I was planning on doing the CloudSecurityAlliance “Certificate of Cloud Security Knowledge” for a few weeks  now (from the day when they announced it to be more precise) and was looking around for some more information as to what i can expect during the certification process. Unfortunately the usual search engine investigation didn’t turn up too much information so i decided to go ahead and give it a try to see what it is all about. Key points to know about the certification process

– Read the FAQ, it contains lots of useful information
– The certification fee is 195 USD until end of 2010. After that it will go up to 295USD.
– You’ll get a second chance if you fail your first try (only 2010)
– The test consists of 50 questions of which you need to answer 80% correctly within 60 minutes

As described in the FAQ the questions are based on the common body of knowledge (CBK) which includes at this time the CSA “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1” and ENISAs “Cloud Computing Risk Assessment“. The weighting given in the CCSK prep guide (70% CSA guide, 20% ENISA report, 10% applied knowledge) seems fairly accurate.

So how does it work? This is something where i hoped for a bit more guidance from the CSA as there is no information on the actual registration and testing process available. In their defense – there isn’t much to it. If you want to take the test you have to register here. Once you are registered you can buy the token to attempt the test. The purchasing process is handled via PayPal (either your usual PayPal account or via PayPal moderated CreditCard payment) or prepaid invoice. Assuming the purchase process completed successfully you are good to go; just click on that big button to start the test. There is no need to attempt the test right after purchase, you can log back in later from anywhere you like to start the process.

The test itself is very straight forward; as soon as you start the test the timer ticks down from 60 Minutes and you go through the questions. No (too) confusing wording […] just 50 multiple choice questions with the option to mark for later and direct link to all of the questions for review. When you’re done answering just hit the button “Submit for marking” (forgot the correct wording here, sorry) and you’ll get the result right away with a small breakdown how well/bad you did by domain very much comparable to Microsoft tests and similar.

Looking back i thought the test would be a bit more difficult. Not necessarily the knowledge that is required but from the time you have to complete the questions. Many of the questions are very quick to read so most people will be able to go through them at a comfortable pace and still have plenty time left for review. I think the certification would benefit from additional questions (maybe 60-75 overall) to verify that the test taker really has the key parts of the CBK memorized and provides more detailed guidance in the domain breakdown rating as to which areas might need more attention.

If you pass the test you’ll have the option to download the certificate in PDF or in HTML format. Alternatively you can use your email address with which you registered for the test and your CCSK code, which you receive once you passed, and validate that you’re really certified. On the CCSK page look for the validation check box.

If the email address and validation code are recognized you should see a result similar to this.