecting sensitive information. The CCSK lets the marketplace know you are ready for the challenge with the first credential dedicated to cloud security, offered by the world’s thought leader in cloud security.”
As a result, I’ve passed CCSK with 90% in the first attempt.
I’m proud and happy 🙂
About the exam
- The exam price is 345$.
- You can pass it wherever you like.
- You can pass it anytime.
- Available only in English.
- 90 min for 60 single-answer questions.
- Questions are not easy.
- To successfully pass the exam you need 80% of correct answers.
- You have 2 attempts included.
- At the beginning suggest studying “Security Guidance for Critical Areas of Focus in Cloud Computing, V3”. 92% questions are based on it.
- Then ENISA whitepaper “Cloud Computing: Benefits, Risks and Recommendations for Information Security”.
For me, those 2 documents were enough as I had a study plan and efficient “scientific” study approach (will show it in a moment).
You may also find worth and useful:
- To take the free Udemy course “Understand the CCSK Cloud Security Certification” by Peter HJ van Eijk.
- Take official CCSK training.
- Review NIST SP 800-145, The NIST Definition of Cloud Computing.
- Review Jericho Forum Cloud Cube Model.
- Not to regret money and buy The Fast Track CCSK Certification: The Ultimate Guide for Cloud Certificate by Rachid Echouah.
- Talk to experts and join social media preparation groups, i.e. CCSK : Certificate of Cloud Security Knowledge, CCSK Study Group.
- I’ve chosen Monday. I had a day off and weekends just before. I was not preparing a lot the day before the exam – just reviewed the materials. It’s important!
- Registered and made a payment with my private card at https://ccsk.cloudsecurityalliance.org one day before the exam. My employer is reimbursing the certificate exam fee and I need the invoice. Unfortunately, I didn’t check it earlier with CSA and still didn’t get the response if they are able to manage it. Will update on this later.
- I sent my family to have some fun outside, and hoped that rain will not make them be back quicker 🙂
- I had a set of 2 laptops. First for the exam and second with opened documents. You are allowed to search within documents. In my case not more than 10% of questions were searchable. But it also is good.
- I had a bottle of water.
- I finished in 60 min and had 30 min for review. I didn’t allow myself to correct answers as know that unconscious memory is working well.
- I’ve got the results immediately.
How did I pass CCSK
I have spent close to 50 days or 100 hours for preparation. I’ll show you calculation below.
Looking back I understand that 50 days or 100 hours is too much for CCSK. It may be reduced TWICE. Lucky me 🙂 I’ve understood it in a middle way.
I’ve started preparation wisely.
Finally, I found the right way to prepare for certification exam.
My study plan and approach
If you check my previous posts you will see that they are well-grounded and suits to most of us. I used the study plan as below. I will use it definitely in the future certification preparation as it gives results.
So, here it is.
Step 1. 6 months before the exam
- Define all mandatory or key preparation materials and read them once.
- For CCSK, it were Security Guidance for Critical Areas of Focus in Cloud Computing, V3 and ENISA whitepaper. Approximately 300 pages of text. I’ve spend 10 days or 20 hours (2 hours reading per day).
- Try to understand the general approach, terminology, try to find the gaps in your knowledge etc.
- That’s it. Really.
Step 2. 2 months before the exam
- Read once again preparation materials. For me, it took also 10 days or 20 hours (2 hours reading per day).
- Honestly, I had a feeling that I’m reading them for the first time. It’s important step to establish a good link to your memory cells.
- Focus on the things you know least well, not the things you know best.
- Refresh your memory on a general approach, terminology, review the gaps you’ve found before etc.
Step 3. 4 weeks before the exam
- Read 3rd-time preparation materials. It’s 30 days or 60 hours for just reading (2 hours reading per day). Just after the reading I was trying to retrieve the learnt material from my memory. Everything I could. It took me 5-15 min.
- Just after the reading I was trying to retrieve the learnt material from my memory. Everything I could. It took me 5-15 min.
- 1 hour later I did the same – retrieve the learnt material from my memory. Additional 5-15 min.
- The last retrieve was next morning. And 5-15 min for that.
- Every day I was studying like that.
- You show your brain that you are using information and give a signal to it to keep this information for you.
- Very important detail is to switch the unconscious mode of your brain. For me, it was physical training at a gym. As an alternative, I can suggest at least 30-60 min running or at least walking. It healthy, it helps, believe me 🙂
Step 4. 6 months after the exam
- As I’m planning to keep the knowledge longer and use it in my consulting practice I will read 2 docs again. In a 6 month.
- It’s all about forgetting curve.
This approach gave me a good understanding of the body of knowledge, good memory and links to the information in my brain that I’ve successfully used during the exam.
During the preparation I had a lot of distractions (kids are demanding their father, the wife is expecting a help from you, …), I’ve used useless techniques – highlighting and underlining, rereading etc. Need to mention that had the flu for a week just before the exam. It was difficult to read as of pain in eyes, … I was even thinking about rescheduling the exam. But I was trying to retrieve all I’ve read and to harden the links in my brain to that information. And it works! 🙂
- Do not over read but have a plan in place to what to read, how to read and how many times to read. A good plan makes sure you don’t fall behind and are able to cover all study materials given the time you have.
- The plan considering the above points will definitely increase your confidence levels.
- Study wisely, you have more fun stuff to do.
- Read the preparation materials some time before the intensive preparation (I suggest 6 months before, then 2-3 months before).
- Organize your last month of intensive preparation effectively with reading, retrieving, physical exercises and rest.
- Try to understand the concepts and try to think the CSA way.
- I’ve recently started to use the Pomodoro Technique myself and it helps a lot to keep things manageable and keep the focus and attention.
- Your brain needs to be engaged when studying. Reading the textbook over and over is too passive, and this affects retention. How do you engage your brain? Give it something to do! Retrieve the information just after the reading and several times after with predefined schedule.
- Focus your attention especially on:
- a quick method for evaluating tolerance for moving an asset to various cloud computing models;
- five essential characteristics, three cloud service models, and four cloud deployment models;
- risk response strategy;
- cloud computing possible benefits and security concerns;
- due diligence and security audits;
- privacy in the cloud;
- compliance and governance;
- cloud information architectures, storage, and encryption options;
- Data Security Lifecycle;
- database activity monitoring and file activity monitoring;
- interoperability and portability;
- business continuity and disaster recovery, restoration priorities;
- data center audit;
- incident response lifecycle, responsibilities, and limitation;
- principles to develop a secure design for the application;
- threats for cloud applications;
- application monitoring in the cloud;
- alternative approaches to encryption;
- encryption in cloud databases;
- key management;
- identity, entitlement, and access management system;
- identity federation;
- hypervisor architecture concerns;
- the diversity of existing security as a service offerings.
- Apply the study concepts at your daily work if possible.
- During the exam read all choices before picking the answer.
- Don’t over-analyze, follow your first impression. Only if you followed the approach as described above 🙂
- Reward yourself.
Just after the exam I took my family that helped me a lot and took them to Vienna, Austria to have some active rest 🙂 500 km driving from Krakow, 2 days and 1 night, 8 hours walking daily. It’s exactly what we needed.
If you decided to take the certificate (applicable to other certificates, not just CCSK) the best you can do:
- Define all needed resources and create a plan.
- Apply effective learning techniques.
- Get certified quicker and keep your knowledge longer.
Please understand that this is my personal experience. I really hope that my experience will make sense for you also.
Will appreciate if you will share or forward this post to your friends and colleagues who are preparing or just thinking on the new certificate.
Looking forward to see your questions, experience and your results in comments below.
Work on your study skills.
P.S. Click here to get Free full list of tips to boost your focus and attention that will make your preparation easier and more effective.
Update 2016.05.24. CSA does not provide invoices for individuals.