All about the ISC2 Certified in Cybersecurity (CC) certification and how I became certified.
What is the Certified in Cybersecurity (CC)?
Certified in Cybersecurity (CC) is an entry-level credential aimed towards newcomers to the industry. The certification exam was launched by one of the world’s leading cybersecurity professional organizations, the International Information System Security Certification Consortium, Inc. aka, (ISC)², which is well-known for the CISSP (Certified Information Systems Security Professional) certification exam.
Who is it for?
(ISC)² officially launched the CC certification in August 2022 with a mission to recognize the ones who are just beginning or transitioning to the cybersecurity industry. The certification is designed and curated for the ones with or without IT experience to gain a strong foundation of cybersecurity concepts, tools, and best practices to learn and implement on a cybersecurity job.
Exam structure and topics covered.
The two-hour exam comprises 100 multiple-choice type questions and is graded on a scale of 1000 points. A minimum of 700 points or 70% score is considered a passing grade. To maintain a healthy test environment, (ISC)² offers the exam in an offline mode through Pearson VUE Testing Center.
What’s impressive about the CC certification is the beginner-friendly and important topics that are covered in the exam. It covers a good range of fundamental domains, which are:
- Security Principles. (26% average exam weight)
- Business Continuity, Disaster Recovery, and Incident Response Concepts. (10% average exam weight)
- Access Control. (22% average exam weight)
- Network Security. (24% average exam weight)
- Security Operations. (18% average exam weight)
It is safe to say that CC allows the learner to have in-depth knowledge in these domains and excel in their career through further skill building and higher-level certifications.
Preparation tips and resources.
The CC can be achieved with the preparation of at most one month. If someone has previous technical background and knowledge or is a student of any of the computer science domains, a couple of weeks' worth of focus is ample preparation time. However, based on an individual’s schedule, the preparation time might extend from a few weeks to a few months, but more than a month’s time is really not necessary for taking the exam as the exam covers only theoretical aspects and no practical or hands-on experience.
As a full-time computer science student myself, and given that I have previous knowledge and experience in the technology industry, it took me about a month of consistent studying of the topics to pass the exam. Even though I completed the resources within two weeks and was confident enough to take the exam, I went through some extra preparations that I am about to share with you shortly.
The prior resource to get the overall knowledge and insights about the domains covered in the exam is the official self-paced training course by (ISC)². It provides text content, videos, podcasts, and flashcards to help you learn the concepts easily. The best part of this course is the quiz that it conducts after each chapter to test your understanding. Additionally, it conducts a final quiz to test your understanding of all five chapters.
Another resource that’s worth mentioning here is the (ISC)2 Certified in Cybersecurity (CC) Cert Prep on LinkedIn Learning. This resource helped me greatly because of the details of each chapter that it covers. In fact, it covers more details than the official self-paced training course. Moreover, you will love this resource if you are not a big fan of text-based content and prefer info-graphic video content.
Other than the two mentioned resources, there’s an online instructor-led training that you can register for on the (ISC)² official website. However, I will not recommend this training if you are willing to do some extra preparations as I mentioned before. It’s not necessary, and you can still score well without it. If you‘re willing to go for an instructor-led preparation, you might want to go for it.
Coming to the extra preparation part, you will find about 10–15 questions will be out of the resources mentioned (but within the five topics). To tackle those questions, I highly encourage you to learn about a certain concept in detail by doing some research on the internet. For example, if you studying cloud computing, study the shared responsibility model. If you are studying firewalls, know the types of firewalls. Going the extra mile will surely reward you in gaining knowledge and for the exam.
One tiny thing to remember is you won’t get the option to go back to the previous question/s once you click NEXT. I suggest you choose the answer to the questions you’re absolutely sure about and move to the next question quickly. Do not waste your time on these questions because there will be tricky questions that will take a good time to answer. Following this simple trick, I finished the exam within an hour, so do keep this in mind when taking the test.
Here are the links to the resources once again:
- Official Self-Paced Training Course on (ISC)² website.
- Certified in Cybersecurity (CC) Cert Prep on LinkedIn Learning.
- (Optional) Online Instructor-Led Training by (ISC)².
Passed the exam? Here’s what to do next.
Once you pass the exam (the first step towards getting certified), you will be asked to complete an online application to verify that you understand and agree to the (ISC)² Code of Ethics as the second step. Meanwhile, your member dashboard on (ISC)² website shall activate within a day or two. Once you complete the second step, you’ll be asked to pay for the Annual Maintenance Fee (AMF) as the final step toward achieving your certification.
After you make the payment, you shall receive an email with your digital badge and other important information about maintaining your certification and membership status.
Note that the CC is valid for 3 years, after which you need to retake the exam if you want to renew your certification. Within this time, you need to achieve a total of 45 CPE (Continuing Professional Education) credits, that is, 15 CPE per year, to maintain your certification. You can achieve the CPE credits for FREE by attending webinars. There are other (paid) ways to earn CPE credits, like attending security congress, workshops, etc. Additionally, you need to pay for the AMF every year.
Should you go for CC?
The CC certification is an effective way to gain knowledge and get an upper hand when starting in the cybersecurity/information security industry. It’s a great certification for:
- the ones who come from a non-technical background or another field and are willing to build a career in IT.
- the ones who want to get some prior knowledge in cybersecurity to be more familiar and comfortable with the career path.
For those who are wondering, there are alternatives to CC that you can start with as a newcomer to the industry. CompTIA A+ is a great alternative for people who falls under the first category, as mentioned above. CompTIA Security+ is another alternative for beginners, which covers slightly more advanced topics than CC and has a higher value. You are encouraged to compare the topics these certifications cover and make a decision accordingly.
You can check this link for a quick comparison between CC and Security+.
Final words.
As a cybersecurity aspirant and learner, CC has taught me much. The preparation resources and process alone have helped me understand tons of concepts I needed to know to reach my professional objective.
Starting from the fundamentals of data security with the AIC concept to internal and external organizational processes and operations to defend systems and data, the certification gave me an opportunity to prove my knowledge and understanding of cybersecurity concepts, tools, and practices as a starting point to grow from with a goal to defend organizations and individual data from threat actors.
I’d love to know your thoughts in the comments. Thank you for reading.
