Certified in Cybersecurity (CC) Exam Review

-

On February 13, 2024 - I sat on the ISC2 Certified in Cybersecurity (CC) exam for one purpose: To tell you what I thought of it!


First, I must mention, I took advantage of the free exam voucher ISC2 gave away last year. And to those who thought they missed out, don't worry. ISC2 is offering this exam voucher, along with self-paced training for free! This is part of ISC2's mission to certify approximately one million cybersecurity professionals and break the cybersecurity workforce gap.


The exam is 100 questions (it is not a CAT exam, like the CISSP, which I wrote in 2018 - so you can expect to see all 100) and they give you 2 hours to complete it. While I only needed 20 minutes to complete the exam, it was more than enough time for me to provide my assessment. 


So what are my thoughts?


Generally the content was good and scratched the surface on the cybersecurity principles

Felt like a lightweight version of the CISSP

Of 100 questions, there were some duplicated efforts

A lot of focus around authentication, network, and security operation practices


Exam Outline & Prep


While the ISC2 training is free (and keep in mind, I did not look at it), I would also recommend you review some other free content out there to help you understand the content more. 


ISC2 CC Exam Outline

NIST 800-53 - Security and Privacy Controls for Information Systems and Organizations 

CC Exam Practices Questions by Prabh Nair [1] and [2]

CC Prep by Prabh Nair


How do ISC2 exams work?


After you write your exam, you will get a printout stating if you "provisionally passed" or not. ISC2 uses the term provisionally passed, as they perform a review of your exam before finalizing your score. If you did not pass, they will provide you an objective output showing you which domains you should focus on in your next attempt. Once you get your official passing score, and if you are a new ISC2 member, you will be required to pay a $50 membership fee. You do not need any prior work experience to fulfill the needs of this certification (whereas the CISSP requires 5 years in at least 2 of the 8 domains). 


Final words


I have not written the SSCP, however I feel that this would be a great resource to use towards your studying efforts for the SSCP and/or CISSP. If you're looking to brush up on your training, add a new certificate to your arsenal or, more importantly, looking to break into cybersecurity then I recommend you have a look at this. After all, minus the $50 membership fee, the training and exam is free and I think its invaluable. 

Comments

Post a Comment

Popular posts from this blog

Managing Risk Appetite as a Cybersecurity Professional

-
One of the questions I am asked the most from my mentees is how to manage risks in their company without taking it personally.  Listen, I get it. It's hard to take pride in something you do and then not think it's your fault when a recommendation you've made was rejected or even ignored. Mostly, these business decisions aren't a means to state that the work you've done was invaluable, it just means that the organization evaluates risk differently than you. Their appetite for risk, which usually is mitigated with spend, is greater than yours.  Let's say you identified, what you think, is a critical risk to the business. A hypothetical example would be preventing data leakage from insider threats. You've spent several hours looking over the risk scenarios, mapped out where your gaps are, performed a probability/impact and a cost analysis and know what a solution will cost. However, you are unclear on what the cost of this risk being a reality is. You identifie...
Read more