CCSK Preparation Tips. My experience

This is for all the people aspiring to be a CCSK.

Why did I pass CCSK

On Monday 02.05.2016 I passed the exam and become CCSK certified.

Getting this kind of certificate is an important event in the life of security professional.

Actually, I decided to get CCSK certified late 2015. The main reason was to confirm and structure my knowledge in Cloud Security area. It gave me professional instrument – comprehensive model.

For that time, I’ve already had CompTIA Security+, Ph.D. in information security and other vendor’s certificates. Cloud computing was identified as the top area of information security. I was interested getting something more cool and perspective. I was choosing within CCSK by Cloud Security Alliance and Cloud+ by CompTIA, CCSP by (ISC)². All of them are globally recognized in cloud security certifications. I stopped on CCSK as:

  • I’ve already used CSA approach to cloud security on my consulting practice and I was satisfied with the results.
  • CIO.com in 2013 listed CCSK at #1 on the list of Top Ten Cloud Computing Certifications.
  • CCSK is rare and young cert. I like this.
  • Free preparation materials.
  • No CPE, no recertification, no annual fees or certificate maintenance, no experience requirements, no expiration date.
  • It’s vendor independent.

And here is how CSA praise CCSK:

“As enterprises and consumers move greater amounts of sensitive information to the cloud, employers struggle to find information security leaders who have the necessary breadth and depth of knowledge to establish cloud security programs protecting sensitive information. The CCSK lets the marketplace know you are ready for the challenge with the first credential dedicated to cloud security, offered by the world’s thought leader in cloud security.”

As a result, I’ve passed CCSK with 90% in the first attempt.

I’m proud and happy 🙂

About the exam

  • The exam price is 345$.
  • You can pass it wherever you like.
  • You can pass it anytime.
  • Available only in English.
  • 90 min for 60 single-answer questions.
  • Questions are not easy.
  • To successfully pass the exam you need 80% of correct answers.
  • You have 2 attempts included.

Preparation materials

For me, those 2 documents were enough as I had a study plan and efficient “scientific” study approach (will show it in a moment).

You may also find worth and useful:

Exam day

  • I’ve chosen Monday. I had a day off and weekends just before. I was not preparing a lot the day before the exam – just reviewed the materials. It’s important!
  • Registered and made a payment with my private card at https://ccsk.cloudsecurityalliance.org one day before the exam. My employer is reimbursing the certificate exam fee and I need the invoice. Unfortunately, I didn’t check it earlier with CSA and still didn’t get the response if they are able to manage it. Will update on this later.
  • I sent my family to have some fun outside, and hoped that rain will not make them be back quicker 🙂
  • I had a set of 2 laptops. First for the exam and second with opened documents. You are allowed to search within documents. In my case not more than 10% of questions were searchable. But it also is good.
  • I had a bottle of water.
  • I finished in 60 min and had 30 min for review. I didn’t allow myself to correct answers as know that unconscious memory is working well.
  • I’ve got the results immediately.

How did I pass CCSK

I have spent close to 50 days or 100 hours for preparation. I’ll show you calculation below.

Looking back I understand that 50 days or 100 hours is too much for CCSK. It may be reduced TWICE. Lucky me 🙂 I’ve understood it in a middle way.

I’ve started preparation wisely.

I realized that forget the material quickly and found the reasons.

I started research on effective study techniques and to work on my focus and attention.

Finally, I found the right way to prepare for certification exam.

My study plan and approach

If you check my previous posts you will see that they are well-grounded and suits to most of us. I used the study plan as below. I will use it definitely in the future certification preparation as it gives results.

So, here it is.

Step 1. 6 months before the exam

  1. Define all mandatory or key preparation materials and read them once.
  2. For CCSK, it were Security Guidance for Critical Areas of Focus in Cloud Computing, V3 and ENISA whitepaper. Approximately 300 pages of text. I’ve spend 10 days or 20 hours (2 hours reading per day).
  3. Try to understand the general approach, terminology, try to find the gaps in your knowledge etc.
  4. That’s it. Really.

Step 2. 2 months before the exam

  1. Read once again preparation materials. For me, it took also 10 days or 20 hours (2 hours reading per day).
  2. Honestly, I had a feeling that I’m reading them for the first time. It’s important step to establish a good link to your memory cells.
  3. Focus on the things you know least well, not the things you know best.
  4. Refresh your memory on a general approach, terminology, review the gaps you’ve found before etc.

Step 3. 4 weeks before the exam

  1. Read 3rd-time preparation materials. It’s 30 days or 60 hours for just reading (2 hours reading per day). Just after the reading I was trying to retrieve the learnt material from my memory. Everything I could. It took me 5-15 min.
  2. Just after the reading I was trying to retrieve the learnt material from my memory. Everything I could. It took me 5-15 min.
  3. 1 hour later I did the same – retrieve the learnt material from my memory. Additional 5-15 min.
  4. The last retrieve was next morning. And 5-15 min for that.
  5. Every day I was studying like that.
  6. You show your brain that you are using information and give a signal to it to keep this information for you.
  7. Very important detail is to switch the unconscious mode of your brain. For me, it was physical training at a gym. As an alternative, I can suggest at least 30-60 min running or at least walking. It healthy, it helps, believe me 🙂

Step 4. 6 months after the exam

  1. As I’m planning to keep the knowledge longer and use it in my consulting practice I will read 2 docs again. In a 6 month.
  2. It’s all about forgetting curve.

This approach gave me a good understanding of the body of knowledge, good memory and links to the information in my brain that I’ve successfully used during the exam.

During the preparation I had a lot of distractions (kids are demanding their father, the wife is expecting a help from you, …), I’ve used useless techniques – highlighting and underlining, rereading etc. Need to mention that had the flu for a week just before the exam. It was difficult to read as of pain in eyes, … I was even thinking about rescheduling the exam. But I was trying to retrieve all I’ve read and to harden the links in my brain to that information. And it works! 🙂

My recommendations

  • Do not over read but have a plan in place to what to read, how to read and how many times to read. A good plan makes sure you don’t fall behind and are able to cover all study materials given the time you have.
  • The plan considering the above points will definitely increase your confidence levels.
  • Study wisely, you have more fun stuff to do.
  • Read the preparation materials some time before the intensive preparation (I suggest 6 months before, then 2-3 months before).
  • Organize your last month of intensive preparation effectively with reading, retrieving, physical exercises and rest.
  • Try to understand the concepts and try to think the CSA way.
  • I’ve recently started to use the Pomodoro Technique myself and it helps a lot to keep things manageable and keep the focus and attention.
  • Your brain needs to be engaged when studying. Reading the textbook over and over is too passive, and this affects retention.  How do you engage your brain? Give it something to do! Retrieve the information just after the reading and several times after with predefined schedule.
  • Focus your attention especially on:
    • a quick method for evaluating tolerance for moving an asset to various cloud computing models;
    • five essential characteristics, three cloud service models, and four cloud  deployment models;
    • multi-tenancy;
    • risk response strategy;
    • cloud computing possible benefits and security concerns;
    • due diligence and security audits;
    • privacy in the cloud;
    • compliance and governance;
    • cloud information architectures, storage, and encryption options;
    • Data Security Lifecycle;
    • database activity monitoring and file activity monitoring;
    • interoperability and portability;
    • business continuity and disaster recovery, restoration priorities;
    • data center audit;
    • incident response lifecycle, responsibilities, and limitation;
    • principles to develop a secure design for the application;
    • threats for cloud applications;
    • application monitoring in the cloud;
    • alternative approaches to encryption;
    • encryption in cloud databases;
    • key management;
    • identity, entitlement, and access management system;
    • identity federation;
    • hypervisor architecture concerns;
    • the diversity of existing security as a service offerings.
  • Apply the study concepts at your daily work if possible.
  • During the exam read all choices before picking the answer.
  • Don’t over-analyze, follow your first impression. Only if you followed the approach as described above 🙂
  • Reward yourself.

Just after the exam I took my family that helped me a lot and took them to Vienna, Austria to have some active rest 🙂 500 km driving from Krakow, 2 days and 1 night, 8 hours walking daily. It’s exactly what we needed.

My reward, Vienna, Austria

Summary

If you decided to take the certificate (applicable to other certificates, not just CCSK) the best you can do:

  1. Define all needed resources and create a plan.
  2. Apply effective learning techniques.
  3. Get certified quicker and keep your knowledge longer.

Please understand that this is my personal experience. I really hope that my experience will make sense for you also.

Will appreciate if you will share or forward this post to your friends and colleagues who are preparing or just thinking on the new certificate.

Looking forward to see your questions, experience and your results in comments below.

Work on your study skills.

Get ahead!

P.S. Click here to get Free full list of tips to boost your focus and attention that will make your preparation easier and more effective.


Update 2016.05.24. CSA does not provide invoices for individuals.

  • Pingback: 40+ Pros and Cons of IT Certification - Switch On The Brain()

  • Pingback: 18 Tips To Use Pomodoro Technique Effectively. Stay Tuned - Switch On The Brain()

  • deamon0

    Hey!

    Congrats on the cert! I’m planning to take up CCSK soon in the next couple of months. Hence I am gathering all the info I need.

    Thank you for the article. This helps. 🙂

    • switchonthebrain

      Thanks 🙂 Get ahead with your CCSK exam. I believe you can do it in 1 month!

  • Santiago Fernandez

    Hello! My name is Santiago. Thanks for the post, very interesting. I am currently preparing to give it up.

    Searching the internet, I found Flashcards! There were some that left me thinking. Example two:

    In the Application & Interface Security control domain, which of the following architectural references apply to Application Security?

    – Physical
    – Network
    – Computing
    – Storage
    – Application
    – Data

    or

    In the Application & Interface Security control domain, which of the following architectural references apply to Customer Access Requirements?

    – Physical
    – Network
    – Computing
    – Storage
    – Application
    – Data

    Is it possible for me to encounter such questions?

    Thanks!!

    Regarts for Argentine

    • switchonthebrain

      Hi Santiago! Sorry for not being helpful in time. Have you passed CCSK already?
      Were the flashcards official / reliable source? Have you found flashcards helpful? Will appreciate for your feedback!

  • thegirl withgreenscarf

    Hey !
    Congrats for CCSK certification !

    I am working on my study plan for CCSK. And this post is very helpful.
    I have a question here , ‘ How helpful was official CCSK training ?’

    After a bit of basic search found out that, with CCSK official training passing rate is 80-85% and 50-57% without. So I want to know what is the extra knowledge/information we get from official training ? What is your opinion about self preparation ?

    The online training cost is 1365$ , that is way too costly. And my organization reimburses only certification cost.

    • switchonthebrain

      Hi there! Sorry for not being helpful in time. Have you passed CCSK already?
      In my opinion, self-preparation is must to have. Then you can boost your recall in several days during the training. If you have money and time to take classroom based training – the best option (make sure you’ve checked trainer profile). Online are also good (make sure you’ve checked the agenda).