TL;DR Certified in Cybersecurity is ISC2’s new entry level exam. It is currently free to take the exam and the ISC2 training is also free online.
Exam Reviews
Altered Security Certified Red Team Professional (CRTP)
eLearn Junior Pentester (eJPT)
ISC2 Certified in Cybersecurity (CC)
Microsoft Applied Skills Administer AD DS
TCM Practical Junior Penetration Tester (PJPT)
Altered Security CRTP renewal exam
Background
I have not seen any reviews of International Information System Security Certification Consortium’s (ISC2’s) new entry certification out there on Google so I figured I would write one.
Certified in Cybersecurity is ISC2’s new entry level certification. The exam is currently being offered for free as part of ISC2’s pledge to get one million people certified. Their stated goal is to create a certification truly intended for newcomers, no experience or prior education required. The official training is also free from ISC2 here.
CompTIA recommends 2 years of experience and Network+ before taking Security+. However it is our experience that Security+ is completely doable with no prior experience or certifications, just a strong desire to learn.
ISC2’s SSCP does require at least one year of work experience in addition to passing the exam to earn the certification, so Certified in Cybersecurity is a welcome addition to the ISC2 family.
Why I took ISC2 Certified in Cybersecurity
In a nutshell
- The exam and the training were both free
- I am already an ISC2 member, so no additional renewal fees required
- I had not taken a vendor neutral theory/book exam since summer 2020, so a refresher was good
- CA was on pause at the time
Should you take ISC2 Certified in Cybersecurity?
IMHO anyway, you should take Certified in Cybersecurity if
- You want to learn or just brush up
- You love a bargain when it comes to certs
You should not take Certified in Cybersecurity if
- You are just trying to fluff a resume
- You are trying to hit an HR filter
Preparation
I got the CISSP Study Guide by Eric Conrad, Seth Misenar, and Joshua Feldman from the library. I had read their 11th Hour twice while studying for CISSP and really liked their writing style. I highly recommend both books.
I went through the official ISC2 course online for Certified in Cybersecurity. The course was good overall, however I felt that it did not cover everything that was on the exam. Hence I highly recommend using a CISSP study guide. At roughly 430 pages the book named above is only slightly longer than most books for CompTIA Security+. It covered everything that was on the exam and will also help prepare one for other exams in the future.
Obviously someone who has worked in the field for awhile and has taken other courses and exams could probably just YOLO the Certified in Cybersecurity exam. However I wanted to brush up on my general knowledge and approach this like someone who is in ISC2’s intended audience.
The exam
Obviously I cannot say anything about the questions themselves. ISC2 stresses 5 topics;
- Security Principles
- INC Response, BCP, DRP
- Access Control
- Network Security
- Security Operations
It felt like CISSP Lite. Hence I highly recommend reading a CISSP study guide. Much like the other exam I have taken with ISC2, there was a heavy focus on the business aspects of cyber security.
You get 2 hours to answer 100 questions, which is plenty of time. It is not a stressful test, nor is it meant to be.
ISC2 does not give you a score at the end. Much like CISSP the exam just cut off at 100 questions without saying anything. The print out simply says “provisionally passed”.
Note on certification & ISC2 membership
There is an inaccuracy floating around Reddit that “the certification isn’t free because you have to pay $50 if you pass”. This is slightly misleading. The $50 is ISC2’s membership fee. In this case it is the exact same price as CompTIA’s membership fee. The only difference is that one can pay all $150 to CompTIA right before the end of a three year period whereas ISC2 requires each year’s $50 up front. However the price is the same.
CompTIA and ISC2 both charge a flat rate annually regardless of the number of certs held. CompTIA gets a slight nod here as their fee is a static $50 while ISC2’s fee increases to $125 annually if one holds CISSP. I would be remiss though if I compared the two without mentioning that I find ISC2’s CPE portal a bit more user friendly than CompTIA’s Certmetrics.
Note on “Provisionally Passed”
After you pass the exam you should receive an email from ISC2 within a few days. You have to create an account on their site if you don’t already have one, agree to their code of ethics, and pay the aforementioned $50 for your first year’s membership. You will then see a link to print a PDF of your cert.
Summary
2 ½ years ago I said The Lord’s Prayer, walked into Pearson Vue, and somehow walked out with a pass on the CISSP exam. I hadn’t taken a vendor neutral theory/book exam in two years so this was a good refresher. The trick to these book exams is to leave your ego outside Pearson Vue, pause what you know from actually doing stuff, and just focus on what that org teaches.
Everyone knows that everything in AD is an object. Objects can absolutely act on other objects. However in the exam room there are subjects and objects, and subjects act on objects. This is just one example off the top of my head.
IMHO, this exam would be perfect as free CISSP or Sec+ prep. I think ISC2 nailed their goal of creating an entry level exam.
References
Free ISC2 training for CC: https://www.isc2.org/Landing/1MCC
ISC2 offering CC for free: https://learn.isc2.org/d2l/home
Experience requirement for SSCP: https://www.isc2.org/Certifications/SSCP/experience-requirements
CompTIA Sec+ description: https://www.comptia.org/certifications/security