Hello Everyone. I recently obtained my CCSK and thoroughly enjoyed the journey. I’d like to share the plan I followed leading up to the exam. This post is all about CCSK certification.
What is CCSK?
CCSK is Certificate of Cloud Security Knowledge from Cloud Security Alliance (CSA). The current version of the certificate is V5. However this blog post talks about CCSK v4.
CCSK provides a cohesive and vendor-neutral understanding of how to secure data in the cloud. It helps in building knowledge to effectively develop a holistic cloud security program aligned with globally accepted standards. It also prepares you to earn additional cloud credentials specific to certain vendors or job functions.
Who should do CCSK?
- Cybersecurity Analysts
- Security Engineers
- Security Architects
- Security Administrators
- Compliance Managers
- Security Consultants
- Anyone who wants to work in cloud security
Certification Material & Topics
The exam covers three key documents: CSA Security Guidance v.4, ENISA Recommendations and CSA Cloud Controls Matrix.
The CSA Security Guidance v.4 contains a significant repository of cloud security knowledge and majority of the exam questions will come from this document. I would say around 84-86% of the questions will be from the security guidance document. I would recommend you read this document thoroughly at least twice to get a good understanding of the material.
The topics are mentioned below:
- Cloud Computing Concepts
- Governance & Enterprise Risk Management
- Legal Issues: Contracts and Electronic Discovery
- Compliance & Audit Management
- Information Governance
- Management Plane & Business Continuity
- Infrastructure Security
- Virtualization & Containers
- Incident Response
- Application Security
- Data Security & Encryption
- Identity Entitlement and Access Management
- Security as a Service
- Related Technologies
- CCM
- ENISA
Certification Exam Format & Difficulty Level
The exam adopts an open-book format, presenting multiple-choice questions with either one correct answer or, at times, multiple correct answers. Some individuals find it challenging but my experience has been relatively smooth, as I went through the documents multiple times and practiced few mock tests.
The cost of the exam is 395 USD, allowing candidates two attempts. It comprises 60 questions, with a passing score set at 80%, and the duration of the exam is 90 minutes.
Preparation Strategy for CCSK
Preparing for the CCSK requires time and discipline as there are multiple domains covered in the Security Guidance PDF. I would suggest allocating time daily to go deep into the concepts of each topic, establishing connections with other security practices where necessary.
I suggest a thorough review of the security guidance and the CCM. With primary focus on security guidance as most of the questions will be from that.
Maintaining notes during your study sessions will help you with easier topic revision. Creating short, quick-reference notes can be particularly beneficial for last-minute review on the day before the exam.
Also, after going through the guidance, you can go online and look for some mock tests and evaluate yourself.
NOTE: While the exam is open book and it may seem straightforward, but to secure certification, a comprehensive understanding of the concepts mentioned in the document is essential.
Some Useful Resources
https://cloudsecurityalliance.org/artifacts/ccskv4-exam-prep-kit/
https://cloudsecurityalliance.org/research/guidance/
https://www.enisa.europa.eu/topics/national-cyber-security-strategies/information-sharing/isacs-toolkit/recommendations
https://cloudsecurityalliance.org/research/cloud-controls-matrix/
If you enjoyed this post, share it with your friends and colleagues!