ISC2 CCSP

Top 5 things you must know to pass the CCSP

Joe South
February 28, 2023 by
Joe South

The (Certified Cloud Security Professional) CCSP is considered the gold standard in cloud security. The CCSP shows you have the knowledge required to secure any cloud, even without training in that specific cloud. 

I was overwhelmed by the amount of material when studying for the CCSP certification. I needed help determining what was valuable, what I could overlook and how in-depth I had to know various topics. My first attempt at the CCSP was a failure. After studying for the next 90 days, I passed the CCSP one year from the day I started studying. This article will guide you on the top five areas you must know to pass the CCSP exam and advance your cloud engineer career

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

1. Encryption is your last line of defense in a breach

Encryption is everything in the cloud. You must learn to view the cloud as someone else’s computer to which they may have full access. This means that cloud providers could view the data you store in the cloud if they choose to. Your only solution to securing your data if it falls into the wrong hands is encrypting it and storing the encryption keys somewhere other than that cloud provider. 

2. IAM is everything

In the cloud, IAM, specifically having a least privileged model, is critical to have right from the beginning of moving into that cloud. The cloud is an expansive environment that can scale to any demand. You will quickly begin accumulating user accounts, service accounts, service to service accounts, all with different roles and permissions. 

Due to the nature of the cloud, it is easy to run into a situation where you have overlapping roles, accounts and permissions. You must keep this to a minimum and keep the bigger picture in mind. What are you deploying into the cloud, what does it need access to and who needs that access? Those three questions will help you keep it to a minimum. 

3. Understand service models

One of the first topics I encountered in my studies was service models. This topic was difficult for me because it was hard to tell when one service model ended, and the other started. You must understand the cloud service models inside and out to pass this CCSP exam. The best way for me to learn this material was the following: 

  • If you can install an OS on something or configure the networking, then it is an IaaS service model.
  •  It is always a PaaS service model if you are asked about code or databases. 
  • The last one I felt was the easiest is if you manage nothing of an application, then it is a SaaS application; an example would be Gmail. You don’t know what version of Gmail you use, nor does it matter to you. This is typically an indication that it is a SaaS service model.

4. Have a 10,000-foot view of the cloud

To pass the CCSP, you must maintain a 10,000-foot view of the cloud. What do I mean by this? Here is an example: developers will always want full access to the cloud to build whatever they want. They may even need it, but it doesn’t mean it is the right thing to do.

 There must be guardrails in place to protect them from themselves. Before a developer introduces data from an EU resident into the cloud, you should ensure that data and the underlying infrastructure comply with GDPR. This seems simple, but understanding what your organization needs 1-3 years into the future and preparing for it is critical when deploying anything into the cloud. 

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

5. Read, re-read & read again before answering CCSP certification questions

This sounds like a waste of time, but trust me, you must read every question at least three times before answering. In my first attempt at the exam, I didn’t do this on every question. I figured I understood the question better than I did, so I made basic mistakes that cost me points in the long run. Points I should have had; if I did, I likely would have passed. 

The second time around, I took the time and read every question three times. 

  • I did this because the first one was to just read the question. 
  • The second one was to point out key parts of the paragraph to which I should pay attention. 
  • The third one was to think through the question and formulate my answer. 

This exam is difficult and very complex. Sometimes you will think the CCSP questions are trick questions with no correct answer. Slowing down and reading each question three times before answering will give your brain the time to think through the problem.

For more on the CCSP certification, including domains, CCSP salary and CCSP study resources, check out our CCSP certification hub. And for a detailed overview of cloud engineering, visit the Cloud engineer career hub!

Joe South
Joe South

Joe South has worked at companies of all sizes across multiple industries. Joe is currently in a role where he is empowered to introduce new and innovative solutions to increase the security posture of his organization. He enjoys teaching others what he’s learned and is the creator of a blog where he helps others get into cybersecurity and build a successful career.

Joe worked in vulnerability management, securing applications that served military and Department of Defense clients. He later expanded his skillset by diving into complex identity and access management (IAM) toolsets where he designed solutions for Fortune 500 companies across HIPAA, PCI and financial industries. He also architected solutions for companies to move into AWS, Azure and GCP while maintaining or increasing their security posture. Joe has his CCSP, AWS Security Specialty and AWS CCP certification, among others.