How to prepare for and pass the CC exam

ISC2 CC
Source: ISC2

Intro

With more data being created every second, the proliferation of Internet-connected devices, and the increasing complexity of the networks and systems we use every day, protecting data and systems is paramount. The goal of cybersecurity is just that: to protect the confidentiality, integrity, and availability of information and computer systems.

Cybersecurity is a well-developed field with many tools, techniques, good and best practices available in the form of knowledge and skills to learn and practice. Right now there is a great opportunity  from the ISC2: free cybersecurity training and exam (+ a certificate).

The International Information System Security Certification Consortium (ISC2) is a well-known and established IT security organization.

The opportunity

ISC2 says :

As part of our commitment to help close the cybersecurity workforce gap, our new global initiative, One Million Certified in Cybersecurity, is providing free CC online self-paced training and exams to one million people around the world."

Take the first step to a rewarding career with Certified in Cybersecurity (CC) from ISC2, the world’s leading cybersecurity professional organization known for the CISSP. You don’t need experience — just the passion and drive to enter a field that opens limitless opportunities around the globe.

While this is mostly true, note a couple of things:

  1. Technically, the exam is free, but you have to pay a 50 USD fee to become an ISC2 Member  after passing the exam. Of course, you can refuse to pay and still pass the exam, but you won't get a certificate.
  2. Technically, you don't need any experience, but the exam has so many concepts from IT that it will be overwhelming (but not impossible) for a complete beginner to learn.

So, let's dive into the details.

CC exam cheat sheet

  • Total cost: 0-50 USD.
  • Estimated effort: 20-40 hours.
  • Allow 2-4 weeks for preparation, depending on your daily study time.
  • Pick a playback speed that works for you (I watched at 1-1.25x).
  • Take notes during the course.
  • Use spaced repetition .

A step-by-step guide to the CC exam

Here is a step-by-step guide on how to get your CC certification:

  1. Start with the Mike Chapple's course  as it's a great overall overview of the basic concepts of cybersecurity. You will need access to LinkedIn Learning. If you don't have access that's fine, just go to item 5 in this list.
  2. Pay attention to everything in this course, especially to the exam tips given throughout the course.
  3. Do some additional research and take notes on topics that are new/difficult for you. Make sure you really understand everything before moving on. Although the course is great overall, some topics were covered at too high a level, IMHO.
  4. Overall, it should take 7-15 hours of your time to complete this course with additional research and review. I recommend completing it in 1-2 weeks.
  5. Register  for the Official ISC2 CC Online Self-Paced Training. It will revisit most of the concepts from the previous course (which is what we need), but it will also introduce some more. You can relax a bit now that you know the material and are just doing a review.
  6. Take the Post-Course Assessment (the final test) 2-4 times. This test is the most similar to the real exam. The goals are to review all available questions and consistently score 80%+ (we want to keep some buffer for the anxiety of the real exam).
  7. Keep track of difficult questions and review them after submitting your answers along with the question you got wrong. Study the explanations carefully, google if necessary; in the end, you need to clearly understand why you gave a wrong answer and what's the right answer and why.
  8. It should take 8-12 hours of your time to complete this course, including the post-course assessment.
  9. Practice the CC Flash Cards if you find it difficult to remember terms (oh yes, there are a lot of terms in this domain!).
  10. Do mock tests. This set of 4 tests  is available for free on LinkedIn Learning and is a good sample that covers a lot of CC exam content (400 questions is a lot). The only downside is that not all of these questions are written in the same way as the questions on the real exam, but you have already had enough experience with the exam question format during the final test in the Official ISC2 CC Training.
  11. Go ahead and schedule your exam now, you're ready! I was able to schedule mine 1 week in advance.
  12. If you have some time before the exam or feel you need more practice, review your notes and take additional tests.

How difficult is the CC exam?

Although I have a decade of experience in software development and a decent exposure to networking, cloud computing (AWS SAA certificate), and security concepts, this domain simply has a lot of terms and concepts to understand and remember, so I decided to take two courses instead of one (practice makes perfect). Now, after passing the exam, I see that this was overkill for the exam, but my main goal was to deeply understand basic security concepts and refresh my knowledge on related stuff, not the certificate itself. However, if you are here just for the certificate and you have a decent exposure to this domain, feel free to pick one of the suggested courses, do some mock tests, and that should be it.

Preparation time

It took me about four weeks to prepare. During Mike Chapple's course, I studied almost every day for 1-2 hours (weekends included) over the course of 1.5 weeks. During the Official ISC2 CC Training I studied for 0.5-1.5 hours a day (weekends excluded) over the course of 2 weeks (I took several breaks due to work).

You can complete a full course in a week if you study more hours, and a single course might be enough for you to get the certificate if you already know the content well. Remember, you need to score 70%+, not 100%. (Unfortunately, ISC2 does not report exam performance to candidates .)

CC exam feedback

So, I've passed the ISC2 Certified in Cybersecurity exam, and here are my thoughts:

  • The vast majority of questions on the real exam are similar in structure and difficulty to those on the exam simulators.
  • I read almost every question and every answer at least twice to make sure I didn't miss anything.
  • I encountered a relatively small number of really tricky questions compared to the PMP or PMI-ACP exams, only about 5. You may have no idea how to answer such questions, so it is just a guess.
  • I saw a small number of challenging questions, about 10. Typically, you can narrow down the answers to two options and then use reasoning and logic to choose the right one.
  • I had about 10 questions that repeatedly asked about the same concepts. For a particular concept, there were 4 questions that covered it from different angles, so just stick to the right answer.
  • There were about 10-15 really easy questions that literally took less than 30 seconds to read and answer.
  • Some of the concepts I saw on the exam weren't covered in enough depth in the courses I took, but that shouldn't be a problem since the 70% threshold is pretty low.
  • In total, I finished the exam with 50 minutes left (out of a total of 120 minutes). And I enjoyed the experience!

What to expect at the test center

Here is a real-world example of what to expect at the test center.

I passed the exam. What's next?

Three steps:

  1. Apply online for ISC2 membership.
  2. Pay the Annual Membership Fee (AMF).
  3. Earn Continuing Professional Education (CPE) credits.

Details below.

ISC2 membership

You must pay 50 USD to get a certificate (and become a member of ISC2). The congratulatory email and other materials sometimes say that you need to become an ISC2 Associate, but this is a mistake. Associate is for people who have passed the exam provided by ISC2, but don't meet the experience requirements for the certification (a common example is CISSP). Since the CC exam does not require experience, there's no need to become an Associate. You will fill out the form to become an ISC2 Member. You will also have to pay a fee.

AMF

Payment of the Annual Membership Fee (AMF) is required at the beginning of each year of your 3-year certification cycle to maintain an "active" status of your certification.

Note that the certification cycle does not run on a calendar year from Jan to Dec. It is based on when you were first certified. For example, a member who was certified for CC on March 17, 2024 will have a 3-year certification cycle that runs as follows

  • Year 1) April 1, 2024 through March 31, 2025
  • Year 2) April 1, 2025 through March 31, 2026
  • Year 3) April 1, 2026 through March 31, 2027

CPE

As if all the hard work you put into preparing for the exam wasn't enough, you now have to maintain your certification. You do this by contributing to the profession and learning new things. Basically, one hour of learning equals one Continuing Professional Education (CPE) credit. You must earn 45 CPE credits every 3 years. For more information, see the CPE Handbook  and the CPE Infographic .

Starting a career in IT

Are you a student or a professional in another field looking to start a career in IT? I believe there is an excellent opportunity for you!

A typical starting point for non-engineers is Quality Assurance, but with the tremendous competition in this field, it becomes virtually impossible to secure a junior level position with a reasonable investment (time, money, effort). With that in mind, how does a junior security analyst role sound to you?

There is a huge talent gap in cybersecurity right now, and it is expected to continue. So I urge you to think about it and do your own research.

Recording

Slides

Link to the slides.


That's all you need to ace the exam on the first try! Feel free to contact me if you need more guidance or have a specific question. And good luck on your journey!

Do you like my content? Consider buying me a coffee ☕