Category: Certifications

ISC2 Certified Cloud Security Professional (CCSP) – My take

I recently passed ISC2’s Certified Cloud Security Professional (CCSP) certification.
While preparing for the certification I found that there are hardly any reviews shared by individuals who had already taken the test for the benefit of ones who plan to take it and want to get a test taker’s perspective.
So, here is my take in a QA format.

How long did I prepare for the exam?

Focussed study of around 40 hours spread over 4 weeks.
I already have following credentials that helped a lot in covering major aspects of the materials covered in CCSP:
  1. Cloud Security Alliance’s  CCSK
  2. ISC2 – CISSP
  3. I have more than 10 years of Software/Cloud Security Engineering and related professional experience.

What materials did I use for preparation?

1) The Official CBK – the first edition. I read a lot of bad reviews about the book but as far as providing relevant information goes, I found this book to be enough.
2) CCSK V3 Prep guide: I did read this for the following 4 domains:
  1. Architecture
  2. Operations
  3. Platform anf Infrastructure
  4. Data Security
Just this will not be enough to clear the CCSP exam but its good, quick “ a day before the exam” kind of refresher.

Is the exam worth the time and money?

Its not a hands on exam and rather checks the theoretical understanding of the concepts of Cloud engineering and the ability to apply those concepts to answer scenarios based questions.
In my opinion that theory and concept should always precede actual hands on work, and so yes this is a worthy investment.
Advertisement

AWS Solutions Architect – Associate Certification – Quick Notes

Earlier this week, I attempted (and passed!!) the AWS Solutions Architect – Associate certification.

This was my first look at an Amazon certification and here is a short write-up on my experience.

Worthy investment of time and money?

Depends how you look into it.

It’s a multiple choice question-answer type test, so there is a case of this certification not reflecting actual experience/practical skill of the taker – someone with a greater than average memory can just read through the documentation and possibly clear the exam.

Maybe yes…

…but the test was not quite what I expected it to be – it was very scenario based – things that you can answer only if you have done hands on deployments on the AWS, or at least, have done web based application deployment (in general) in the past.

Some of the questions are common sense experience questions that tests your generic N-tier architecture, network protocol, port level skills/understanding. These questions have nothing to do with AWS as such; which makes sense considering that as an Architect there are certain skills that one must have irrespective of the platform.

In fact there are no “what’s the full form of XZY service?” type of questions, at least in my test.

Worthy? – I’d say yes! Considering the level of adoption of AWS in different sectors, it’s almost certain that everyone in the technology sector will come in contact with AWS at some point. This certification/syllabus provides a very good introductory exposure to AWS.

Preparation Material:

1) AWS Certified Solutions Architect – Associate 2015 – Ryan Kroonenburg (Udemy link)

Do I recommend this? – Absolutely Yes! The training is very well paced and the hands on labs are very thorough. Ryan’s lectures are easy to follow.

Note: While this training has almost everything you need for this test, either as part of the lectures or additional information pointers provided, to pass the final exam will require you to go the extra mile by actually following these guidance/pointers. Please do.

2) AWS FAQs – I referred the general ones for VPC, EC2, S3, EBS, RDS, SQS

Do I recommend this? – Absolutely Yes! Read as many as you can.

3) Whitepapers – I was already versed with the AWS Security Best Practices one but I did read the following:

  1. Amazon Web Services: Overview of Security Processes
  2. Storage Options in the AWS Cloud
  3. Architecting for the AWS Cloud: Best Practices

Do I recommend this? – Absolutely Yes!

Practice Exam:

1)  AWS Practice Test – For $20 it gives a sense of the exam interface – that’s the only benefit I got out of this test.

Do I recommend this? – Not a must do.

2) Acloudguru AWS practice test on Android – Unlike the training program which is awesome, this app is more “work in progress”-like, there are lot of questions though (ones that are not in the course tests) but not many scenario based ones. I am sure this will improve over time.

Do I recommend this?  – Again, not a must do but considering the number of questions maybe worth looking if you can spare ~$20. I did and don’t regret.

Some additional notes:

My AWS experience:

I am an Applications Security Engineer by profession and my primary work responsibility do not involve going hands on with AWS deployments on a day to day basis. My AWS responsibilities are mainly limited to security related consultancy on an as needed basis.

The reason I wanted to take this certification is to vet my knowledge in carrying out that responsibility.

Note that I do have substantial web application architecture/development/deployment/security experience.

For those on the fence about whether they can pass the exam or not: The reason I mentioned my experience with AWS above is to drive home the point that on a Novice to Expert scale, I will rate myself as an low intermediate on  all but one domain (security!) covered in this exam and I passed.

So, with the right amount of time and focus, you can too!