, , , , , , , , , , , ,

Feb 2 2017: Recently, I was asked again, the same question others previously asked me, “Why is it so hard to learn AWS?” with a follow-on of: “What is suggested to start from ground zero?” I decided to write up a few pages for everyone and post it: https://patrick642.wordpress.com/2017/02/02/i-was-asked-why-is-it-so-hard-to-learn-aws/

 ==================================================         UPDATES:  next –>  Dec 2016: Currently working on these 3 AWS Professional level courses: 1) AWS Cloud Solutions Architect   2) AWS Advanced Networking Specialty  3) AWS Security Specialty -//- Other cloud certifications sat for & successfully obtained ==>> AWS Certified Developer associate cert (Nov 2016)  &&  AWS Cloud Solutions Architect assoc cert (Jul 2016) && CCSK cloud cert from Cloud Security Alliance (Jun 2016 ==================================================

Note, I rarely rail or complain about anything, let alone doing it publicly – and I for sure do not do so lightly.  But in this case, it was warranted, especially after what others had to say about ISC2’s book / On-Demand video. Remember, if there are some folks making noise, they are only the tip of the iceberg…

Jun 2016: Interesting – did not pass the ISC2 CCSP examI took the ISC2 CCSP exam and was slightly under the cutoff. It was as if I had not even studied for the bloody test using the CBK book. It is very interesting that this happened – because as one person who wrote on Amazon (for the ISC2 CCSP CBK book) who also failed the test stated (paraphrased here) “the exam material does not line up with the book material and you will fail if you rely on the ISC2 book and On-Demand video.” And that is what happened to me, even though I very assiduously re-read the entire book very thoroughly, ‘again,’ as well as re-reading both CSA docs (2009 & 2011), both ENISA docs (2009 & 2015) & Jericho’s Cloud Cube doc. == In taking the On-Demand video 72 question graded quiz, I missed only 4 of the questions (a 94.4% score) – so I’m believing I am ready for the CCSP exam. No such luck. Now, would I recommend the book (1st or 2nd edition), in-person classes or on-demand video (which does not add anything to the book) to anyone – ‘NO!’ == Even if I do hold the ISC2 CISSP & ISSEP (plus double grad degrees – MBA in Technology & MSc in Cyber Security), I’m putting away the CCSP.  I’ve spent enough time and money in learning the CCSP material without being able to pass the test – moving on to sitting for the exams for AWS Cloud Solution Architect & VMware NSX (both in July) — I’ve already had all the necessary in-person classes & labs.

Mar 9, 2016

ISC2 CCSP with CSA collaboration –>> poorly done ISC2 CBK book, On-Demand video course and test taking experience — for the money we pay for books and taking tests, they should be better.  They “COULD” have done better. These are the reasons for this lengthy posting.

First, I am a long time CISSP and ISSEP.

I’ve already gone through several VMware courses, to specifically go through the NSX lab & course.

I’ve done the Amazon AWS SysOps class in Reston (expensive) and am halfway through the AWS Solution Architect (not so expensive through Udemy.com).

Basically, I’ve been around the block in IT, InfoSec, voice and data communication and a good helping of virtualization and cloud.

Here is what I did. I very thoroughly went through that POORLY produced CBK book they seem to be proud of in collaborating with CSA. The book still sucks (I have always despised ISC2 made books – and apparently I am not the only one who has voiced that very same statement).  And YES, it is one of the most boring books ever (and I’ve had physics {calculus version}, Chemistry and multiple advanced college math classes {differential equations anyone} that used books that I very thoroughly enjoyed reading & studying with.  

The ISC2 CCSP CBK book was bad enough to me that I commented about it on the Amazon web site after receiving the book came out (that first week).  A member from the publisher wrote back to me on what was wrong. I was incredulous and asked if they ready my critique…  they did.

  • Poor blurred images, as if a lazy undergrad made a blurry image and then made copies of that for a term paper
  • No color anywhere
  • The pages themselves are not good bright white material
  • They use the old font in the book but use a better font on the front and back cover
  • Typos throughout — inconsistent use of terms at times (CCSP vs CSP for the professional)

Now, after I missed the test cutoff, I pulled down the latest CSA guide, v3.0 (the next one is not ready yet) at 177 pages (PDF) as well as the ENISA doc (125 pages).  It seems that a large portion of the exam content for the exam came from those two docs rather than the CBK book (or at least the exam version I took – they do rotate questions so you will not see all the same questions on the 2nd go ’round).

My advice, do as the others here commented on – read the book, do the ISC2 CCSP interactive flash cards (at least twice for the test, study & learn modes) – and for sure, read the CSA guide and the ENISA doc.

You HAVE to read the following as well:

  • ENISA Cloud Security Guide for SMEs (small medium enterprise) – Jun 2015
  • Open Crowd – Cloud TaxonomyGraphic
  • TCI Reference Architecture v2.0 (even if it was rebranded to be the EAWG instead of the TCI Ref. Arch.)
  • Jericho Cloud Cube Model v1.0 paper

If you use the CCSKGUIDE.org site for CCSK familiarization, use it with caution, it has not been updated in a while from what I see on the site (as of Feb 28, 2016). The Random question area is not giving correct answers (I gave him a chance to correct it before I posted – he did not respond to my comments on the site – more than 3 weeks time.)

Sorry for the long rant but I was (and still am) pissed about the book – it took me ~2 months to read the ~450 pages because it was that horrid.  I am just so perturbed that they could not have made a more user friendly book:

  • color images,
  • sharper text,
  • brighter pages,
  • better font,
  • less use of repetitive words such as ‘utilize’ (just use the word ‘use’),
  • inconsistent use of the term CSP (for the professional and the provider),

And the ISC2 CCSP On-Demand video content, it looks rather pathetic. For the CCSP electronic student workbook *Participant Guide* (~620 pages & 45 MB), it looks like ISC2, for the first ~33 pages inserted pages of imaged (.JPG) text (which are not searchable). It seems they just took blurred copy and stuck it at the front of the guide. There is so much wasted space that they could easily have chopped out 100 pages (for the online users, much of the content is wasted as it is for in-class participants). 

The OnDemand training consists of the interactive flash cards, which is already free on the ISC2 site. Then, when attempting to do the OnDemand training at work, before my working hours, the video would not play – still waiting for ISC2 to respond to what kind of cookie may be being blocked, etc. It could be the work site is blocking that type of video (which would not surprise me either as more federal agencies prevent some things, even if it is educational and work related).

Basically, the On-Demand video they furnish (at cost) is no better than the book, even if someone is hosting/talking to the course. So far in the first domain of the video course, the slides used in the videos are of poor quality and I have yet to see any beneficial value in anyone paying for this video course.

One may as well read the book (if one has it that is), read the docs from the Cloud Security Alliance (there are two, possibly three of them) & ENISA (two documents).

I gave up on the video course that I paid for, expecting to see something useful that complements the book – not something that exactly duplicates the book.

Guess I’ll have to re-read the book to cover whatever I missed on the test, as well as re-reading the CSA, ENISA and Jericho documents (and skim over the CSA TCI Reference Architecture, which was rebranded as EAWG [Enterprise Architecture Working Group]).

And by the way, when you do go to Pearson Vue for the test.  Be prepared to be returned to Windows 95. I could have sworn I was transported back in time.  Before going to Pearson (this is my first time using this outfit), I was under the presumption that at least that onscreen testing would have the latest and snazziest screen display rather than using display format from more a decade ago…  I have to say, I was disappointed with the test experience (the display and presentation specifically). I do not know if this presentation is due to ISC2 providing the material and specific onscreen formatting or if ISC2 provided the material and then Pearson Vue did the screen presentation / formatting using old school style formatting. I am not even sure if Vue is using Win95 or Win XP…?  All in all, it could be done much, MUCH better…

In all, do not take my word for it, ask others who have studied for or taken the CCSP. 

Note: The 1st run of the ISC2 CCSP book was apparently stopped for product quality, so I understand.  I hope the 2nd Ed. book is produced with superior quality as it should have been in the first run…

But, Good luck to you all.