I just passed the Certified Cloud Security Practitioner (CCSP) exam. It wasn’t easy, but nothing you can’t prepare for.
Apart from the official (ISC)2 guides, here are some of the resources I used in my studies:
- Cloud Security Alliance Security Guidance v4.0
- Cloud Security Alliance Enterprise Architecture
- Security Guidance for Critical Areas of Mobile Computing
- CSA Cloud Controls Matrix
- The ‘Treacherous Twelve’ Cloud Computing Top Threats in 2016
- ENISA Cloud Security Publications
- NIST SP 800-146 Cloud Computing Synopsis and Recommendations
- NIST Special Publication 500-299 Cloud Computing Security Reference Architecture (Draft)
- OWASP Top 10
If you would prefer to add video lectures to your study plan, there’s a free course on Cybrary. For a quick summary, check out these study notes and mindmaps. Also, multiple sets of free flashcards are available on Quizlet.
It is a good idea to do some practice questions: there are books and mobile apps out there to help you with this. Practical experience in cloud security is also essential.
The exam tests your knowledge of the following CCSP domains:
- Architectural Concepts and Design Requirements
- Cloud Data Security
- Cloud Platform and Infrastructure Security
- Cloud Application Security
- Legal and Compliance
The structure and format might change as (ISC)2 continuously revise their exams, so please check the official website to make sure you are up-to-date with the latest developments.
On the day, read the questions carefully. It’s not a time pressured exam (I was done in two hours), so it’s worth re-reading the questions and answers again to make sure you are answering exactly what is being asked. Eliminate the wrong options first and then decide on the best out of the remaining ones.
Finally, my suggestion would be to approach the questions from the perspective of a consultant. What would you recommend in each situation? Don’t go too technical – keep the business needs in mind at all times.
Don’t stress too much about the final result. I’m sure you’ll pass, but even if not on your first attempt, you’ll learn either way! Remember, the knowledge you accumulate in the process of preparing for the test itself has the most value, not the credential.
I’ve recently passed my AWS Certified Solutions Architect – Associate exam. In this blog I would like to share some preparation tips that would help you ace it.
Not only practice makes perfect, some hands-on experience is also a prerequisite for the exam. So there is really no way around that! But what if you didn’t have a chance to use your skills on a real-world project yet? No problem! AWS gives you a opportunity to learn how their cloud components work through AWS Free Tier. For one year, you can use Amazon EC2 , Amazon S3, Amazon RDS, AWS IoT and many more free of charge,
You want more guidance? Qwiklabs developed a set of labs that specifically designed to help you prepare for this exam. For a small price, you can complete exercises without even requiring an AWS account or signing up for Free Tier.
I recommend studying AWS Whitepapers to broaden your technical understanding. If you are short on time, focus on these:
- Overview of Amazon Web Services
- Architecting for the Cloud: AWS Best Practices
- How AWS Pricing Works
- Compare AWS Support Plans
AWS developed a freecself-paced Cloud Practitioner Essential course, to help you develop an overall understanding of the AWS Cloud. You will learn basic cloud concepts and AWS services, security, architecture, pricing, and support.
There is also a YouTube channel with free introductory videos and other noteworthy material.
Exam sample questions can help you check your knowledge and highlight areas requiring more study.
Remember, the best preparation for the exam is practical experience: AWS recommend 1+ years of hands-on experience with their technologies.
When you’re ready, go ahead and schedule an exam here.
I’ve been interviewed by Javvad Malik about my career in Information Security. He published the interview on his website
The difference between Leron and anyone else that has ever asked for advice is his willingness to learn and take on board as much knowledge as possible and then apply it. In a few short years, not only was Leron able to complete his MSc, but he landed a job (while turning down other offers), spoke at events, and wrote a book. Achieving more in 3 years than most people do in 10.
So, the roles are now reversed. I needed to catch up with Leron and pick his brains about his journey and see what I could learn from him.
Read the full story
I recently had the pleasure to help organise and host PhD students from Royal Holloway, University of London (RHUL), who spent a day at my company interacting with the team in order to gain industry insights.
This day-long event included presentations by the students, their lecturers, our partners and consultants.
During one of these presentations, I shared some of my own experiences as an information security consultant, in which I talked about my role and area of expertise. I also discussed current security challenges and provided some career advice.
Several round table discussions provided everybody with much needed food for thought. We covered topics like security monitoring, threat intelligence, information protection in digital health and the role of the C-suite.
We received positive responses from the professors – the students enjoyed the presentations and learned a lot from the interactions during the day.
Santander have kindly agreed to host our next workshop event in their London offices on the 14th October. View the event flyer here.
Hear from leaders in Digital Innovation and Information Security on:
– The balance of Security and Innovation: The Cyber Threat and Opportunity
– Phishing and Social Media
– The Importance of Communication in Security
– Edward Metzger, Head of Innovation, Santander
– Matt Bottomley, Senior Manager, Cyber Risk, Lloyds Banking Group
– Christine Maxwell, Head of Digital Security, Governance and Operational Excellence, BP
Networking and Careers Session
– Opportunity to network with junior professionals, students in Information Security and Technology
– Post event drinks and canapés reception
– Information Security careers stands from Santander, EY and KPMG will be at the event
Date: Wednesday 14th October 2015
We discussed improving team productivity previously. I received a few comments regarding this topic, which I decided to address here. I would like to cover the question of developing your team members through coaching.
I remember attending a workshop once, where the participants were divided into two teams and were presented with a rather peculiar exercise. The facilitator announced that the goal of this competition was to use newspaper and tape to construct a giraffe. The teams would be judged on the height of the animal: the team who will manage to build the tallest one wins.
There are many variations of this exercise, but they all boil down to the same principle. The real aim is to understand how people work together. How they plan, assign roles and responsibilities, execute the task, etc.
In the end, everyone had a chance to discuss the experience. Participants were also presented with feedback on their performance. But can people’s performance be improved? And if yes, what could have been done in order to achieve positive and lasting change?
The answer to these questions can be found in coaching.
Coaching is all about engaging people in an authentic way. There might be different opinions on the same problem, which doesn’t necessarily mean that there is only one universal truth. How much do you appreciate and respect what other people think?
Coaching, however, is not about knowing all the answers, but about listening, empathising and understanding others. Here are some example questions you can use:
- What is happening in your life and career?
- What’s going well?
- Where do you want to be?
- What do you need to do to get there?
- What is the first step you would take today?
The last thought I would like to mention here is about giving people time to reflect. Some silent and alone time can yield unexpected results. Our brain is bombarded with enormous amounts of information on a daily basis. Finding time to quiet your mind and slow down can help you to listen to your inner voice of intuition. This can help you come up with innovative solutions to seemingly unsolvable problems.