So I mentioned in my previous post that it’s been a bit quite here lately. The reason is that I’ve spent my free moments preparing for the CCSP (Certified Cloud Security Professional) exam. In this post I’ll give some insight into my journey and the basics of the requirements for getting this certification.

How to get certified

The CCSP CBK lists six domains:

  • Domain 1. Cloud Concepts, Architecture and Design
  • Domain 2. Cloud Data Security
  • Domain 3. Cloud Platform & Infrastructure Security
  • Domain 4. Cloud Application Security
  • Domain 5. Cloud Security Operations
  • Domain 6. Legal, Risk and Compliance

These are the domains which you will be tested on and the domains you’ll need to document experience in (more below).

Getting certified is now a matter of completing these 5 steps:

Step 1: Earn adequate work experience

Candidates must have a minimum of five years cumulative paid work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP CBK. If you have the CCSK (more on this later) you can substitute this with one year of experience in one of the six domains. If you have the CISSP this credential can be substituted for the entire CCSP experience requirement.

Step 2: Agree to the (ISC)² code of ethics

All information security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained. All (ISC)² members are required to commit to fully support (ISC)² Code of Ethics Canons:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principals.
  • Advance and protect the profession.

Step 3: Pass the CCSP exam

The exam covers the six security domains in which (ISC)² specializes. At the time of writing you still have to show up at a test center to take the exam as (ISC)² still don’t support online proctored exams.

Step 4: Complete the Endorsement Process

Once you receive notification that you have successfully passed the exam, you can start the online endorsement process. If you know others holding the CCSP they can act as your endorser. For me, which didn’t know anyone holding the CCSP I needed to submit my work experience and attaching documents certifying my work experience. This process could take up to 6 weeks, so be patient.

Step 5: Pay Your First Annual Maintenance

Annual Maintenance Fees (AMFs) are used by (ISC)² to support the costs of maintaining the (ISC)² certifications and related support systems.

After completing step 5 you will get a notification email letting you know you are know a Certified Cloud Security Professional.

My journey - how I prepared

I actually started to look into the requirements of the CCSP and the domains which the CCSP covers back in the autumn of 2020. However, an online class towards the CCSK from the Cloud Security Alliance came up and I spent my energy towards that instead. After passing the CCSK I was planning to go straight to preparing for the CCSP. I even bought an online self-paced course from (ISC)² early in 2021. And then life and my interest for Azure happened in 2021 - so all my free moments were used to prepare for various Microsoft certs.

An exam voucher was bundled with the online self-paced course and the voucher expires after a year. So when january 2022 came up I knew I had to get moving - and now in April 2022 I finally was a CCSP!

This is pretty much my preparation:

In addition I frequently listen to various podcasts on cloud computing and cloud security:

There’s a few other podcast as well on my list, my these are the ones I listen to most frequently.

In addition I should mention that taking the Microsoft certs, especially maybe the AZ-500, also gave a lot of the core/basic knowledge of cloud computing which I found was very important for the CCSP.

To sum up: It took me a while, but in the end I got my CCSP!

Certified Cloud Security Professional (CCSP)