CCSP — Certified Cloud Security Professional
What is the CCSP certification?
The Certified Cloud Security Professional, or CCSP certification, was developed by the non-profit (ISC)² and the Cloud Security Alliance (CSA). It validates your technical skills in designing, managing and securing data, applications and infrastructure across modern cloud environments. The CCSP is one of a portfolio of cybersecurity certifications managed by (ISC)² that range from entry-level to more advanced, role-specific designations. Get your free Cybersecurity development playbook to learn more about how the CCSP fits into cloud security careers.
An updated CCSP exam went into effect in August 2022. Testing continues across six primary domains, also known as objectives, to ensure that certification holders have the most in-demand cloud security skills.
Cloud data security (20%)
Covers the phases of the cloud data lifecycle, the data security technologies used to implement it and the principles of data dispersion, including data discovery, classification, information rights management, retention, deletion and archiving policies, as well as audibility, traceability and accountability across data events.
Learn more about the CCSP domains.
Is CCSP a good certification?
Organizations increasingly rely on cloud technologies, particularly as remote work has grown in prevalence. Unfortunately, this also means more threat actors are targeting the cloud with their attacks. Cloud security specialists are in high demand.
The best way to set yourself apart and demonstrate your advanced cybersecurity skills for the cloud is with the CCSP certification. Widely known and well respected, the designation reflects five years of cloud security experience. It validates the required technical knowledge and skills in cloud security design, implementation, architecture, operations, controls and compliance with regulatory frameworks.
What are the CCSP requirements?
To be eligible for the CCSP certification, work experience is required, but completing other certifications can shorten the required experience time. To earn your CCSP, you must:
- Pass the CCSP exam (700 out of 1,000 points)
- Have five years of work experience in information technology, of which three years must be in information security and one year focused on one or more of the six domains covered in the CCSP.
Earning the Cloud Security Alliance's CCSK certificate can be substituted for one year of experience in one or more of the six domains of the CCSP. Earning (ISC)²’s CISSP credential can be substituted for the entire CCSP experience requirement.
A candidate who doesn’t have the required work experience to become a CCSP may become an Associate of (ISC)² by successfully passing the CCSP examination. The associate of (ISC)² will then have six years to earn the five years of the required experience.
Read Infosec's, How to become CCSP certified article for requirement details.
CCSP exam FAQs
The CCSP certification validates your skills around the challenges cloud security professionals face and the best practices for how to mitigate them.
What is the CCSP exam outline and structure?
Beginning in August 2022, the CCSP exam will consist of 150 multiple-choice questions. This is an increase from the previous exam’s 100 operational items with 25 pretest (unscored) items — to 100 operational items with 50 pretest items.
To allow all items to be answered, the exam time will increase from three to four hours.
How hard is the CCSP exam?
The CCSP is an advanced certification for security professionals familiar with cloud environments. Five years of work experience is required unless you already have other certifications such as the (ISC)² CISSP, which removes all the work experience requirements or the CSA CSSK, which negates one year of experience. 700 out of 1,000 points are required to pass the exam.
CCSP pass rates vary depending on an individual’s experience, study habits and test-taking strategies. Infosec’s CCSP Boot Camp comes with an Exam Pass Guarantee.
Is CCSP harder than CISSP?
The (ISC)² CISSP exam tests a broad range of skills required for designing, implementing and maintaining a cybersecurity program. The CCSP could be considered an extension of the CISSP because it validates security knowledge specific to cloud environments. Both require five years of work experience.
If you’ve been more of a cybersecurity generalist, the CCSP may seem somewhat more difficult, but if you’ve been more focused on security strategies for the cloud, it would likely seem easier.
For more on the CCSP and CISSP, read Seven top security certifications you should have in 2022.
How do you take the CCSP exam?
Pearson VUE is the global administrator of all (ISC)² exams and all CSSP exams must be taken in person at a Pearson Vue test center. To take your CSSP exam, create a Pearson VUE account, find a test location near you and schedule your exam.
How much does the CCSP exam cost?
The cost of the CCSP exam varies by location.
- U.S. and all other regions not listed below, $599
- Asia Pacific, $599
- EMEA, EUR 555
- United Kingdom, GBP 479
- Middle East, $599
- Africa, $599
Your organization may purchase vouchers for seminars and exams in bulk, which are transferable to anyone in the organization.
You can find the most up-to-date pricing on the (ISC)² website.
How do I earn CPEs and renew my CCSP?
The CCSP has an annual maintenance fee (AMF): A $125 fee must be paid upon certification and every year afterward (by the anniversary date of getting certified). If you hold more than one (ISC)² certification, only one fee is required to maintain all your (ISC)² certs.
CPEs can be earned through (ISC)² events, unique work experience, contributions to the profession, education and/or other professional development opportunities. Get more information on CCSP renewal requirements and how to earn CCSP CPE credits by downloading the (ISC)² CPE handbook.
How long does the CCSP certification last?
(ISC)² requires 90 continuing professional education (CPE) credits over a three-year period for your CCSP certification to remain current, with a suggested annual goal of 30 credits. Of those, at least 20 must be from Group A activities, which are directly related to the CCSP domains, and up to 10 can be from Group B activities, which are general professional development activities.
Read the (ISC)² CPE handbook for more details.
Free and self-study CCSP materials
Studying is the best way to prepare yourself to pass the CCSP exam. Luckily, there are tons of helpful CCSP resources. Before you start scouting out the best training resources, we recommend taking a look at the official CCSP exam outline since it will shed light on what topics you’ll need to study.
CCSP study guides and CCSP books
Several study guides and books can help you prepare for the CCSP exam. You can find them at your local library, book store, or online stores like Amazon. A few of the most popular are:
- A free guide from (ISC)²: The Ultimate Guide to the CCSP
- Amazon: The Official (ISC)² CCSP CBK Reference, 3rd edition by Aaron Kraus
- (ISC)² CCSP Certified Cloud Security Professional Official Study Guide, 2nd edition by Ben Malisow
The (ISC)² training website also offers an online study group, interactive flashcards and a study app. (ISC)² members receive 50% off official (ISC)² textbooks as a member benefit.
For more on CCSP study books and tools, read our article on CCSP study resources.
CCSP practice exams and simulations
Practice exams are a great way to gauge your exam readiness. Free CCSP dumps are even available, although it’s against (ISC)² policy to disclose the actual exam questions. A few of the most popular CCSP practice question options are listed below:
- Official (ISC)² CCSP Practice Tests, 2nd edition by Ben Malisow
- CCSP For Dummies with Online Practice, 1st edition by Arthur J. Deane
- (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle, by Mike Chapple and James Michael Stewart
In addition to these options, many CCSP training courses and content include practice questions. For example, Infosec Skills CCSP certification training includes a customizable practice exam with more than 100 questions.
Other free CCSP training resources
There are a number of other free CCSP training materials being produced and shared by the community:
- Forums like TechExams and Reddit allow you to connect directly with others who are studying for or have already taken the CCSP.
- YouTube is another great place to connect with cybersecurity practitioners and learn about the CCSP exam. Although most CCSP courses cost money, there are numerous free CCSP videos available to watch.
- Podcasts may not help you directly study for your CCSP exam, but those like the Cyber Work Podcast are a great way to hear about the career and training journeys of fellow IT and cybersecurity professionals.
CCSP jobs and careers
While the adoption rate of cloud technologies continues to climb around the globe, security threats have also become increasingly pervasive. This leads to significant job opportunities for cloud security specialists, and the CCSP is one of the best ways to demonstrate your expertise in this fast-growing field.
What does a CCSP do?
The CCSP is for IT security professionals who work on designing, implementing and managing cloud environments. Common job roles for holders of CCSP include:
- Cloud architect
- Cloud engineer
- Cloud consultant
- Cloud administrator
- Cloud security analyst
- Cloud specialist
- Auditor of cloud computing services
- Professional cloud developer
Read CCSP certification: Overview and career path for more on CCSP opportunities.
Is CCSP worth it?
The job outlook for CCSP cert holders is very promising.
Certification Magazine lists the top 75 certifications in its 2021 salary survey; the CCSP ranks eighth on the list and is the top-ranked certification that IT professionals plan to achieve next in their careers.
Most U.S. Department of Defense (DoD) organizations must comply with directive 8570.1, which means that DoD information assurance and cybersecurity personnel must obtain one of a few pre-approved certifications. All certifications from (ISC)² meet this DoD requirement, including the CCSP.
What is the CCSP salary?
The CCSP certification is designed for professionals with advanced security experience specific to the cloud. According to the 2021 (ISC)² Cybersecurity Workforce Study, CCSP holders have an average annual salary of $80,7171; in North America, it’s $114,172.
The average CCSP salary for popular CCSP jobs will naturally vary based on the experience you bring to the role, geography, and other factors. The National average salary by job role according to Glassdoor in June 2022:
- Cloud architect, $114,046
- Cloud engineer, $104,036
- Cloud consultant, $79,178
- Cloud administrator, $70,626
- Cloud specialist, $65,028
- IT security auditor, $78,687
- Cloud developer, $99,668
Salary.com also has a similar average salary of $105,454 for these positions,
How many people have the CCSP?
Since it was introduced in 2015, 10,898 professionals have acquired this certification as of January 1, 2022. Of these, 5,576 are in the U.S.
Where can I find CCSP jobs?
CCSP is a popular certification in cloud-security-related job listings, and general job boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder all allow you to search by keywords like “CCSP” for CCSP jobs. There are also cybersecurity-specific job boards, such as the Cybersecurity Job Board, ClearedJobs, infosec-jobs.com and others. Another great way to find CCSP job openings is by joining local and national cybersecurity groups — such as ISSA or Women in Cybersecurity — joining local meetups or engaging in other cybersecurity forums and websites.
To prepare for your job interview, download our free ebook of cybersecurity interview tips, “How to stand out, get hired and advance your career.”
Paid CCSP training and exam prep
How long you need to study for the CCSP exam depends on your existing knowledge and experience — and your method of training.
Live CCSP boot camps
For those looking to get certified quickly, a live online or in-person CCSP boot camp may be the best option. For example, the Infosec five-day CCSP Boot Camp allows you to train for and earn your CCSP in less than a week.
The benefits of a live boot camp include:
- Live interaction with your instructor and peers: This can be especially useful for more advanced certifications where fellow students have years of real-world experience and situations to share.
- Complete training package: Most boot camps include everything you need to succeed — from live instruction to exam vouchers to books and practice exams. Infosec’s boot camps also come with access to additional training courses and hands-on labs to keep your skills sharp after you get certified.
- Improved pass rates: Boot camp providers like Infosec stand by their training with an Exam Pass Guarantee. That means if you fail your exam on your first attempt, you’ll get a second attempt to pass — for free.
Self-paced CCSP training
For those with more time — and self-discipline — a number of training providers offer paid CCSP courses you can complete at your own pace, including companies like Infosec, Cybrary, Udemy and (ISC)².
The benefits of on-demand CCSP training include:
- Train at your own pace: Train when it’s convenient for you — whether that’s 30 minutes over your lunch or a few hours on the weekend. There’s no need to set aside 40-60 hours for a week of intense, live instruction.
- Build an individual training plan: Since you’ll be training by yourself and not with a group, target your training around the domains and objectives you need to learn the most. Consider joining a study group or connecting with peers if you’d like further insights from your peers.
- Take the exam when you feel ready: With more time to study, you’ll have more time to prepare without feeling like you’ll lose the benefits of the boot camp “exam cram.”
CSSP comparisons and alternatives
Is the CSSP the best certification for you, or would something else be a better fit? Which certification is easier? Which certification should you take first? Which one is better for your career? That all depends on you and your career goals. Check out these articles to learn more: