Reflections and Tips For Passing the CC Exam by ISC2
Reflections and Tips on Passing the CC Exam by ISC2. It's not just about test taking. Laying the groundwork is key for success!
One of my goals after finishing my MBA was to earn additional certifications, such as the CISSP from ISC2 and the PMP from PMI, to prove my dedication to continuous learning.
I was fortunate to take the Certified in Cybersecurity (CC) exam for free. The exam content is a good starting point for the CISSP certification, which I aim to complete within the year.
General Reflections
The Big Picture: Understand the Why Before Jumping In
Navigating the whirlwind of exciting new trends like Artificial Intelligence (AI), quantum computing, and blockchain can sometimes feel overwhelming. I've noticed that quite a few self-proclaimed enthusiasts might not fully understand what AI truly is and how it operates behind the scenes.
I remember one higher-up advising me to learn the basics of data before jumping to data science, machine learning, and artificial intelligence. This wisdom stuck with me and helped me fully understand the principles of IT Auditing through the CISA (ISACA) certification in 2019.
The same applies to the CC exam, where understanding the “why” in each concept discussed in the five domains is crucial to fully understanding the material. For example, the biggest lesson I learned from studying the material is that cybersecurity does not solely involve physical controls such as cryptography and identity access management but also administrative and physical controls to ensure risks are treated appropriately within the organization.
Back to Basics: Technology Changes but Principles Don’t
Innovation means emerging risks that require treatment, but that does not mean standards or best practices we already know are completely obsolete. Standards such as those issued by ISO and NIST would remain relevant. The only difference would be the protected asset (e.g., AI infrastructure) and how controls/processes are designed and operated to mitigate risks.
Continuous Learning is Key to Stay Relevant
Even after passing the exam, I realized I had much more to learn because I came across several concepts I didn’t know, such as botnet, rainbowtable attack, and CIDR notation in Domain 4 - Network Security. Like other certifications (e.g., CISA—ISACA, and the PMP), earning your CC designation will be the starting point in technology risk and cybersecurity. However, the certification alone is not sufficient to master your craft. Continuous and mindful learning is important to stay updated with current trends and emerging risks that require attention.
Passing the Exam and Making it Official
I used the same structure to pass other certifications, including the CC exam, which is detailed in my previous post.
As mentioned in my earlier post about passing exams,
📖 Read through the exam outline
One of the lessons I learned in life was the importance of preparation before undertaking any professional or personal endeavor. The same holds for certification exams such as the Certified in Cybersecurity (CC) by ISC2.
I know some test takers skip this step and end up in a rabbit hole because they lack direction. Reading the CC Exam Outline, like the syllabi provided in university-level courses, is crucial because it states important details such as the number of questions in the actual exam, the time limit, the passing rate, and the areas tested.
📝 Plan but don’t plan too much!
Create an inventory of available materials and draft a study plan based on the CC Exam Outline. Your study plan will depend on your learning style, time commitment, and available materials.
ISC2 currently has a One Million Certified in Cybersecurity program. Registering now gives you free access to their Online Self-Paced Training and Exam. I used the following materials to pass the exam:
Online Self-Paced Training and Exam (provided by ISC2 when you register)
Don’t think too much of the exam resources and work with what you have!
👉 Feel free to duplicate my study plan if you think it helps:
Stephen's CC Study Plan Template💡 Understand the concepts covered in each domain
Now, to the fun part! Once you have a plan in place, it's time to dive into the material! To maximize learning, I recommend practicing active listening by taking notes and highlighting any concepts you need more clarity on.
I went through the self-paced learning material provided by ISC2 to ensure that I understood what was discussed. To supplement, I also made notes based on the Exam Outline to confirm that I covered all expected topics per domain.
👉 Feel free to look at my notes (whilst incomplete) if it helps but please use it only as a starting point and not a quick reference:
CC Notes - Based from Outline ✏️ Take practice exams
Theory and practice go hand in hand to become successful in any certification. Take as many practice exams as possible to get a feel of how much you understand the domains included in the exam.
Don’t worry about getting below 70% during your first few takes. It just means you either need more practice or there’s something that you still need to understand. In my case, I used the Final Assessment section of the ISC2 material and Practice Exams available on LinkedIn Learning.
➿ Revisit (and research) concepts (rinse and repeat!)
After each practice exam, try to revisit practice questions you didn’t get right or felt you didn’t understand. After taking stock of those, try returning to the study material to refresh your understanding.
You might also encounter additional terms being tested, particularly in Domain 4 - Network Security and Domain 5 - Security Operations.
During my first practice exam attempt, I noticed many acronyms and terms I was unfamiliar with as they were not covered in the Online Self-Paced material provided by ISC2. Examples were data-at-rest encryption (e.g., AES) and media disposal methods (zeroization and degaussing).
I started by jotting down the acronyms and terms that were new to me. Then, I spent some time researching them, exploring their meanings, purposes, and how they relate to cybersecurity.
Feel free to raise your hand and connect with someone with cybersecurity or general information security experience. I remember reaching out to fellow Illinois alumni, which helped me better understand the mechanisms behind network security (Domain 4). This experience reminded me of the CISA (ISACA) exam, where researching current trends like blockchain technology and cloud infrastructure helped.
In case the concepts still don’t make sense, try to ask a peer who has some experience in the particular domain you have
👝 Prepare for exam day and crush it!
The last thing you want is to scramble at the last minute and realize you forgot something at home. Make sure the following are in your bag:
2 valid IDs
(Optional) Printed confirmation—I prefer to do this just in case they ask for it, as I have experienced in the past.
It’s a good practice to arrive within a reasonable distance of the testing centre on exam day at least an hour beforehand to avoid inconveniences such as traffic and subway delays. I was lucky enough to be three subway stops away from the testing centre, but I still arrived in the area around noon to calm my nerves.
Finally, I recommend against studying within 24 hours before your scheduled exam date as nervousness may impair your test performance.
Don’t forget to celebrate even though it’s not yet official on paper! Test-taking is never an easy task!
✅ Make it official: Don’t forget to register!
The final step to getting certified is registering and paying the $50 annual maintenance fee. A few days after passing the exam, I received an email from ISC2 with registration instructions. To register, follow the steps detailed in the email.
You should get a badge to share on social media upon registration.