CCSK Journey By Manasdeep


CCSK Journey By Manasdeep

I started reading CSA guidelines around the first week of May 2020. Due to my work commitments, I was having a hard time sitting down and read the material properly. A lot of interruptions happened during my CCSK studies. It was then I understood the importance to have a fixed schedule and dedicated time to do things. From June 2020 onwards, I promised myself that I’d dedicate at least 2 hours per week for the exam and finish up the material by July end.

Coincidently, around same time, Cyberfrat announced that CCSK training classes shall be starting from July 2020 month. I intensified my studies to around 4 hours per week and had covered around 2/3rd of the CSA guideline stuff back then. For last 2 weeks in July, I intensified my studies for last 4 chapters and ENISA document and completed them. CCSK training classes helped me to revise and reinforce my concepts for first 5 chapters which gave me good confidence about my preparation.

I tried practicing questions for CCSK by google search and going through free practice tests. However, I found the answers were frequently referring back to the preparation documents in exam prep kit. I decided to drop my plan for practice questions and instead focus on learning exam preparation documents better.

Finally, on 31st July 2020 late night, I started my exam. Using a disciplined approach, I started answering questions one by one. A few of them had some confusing options as distractors. I marked them for later review and moved ahead. With 30 min remaining, I inched towards my last 60th question.

Now the fun part came. When I started my review marked questions, a lot of them required careful reading which took me by surprise. I made sure that I was reviewing them properly using the 3 documents recommended by CSA. By the time I reached last 8 questions, the clock showed 2 mins remaining. With 4 seconds on the clock, I quickly submitted my last review question. Last few seconds were feeling like full minutes to me.

At last, the screen appeared with a pass grade of 81% from the 80% cutoff score. A huge wave of relief and excitement came over me. I literally jumped from my chair. I had successfully cleared the CCSK exam around 20 mins past midnight of Aug 1, 2020.

FAQ on CCSK exam

Q1) What started your interest to go for CCSK exam?

Understanding Cloud from security perspective in easy, common sense language was the thing I was searching for a long time.

The challenge with Cloud is that each vendor uses its own jargon terminology for same things which makes a bit difficult to understand the building blocks.

CSA guidance documents are amazingly simple to understand resources which provide much needed clarity in vendor neutral tone. I found CSA guidance in particular very nicely designed and searchable document. That’s how I got interested to pursue CCSK.

Q2) There are plenty of cloud certifications in industry right now, why should I go for CCSK?

The thing with Cloud in general is that many cloud service providers (CSP) are aggressively pushing their flagship solutions based on their core competencies and strength.

From an enterprise perspective, it is important to recognize the importance of a common sense approach which can make an informed decision about which cloud service provider (CSP) to go for based on business use case, what are the risks involved and what things can go wrong in long term.

Hence we need a vendor agnostic approach to understand these security fine points before approaching cloud migration.

CCSK guidance documents fill these gaps very nicely and puts all of this into simple, easy to understand language, regardless of vendor specific jargon and terminology which can get very confusing at times.

Q3) From an information security perspective, how useful have you found CCSK?

CCSK helps to clear the air around what can go wrong if informed choices are not made at the very beginning during cloud migration strategy itself.

A disciplined well thought out foundation strategy needs to be in place to enjoy the fruits of the hard labour later on.

While moving to cloud definitely brings lot of benefits and opportunities to improve the security posture of any enterprise, the challenge remains to fine tune and balances the shared responsibilities part with your cloud provider.

You are no longer on your own, but are taking advantage of flexibility offered by your CSP to grow and scale your business.

The first few chapters in CSA guidance put a lot of emphasis on this careful planning.

  • Being aware of these fine aspects pay off big time during execution part and especially during long run.
  • Remember that you are being billed a small price for any based on your business use case and service usage offered by cloud provider.

For instance, having too many test instances running due to lack of governance oversight or sheer carelessness will drive up your bills real quick when it is time to scale up while serving your customers.Proper housekeeping and maintenance is essential here.

Q4) I’m interested to go for CCSK exam, what should be my starting points?

The first step would be to go to the CSA website and download the exam prep kit. This will give you all the documents necessary for exam preparation.CCSK exam chiefly hinges on three documents:

  •  CSA Guidance
  • ENISA document
  • CCM spreadsheet

Read all three documents carefully. Highlight important points and make notes if needed. For difficult to understand concepts, search YouTube videos to get better hang of things.

  • Visual representation videos are very helpful for reinforcing the concepts.
  • They are also helpful for quick understanding, revision and recall.

Working as a team for achieving common goals always helps.

  • If your friend or colleague is also pursuing CCSK exam, be open to collaborate and learn together.
  • Alternatively, join some study group or online exam preparation forum.

This really helps to clarify things and everyone wins. Personally, I’ve followed a self-study approach for any certification. It has been deeply satisfying every time while going for any certification.

Q5) Where can I practice CCSK exam questions? Are any dumps available?

A thorough understanding of the three CSA recommended documents should be enough for your preparation.

Although I did some practice questions by googling some free practice tests, I found that those were frequently referring back to these 3 documents. Since this is an open book exam, I decided not to pursue any more tests and instead rely on my understanding of these 3 documents.

Around the same time, I signed up for Cyberfrat CCSK training classes which helped me a lot by clarifying a lot of core concepts via visual representation of them. My confidence grew and I decided to go for the exam by selecting a date much sooner.

A quick warning about the “exam dumps” though. As a general rule, I would recommend you to stay away from “exam dumps” which typically are priced around 10% of the actual exam fees.

  • In reality, these are analogous to “get rich quick” scheme.
  • Do not fall for these “exam dumps” at all!
  • You can never be sure how updated are these, they might sell you older version questions too.

CCSK is a conceptual exam. So avoid any shortcuts in your preparation.

  • Just mugging up answers from dumps is not the right way to go about it.
  • Practice questions you should do, yes, but a quick google search would show up free practice tests as well. The bottom line is to do your homework first; read up documents in the CCSK exam prep kit and only then go for practice questions.

Q6) CCSK is an open book exam, doesn’t that make it a “less” of an exam?

Though this might be the first impression which most people (myself included) may get, looking closely however, this is not the case.

Cloud is very dynamic and agile place to change with technology and we need to “go with the change” to understand its moving parts better.

  • You will quickly understand that the management plane in the cloud is the real differentiator with the traditional on-premises model and cloud.
  • Configuration and design practices though no doubt are very quick to apply, but at the same time they are not “fix once and forget it” kind of thing.
  • Change in business use case would demand you to quickly understand the need for fine-tuning of the existing architecture, requiring constant vigilance and rechecking.

Fortunately, when proper visibility is available from your CSP, it gives you a chance to quickly maneuver your architecture to your ever-changing business needs.

  • This will require a more hands-on approach and re-learning about your concepts since they would be frequently tested time and again.
  • There is no shame to admit your mistake and try to fix things via management plane once you discover something is not adding up.

While giving CCSK exam there were many “Oh my God” (OMG) moments for me when I started reviewing my marked answers with the exam prep documents.

  • I found that a slight change of term or language gave an entirely different meanings to the question asked and the correct answer was not which I had thought all.
  • This happened even when I was reasonably confident after reading the question 2-3 times.

Perhaps that’s why CCSK gives you two chances to pass the exam and has the open book nature.

  • The dynamic and agile nature of the Cloud would test your understanding and patience many times.
  • The good thing is that more hands-on practice you will have in Cloud, the better your understanding would be.
  • Time management of course cannot be stressed enough here; since when it comes to Cloud, time spent using CSP services is literally billing you money!

Q7) While preparing for the exam, I tend to forget things often. How do I fix this?

For reinforcement of concepts the best thing is to go out and learn the things visually. I have found this to be effective in remembering things.

In addition, following things can be helpful.

1) Make and write your own notes.

  • This is essential because, in reality only you know how your own written notes make sense to your mind.
  • So it is better to go toward this the hard way.
  • Just asking or copying notes from someone may sometimes work to pass the exam, but in the long term is not helpful to “get” things.
    • Taking action is the key here.
    • No pain, no gain. As simple as that.

2) Discuss with others

More you discuss your difficult areas with your colleagues and friends, more confidence you would gain. It is a win-win situation for everyone.

3) Join an exam preparation study group

Cyberfrat CCSK learning classes helped me to gain confidence that my preparation for CCSK exam was good enough and inspired me to book exam date sooner.

  • This is the real strength of being a part of the community.
  • Everyone works together to go reach a common goal.

Q8) What would be your top 3 takeaways for CCSK exam?Following things I leaned from my CCSK journey:1) Be honest to yourself

  • Have you read the CSA guidance, ENISA, and CCM spreadsheet properly?
  • Is your preparation good enough to answer basic questions about a particular domain?
  • For basic cloud security questions, are you able to select a reasonable answer without CSA guidance?

2) Time management is the key to pass the exam.

  • For questions you are 70-80% confident, mark it for review and go forward. Come back later to review them.
  • You have 90/60 = 1 min 30 sec per question to look and answer. Don’t waste more than 2 min here.
  • Validate the review questions by referring to documents. You might get some surprises here.
  • Be careful to read each question at least 2 times. 

3) Be disciplined and focused.

  • Review one question. Submit. Look at the clock. How much time you have? Move accordingly.
  • 30 mins are on the clock. Have you answered all questions? If not, complete them first.
  • Less than 2 mins remaining. Do you still have a few questions for review? Go by your gut feel and submit them all.

Remember, DISCIPLINE matters in CCSK exam.

If A=1, B=2 …then below metric will ensure you pass the exam successfully. All the best!


About the author

Manasdeep administrator

Manasdeep is currently part of Risk and Compliance function at Sears Holdings. His work focuses on acting as an internal advisor for Security Governance activities related to policies, procedure and guidelines. He is a part of PCI Compliance and Vulnerability Management team to implement and support compliance activities. He has a flair in writing on Information Security and has published various articles on information security communities like ISACA, Null, Cyberfrat, Clubhack, and Pentestmag. His interests’ areas in Information Security include PCI DSS Compliance, Vulnerability Management, Cloud Security, Security Audits and Assessments.

Leave a Reply

Social media & sharing icons powered by UltimatelySocial