Posts Tagged ‘ISC2’

ISC2 CCSP

Tuesday, February 14th, 2023

Last week (first week of February 2023), I took and passed the ISC2 CCSP exam (Certified Cloud Security Professional)

As usual, I watched all relevant videos I could find on pluralsight.com and used to the included practice exam until I consistently got a (very) high score. Additionally, I read thumbed through the All-In-One series book on the CCSP exam.

The actual exam was quite hard and I was surprised to learn I passed. Pleasantly surprised, obviously. The provisional result was printed out at the test center as is usual with ISC2 exams.

There is a reddit sub-thread where a lot of test-takers complain about this exam. Usually I don’t pay those people too much attention since I passed all these exams at first try so far (10-ish exams so far) but I have to admit, some questions left me troubled and confused. The bewildering questions did not seem relevant to the exam topic at all.

If somebody came here hoping for some useful advice on this exam, I’m sorry, I can’t give you any. I can’t give you any meaningful advice on what else to study apart from the above. Obviously, learn the basics by heart (shared responsibility model, threat models, data life cycle, SLDC, risk mitigations etc.) but beyond that, I am not sure what to recommend.

If you are taking the exam soon: don’t panic, stay concentrated, give it your best shot and best of luck!

CPE tracker

Thursday, July 14th, 2022

If you are lucky enough, you are certified in some field. Very likely, you need to gather continuous professional education credit to keep the certification valid. Actually, not a bad thing in itself and it does make sense in fast-paced fields like technology.

However, if you have several certifications that you need to keep alive, then keeping track of your CPE credits can be challenging.

Enter the CPE tracker I put together. It’s free to use, obviously, but use it at your own risk.

Warning points:

  • Not all CPEs are equal. Please check with your certification organisation what is acceptable as CPE and what is not
  • Most organisations make a recommendation such as “in order to make re-certification achievable, please try to achieve <insert_arbitrary_number> CPE credits per year – this might differ per organisation and the CPE credit you can earn might differ as per definition
  • Same as with the recommended number of CPE credits per year, the cut-off date per 12-months cycle might not always be January 1st – keep this in mind

Here is the general usage:

  • Copy the 2021 and rename it to 2022, 2023, etc.
  • In the A column, enter the name of the CPE you earned, e.g. “Codecademy SecDevOps in Python”
  • In the B column in the same row, enter how many CPE credits this will give you, e.g. 3 (this might differ per organisation, see the warning points)
  • In the certification column, drop an x if you want to use the CPE with a certification. This will automatically add those CPE credits to the amount of credit you have earned for this certification
  • Most organisations require some CPE proof, like the upload of course completion certification. Once you complete the upload, you can set the UL column (stands for “upload”) to the y value from the dropdown field

Some features:

  • Left top indicates how many days are left in the current year, giving you a rough indication how much you will have to hurry.
    This is based on the Settings sheet and calculated using today’s date. The general settings is using January 1st of the next calendar year but obviously you can change that e.g. to August 1st
  • The CPE credit score is conditionally formatted in red until the score equals or becomes greater than the recommended CPE score per year, also in the Settings sheet
  • No macros are used or were harmed while making the sheet. If you are asked to activate macros, it’s not my original sheet, be very careful.

Download:

  • Zip file containing a LibreOffice Calc version and an Excel version

sha256 checksum:

shasum -a 256 CPEtrackerArchive.zip
e6370259b0be5015e85040ef5876fb5c1ee8ef94d0d323925c3f33b0e8e03629 CPEtrackerArchive.zip

Update 20220721:

Nothing like using your own tools…. I started tracking my own CPEs but also found a problem with the number of days calculation so I’ll fix that and upload the newer version. stay tuned.

CISSP-ISSMP – happy ….

Monday, July 11th, 2022

…. to report that I passed the exam last week. It’s been in the making a couple of months and I finally found the courage to take the plunge.

On the weekend, I sent in the endorsement and it will take a couple of weeks for (ISC)2 to process it, as usual.

Now with both those exams (ISACA CRISC and CISSP-ISSMP) finally (and successfully) behind me, I can move on to something new.

I’ve previously dabbled in some pentesting and I would like very much give OSCP a try while casually reading about and learning for the ISACA CDPSE. Let’s see how it goes and how far I can take it….

Update from 1 week later: Already processed by (ISC)2. All good. Certified. Yay me.

CISSP-ISSMP…. still WIP

Sunday, May 15th, 2022

I’ve been working at this for a while…. I got a paid self-study course which I finished but access to the learning material expired already. At least I can still access the flash cards.

The official CBK book has terrible reviews on Amazon. I wonder what that leaves me with. I’m tempted to pay for some online ISSMP questions.

Since there is a big overlap of material with the ISACA CISM and ISACA CRISC, I actually should be able to nail this anyway (see my other posts)

Update 20220519:

I ordered the official CBK book. Several people pointed out how they were using that book to study for the exam and it’s a much cheaper alternative to re-purchase the CISSP-ISSMP online self-study course. So I guess it can’t hard. Plus I like physical books.