How to prepare for (ISC)² Certified Cloud Security Professional (CCSP) certification?

If you are reading this document, I am sure you are a cybersecurity professional looking to advance your Cybersecurity journey by challenging yourself to take up CCSP certification. The CCSP certification combines all the Cloud Security Alliance, NIST, ISO documentation. The CCSP exam requires you to have the knowledge acquired from CISSP domains, and on top, add Cloud Security skills. This guide can help you prepare for the CCSP exam. If you are an active CISSP holder, I will advise you to brush up on all the CISSP certification domains. If you are still in a dilemma about whether you need to take up CCSK or CCSP, refer to this CSA blog article.

This article will list all the resources (books, online training sites such as LinkedIn Learning, ITPro.TV, Cybrary, Pluralsight, A Cloud Guru, YouTube). It isn’t easy to ace this certification relying on only books recommended by (ISC)². To achieve this certification, you need to read other references/whitepapers available from Cloud Security Alliance, NIST, ISO, etc. As a refresher for CISSP knowledge, the recommended book is “Eleventh Hour CISSP®, 3rd Edition by Eric Conrad, Seth Misenar, Joshua Feldman” as a refresher.

Eleventh Hour CISSP®, 3rd Edition by Eric Conrad, Seth Misenar, Joshua Feldman

There are many books about Cloud, but one book that comes closest to the language (ISC)² is referenced below.

CSA Guide to Cloud Computing by Raj Samani, Jim Reavis, and Brian Honan

Each resource comprised of sections, such as whether these resources fall under foundational, mandatory, and optional categories.

Once you have the foundational knowledge of the CISSP domains, your Cloud Security journey begins.

Foundational Resources

Start with the below order to begin the journey. For instance, if you start with the “Official (ISC)² Guide to the CCSP CBK, Second Edition, by Adam Gordon” book, you will get completely lost in the jargon to understand each of these simple topics to get the foundation strong.

1. CCSP For Dummies by Arthur J Deane — (ISC)² recommended
2. CCSK Certificate of Cloud Security Knowledge All-in-One Exam Guide by Graham Thompson
3. Becoming a Certified Cloud Security Professional (CCSP) by Mike Chappel available on LinkedIn Learning
4. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Second Edition by Daniel Carter
5. Official (ISC)² CCSP Study Guide, Second Edition by Ben Malisow — (ISC)² recommended
6. Official (ISC)² Guide to the CCSP CBK — New! ( This is the latest CBK published by (ISC)², I haven’t read the CBK yet)
7. The Official (ISC)² Guide to the CCSP CBK, Second Edition, by Adam Gordon. I referred to this CBK edition while preparing for CCSP certification.
8. Cybrary CCSP videos and notes
9. Pluralsight CCSP Certification Path by Kevin Henry and Lyron Andrews
10. A Cloud Guru — CCSP course by Bob Salmans
11. CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
12. ENISA Cloud Computing Security Risk Assessment
13. OWASP Top 10–2017 Web Application Security Risks
14. Cloud Controls Matrix and CAIQ version 4.0 Excel Spreadsheet

The above resources should provide enough foundational base for CCSP certification.

Mandatory Resources

After reading all of the above resources, download the below documents from CSA, NIST, OWASP sites. Please glance through each of the below documents at least once before appearing for the certification.

Most NIST documents are available for free download on the NIST website. ISO documents are not free documents, but Adam Gordon has provided these documents on the “Certification Station” discord channel. Navigate to #CCSP channel in the “Certification Station” discord channel and look for documents in the pinned messages section to download these documents. Adam Gordon provides Boot Camps details which are published regularly in the announcements room of the “Certification Station” discord channel. The “Certification Station” discord channel is highly recommended as other Cyber Security professionals share many tips, guidance, and motivation for CCSP certification aspirants.

1. NIST 800–145 Definition of Cloud Computing
2. NIST 800–146 Cloud Computing Synopsis and Recommendations
3. NIST 500–292 Cloud Computing Reference Architecture
4. NIST 800–125 Guide to Security for Full Virtualization Technologies
5. NIST 800–37r2 Guide for Applying the Risk Management Framework to Federal Information Systems
6. NIST 800–39 Managing Information Security Risk
7. NIST 800–40r3 Guide to Enterprise Patch Management Technologies
8. NIST 800–88r1 Guidelines for Media Sanitization
9. NIST 800–122 Guide to Protecting the Confidentiality of PII
10. NIST 800–161 Supply Chain Risk Management
11. ISO 27001–2013 IS Implementation Guide
12. ISO IEC 17788–2014
13. ISO IEC 17789 2014
14. ISO 31000–2018
15. ISO IEC 15408 1 2009
16. ISO IEC 27001–2013
17. ISO IEC 27002
18. GDPR notes from Adam Gordon
19. Jericho — Cloud Cube Model
20. CSA Security-Considerations-for-Private-vs-Public-Clouds.
21. OWASP Testing Guide v4
22. PCI DSS v3 Cloud Guideline

Mandatory Resources — Practice Tests

After revising all of the above documents, let us focus on Practice Tests. The key to passing this certification is to practice lots of practice tests. Practice tests are also available in each of the above books referenced in the Foundation Resources section. The book “(ISC)²² CCSP Certified Cloud Security Professional Official Practice Tests, 2nd Edition by Ben Malisow” comes very close to the questions that might appear on CCSP certification.

1. CCSP Certified Cloud Security Professional Practice Exams by Daniel Carter book.
2. The book “(ISC)²² CCSP Certified Cloud Security Professional Official Practice Tests, 2nd Edition by Ben Malisow”. These same questions are available on the “Wiley Efficient Learning” app on iOS and Android mobiles. Navigate to Wiley to access the test bank. You can access the same practice tests on the laptop after registering the book on the wiley.com website to practice.
3. CyberVista Practice Tests are available for free if you have a Pluralsight subscription. If you do not have a Pluralsight subscription, you need to pay $150, but I won’t recommend purchasing it. If anyone is interested in blowing off their money, here is the website CyberVista / Kaplan
4. A Cloud Guru Practice Questions. Again if you do not have a subscription to “A Cloud Guru,” do not bother to purchase it.
5. (ISC)² CCSP Practice Tests by Aris Athanasiou on Udemy. I recommend purchasing this course on the udemy site.
6. Practice Tests which are available on Android mobile which has the Golden Lock

Mandatory Resources — Revision

After finishing all the above Practice tests, you can revise notes prepared by other CCSP professionals listed below during the last weeks of your study.

1. CCSP Cloud Guardians book by Gwen Bettwy is available on Amazon.com.
2. CIRRUS — 8000 Ft. of CCSP course by Prashant Mohan which is free to download
3. CCSPMasterNotes_V2.docx by @Ahbey is available on the “Certification Station” discord Channel in the “Pinned notes” section. This document is revised from @quietstorm950’s notes.
4. The original “CCSPMasterNotes.docx” by @quietstorm950 is available on the “Certification Station” discord Channel in the “Pinned notes” section.
5. Destination CCSP Flashcards app is available both on iOS and Android. I will highly recommend this app as it solidifies the definition of each term.
6. (ISC)² Official CCSP Flash Cards

Optional Resources

The below CSA whitepapers can be downloaded from the CSA website.

• Auditing The Cloud Controls Matrix
• Tokenization vs. Encryption: Which is Better for Your Business?
• Cloud OS Security Specification v2.0
• Cloud Penetration Testing Playbook
• CloudTrust Protocol Data Model and API
• Key Management in Cloud Services
• Privacy Level Agreement — Version 2
• Security Considerations for Private vs. Public Clouds
• STAR Level and Scheme Requirements
• State of Cloud Security Concerns, Challenges, and Incidents
• Trusted Cloud Initiative Reference Architecture Model

The below resources have a ton of helpful information as well.

1. Prabh-Nair-Domain-1
2. Prabh-Nair-Domain-2
3. Prabh-Nair-Domain-3
4. CSA Guidance
5. Identity and Access Management: Technical Overview
6. OAuth 2.0 and OpenID Connect
7. An Illustrated Guide to OAuth and OpenID Connect
8. SAML 2.0: Technical Overview
9. Larry Greenblatt — CISSP 2020 Exam Tips
10. Why you will pass the CISSP
11. How NOT to prepare for the (ISC)² CCSP exam? by Jake Eliasz
12. Preparation Guide for ISC2 Certified Cloud Security Professional (CCSP) Certification
13. CCSP Study Resources
14. cccure.training CCSP Books
15. How I passed the CCSP(Cloud Security) exam by Alireza Ghahrood
16. Passing the CCSP exam at the first attempt by Daniyal Naeem
17. CCSP Study Guide
18. How to prepare for CCSP exam? by infosectrain.com
19. CCSP Resource Materials by cycubix.com
20. 3 Resources to Pass CCSP Exam
21. CCSP Exam: My Experience by Aakash U
22. Glossary
23. CCSP Domain Review Series by Prabh Nair
24. Alukos CCSP
25. Cromwell
26. Adam Gordon course on ITPro.TV
27. CCSP Last Minute Review Guide by Mike Chappel, which can be purchased.

If you have gone through all the above resources and can get around 80% on your practice tests, you are almost ready to crack the CCSP examination. Go and ace it now! All the best.