Post

ISC2 - Certified in Cybersecurity (CC)

First certification in Cybersecurity

Posted Updated
ISC2 - Certified in Cybersecurity badge
ISC2 - Certified in Cybersecurity badge
By Celeste Amador
6 min read

My Experience

This was one of my first milestone in cybersecurity and my first certification in cybersecurity. Despite there’s not many job posts requiring this certification I do think it’s a great way prepare for other more complex certifications. It provides a great solid ground in a wide variety of domains required today in cybersecurity.

Desktop View

Study Content

In a broad spectrum what you end up studying for is the following 5 domains:

  • Domain 1. Security Principles
    • CIA Triad
    • Authentication
    • Non-repudiation
    • Privacy
    • Risk management
    • Security controls (technical, administrative, physical)
    • ISC2 Code of ethics
    • Governance processes (policies, procedures, standards, regulation and laws)
  • Domain 2. Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
    • Purpose, importance, and components
  • Domain 3. Access Controls Concepts
    • Physical
      • Monitoring
      • Authorized vs. Unauthorized personnel
    • Logical
      • Principle of least privilege
      • Segregation of duties
      • DAC, MAC, RBAC
  • Domain 4. Network Security
    • Computer Networking
      • OSI model, TCP/IP model, IP protocol (IPv4 and IPv6)
      • Ports
      • Applications
    • Network threats and attacks
      • Types of threats (DDoS, virus, worm, MITM, side-channel)
      • Identification (IDS, HIDS, NIDS)
      • Prevention (Antivirus, scans, firewalls, IPS)
    • Network security Infrastructure
      • On-premisses
      • Design
      • Cloud
  • Domain 5. Security Operations
    • Data security (Encryption, data handling, logging and monitoring security events)
    • System hardening (Configuration management)
    • Security policies (Data handling, password, AUP, BYOD, change management, privacy)
    • Security awareness training (Purpose, concepts, and importance)

Is not as free as you may think

This certification is advertised as free, as part of the One Million Certified in Cybersecurity program, because the self-paced training and the exam are free. But to actually become certified and be part of the ISC2 community you have to pay what is called the Annual Maintenance Fee (AMF) after passing the exam.

The AMF (Annual Maintenance Fee)

The annual maintenance fee is due every year in order to keep you as a certified member of ISC2. If you only have the ISC2-CC Certification, or you’re becoming an associate member, it costs $50 USD per year. You have to pay it in advance in order to become a member and to keep your membership.

You can find more information in the ISC2 AMF Website.

Once I become a member of ISC2 what’s next?

Once you become a member of the ISC2 you have different benefits and “obligations”. If you only hold a CC certification it would be as follow (It is different if you hold more certifications):

  • Benefits
  • You get 20% on ISC2 Official Self-paced trainings and Online Boot Camp
  • Expand your network
  • Be certified

Obligations

  • You have to complete 45 CPE credits (Category A) every 3 years.
    • Equivalent to a suggested annual minimum of 15 CPE per year.
  • You must keep up with the ISC2 code of ethics.

Free ways to get CPE A credits

  • Through the Skill-Builders which are free for ISC2 members.
  • Attending Events and Webinars (not all of them are free)
  • CPE Partner events
  • As a Volunteer in different areas (Volunteer for Exam Development Workshops, Blog Content Contribution, and other areas)
  • Chapter meetings

Fast ways to get CPE A credits

Here is the official ISC2 guide for the CPE credits

Study Resources Recommendation

Personally, the self-paced training became a bit too boring and was hard for me to concentrate. I had to look some other resources in order to feel comfortable before doing the actual test. Here are some recommendations if you’re struggling with the same or you just want some other resources to study.

  • Online Official ISC2 Self-paced training. Yes, even if I found it boring I did the whole training and since it is the official training I recommend you to do it as well.
  • Mike Chapple LinkedIn Course. To be honest this was one of the best resources I found that actually helped me to pass the test, Mike Chapple is supper engaging and it is fun to watch.
    • Here is a post of mine in LinkedIn that supposedly will make it for free to LinkedIn members for a limited time
    • Here are some online notes of this course that someone made available.
  • Paulo Carrieria and Andree Miranda Udemy practice tests. There is about 6 practice tests, I would say do each twice and by the test #5/6 try to get above 90% on your first try.
  • Prahb Nair Youtube videos. He gives a great explanation to the answers on similar questions to the ones you’ll encounter in the test. This resource help me a lot to think out of the box and to actually be prepared for the kind of questions I faced on the test.

Here is the reddit post that help me figure out all this resources, this person posts way more resources. When I did the test I had a very limited time and I found this to be enough to go through the test.

About the Test

The domain in the test are not really hard, but the real challenge is the way the questions are structured. It is not just knowing concepts, but having a deep understanding of them, and being able to relate them to real life scenarios. There are multiple questions where you have several posible answers, but you have to choose the one the fits the most to the situation.

You can only do the test in a Person VUE Testing Center, so make sure to look with time which one is the closest to you, and if it is a busy one, make sure you schedule your test with enough time. You have up to 2 hours to complete the test, it doesn’t mean you will use all that time, I think it took me about 40min to 1 hour to complete the test. It is a multiple choice schema, and has only 100 questions.

In order to past the test you must score 700 points out of 1000, basically scoring about 70%. At the end of the test they don’t give you the score (in fact, they never tell you), they just tell you if you passed or not. The test is available in 5 different languages, English, Chinese, Japanese, German, and Spanish. I took it in English, since it is the language in which all the resources that I used to study were.

Here is the average weight of each Domain:

  • Security Principles 26%
  • Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts 10%
  • Access Controls Concepts 22%
  • Network Security 24%
  • Security Operations 18%
If you have a substrack account, I'll be posting this content as well in there!
Certifications, Entry-level
certifications cybersecurity roadmap isc2
This post is licensed under CC BY 4.0 by the author.