ISC2's senior cloud-security credential. Co-developed with CSA. The cert most often required for cloud-security architect roles at MY banks, telcos, GLCs and tech firms with multi-cloud workloads.
⏱Duration: 5 days / 40 hrs
💻Format: Instructor-Led + Cloud Labs
🌐Delivery: On-site · Virtual · Hybrid
✅Pass rate: 90%
📅Next intake: 19 May 2026
☁️
Cloud-native security
AWS, Azure, GCP — shared-responsibility model and threat models
📋
Cloud governance
CSA CCM, ISO 27017/27018, BNM RMiT cloud chapter, NIST 800-53
CCSP is ISC2's senior cloud-security credential, co-developed with the Cloud Security Alliance (CSA). It is the cert most often required for cloud-security-architect, senior cloud-security-engineer and lead cloud-DevSecOps roles at MY banks, telcos, GLCs and tech firms with multi-cloud workloads.
At Nexperts, CCSP is delivered as a 5-day intensive that walks the six exam domains with hands-on labs across AWS, Azure and GCP. By day 5 you've designed cloud security architecture for a multi-cloud workload, built a CASB control plane, run a cloud-incident-response simulation and defended a cloud-vendor-risk assessment.
CCSP is the credential that shifts you from cloud-engineer-with-some-security-knowledge to cloud-security-architect. The ISC2 + CSA co-credential is the strongest signal of cloud-security depth at the architect tier.
The 2022+ CCSP update aligned with the latest CSA CCM (Cloud Controls Matrix) v4.0, post-quantum readiness considerations, and the BNM RMiT cloud chapter — directly relevant for any MY-licensed financial-services cloud workload.
Who should take this course
☁️
Cloud security architects
Designing security for multi-cloud workloads. CCSP is the recognised architect cert.
👨💻
Senior cloud engineers
Adding the security depth. CCSP changes role definition.
🔐
Security architects
Existing CISSP holders pivoting cloud-deep.
📚
DevSecOps leads
Owning the cloud-security control plane in CI/CD.
📈
Cloud governance leads
Mapping cloud controls to BNM RMiT and ISO 27017.
📜
Compliance leads
Owning cloud-vendor risk and shared-responsibility documentation.
Prerequisites
✓ 5 years of paid experience in IT, with 3 in information security
✓ 1 year must be in 1 of the 6 CCSP domains
✓ CISSP holders may waive 5-year experience requirement
✓ ISC2 endorsement required after exam pass
→ Don't yet meet experience? Pass the exam to become an ISC2 Associate; full cert grants when experience is met within 6 years.
Course Curriculum
Six domains. Cloud-security architect.
CCSP covers six exam domains: Cloud Concepts (17%), Cloud Data Security (20%), Cloud Platform/Infra Security (17%), Cloud App Security (17%), Cloud Operations (17%), and Legal/Risk/Compliance (12%). We deliver across AWS, Azure and GCP scenarios.
Hands-On Cloud Labs
12 labs. AWS, Azure, GCP.
CCSP at Nexperts includes 12 hands-on cloud labs. We give you live AWS, Azure and GCP sandbox environments. By day 5 you've designed and defended a multi-cloud security architecture end-to-end.
01
Shared Responsibility
Map a real-world bank workload to the shared-responsibility model.
Concepts
02
KMS Design
AWS KMS + envelope encryption for a regulated S3 workload.
Data
03
BYOK
Bring-your-own-key from on-prem HSM to Azure Key Vault.
Data
04
VPC Architecture
3-tier VPC with strict segmentation on AWS.
Platform
05
IAM Federation
SAML federation across AWS, Azure AD, GCP Workspace.
Platform
06
Container Security
Pod-level security with NetworkPolicy, OPA, Kyverno on EKS.
Platform
07
API Security
API Gateway + WAF + rate-limiting for a fintech.
Application
08
DevSecOps
Build SAST + DAST + IaC scanning into a GitHub Actions pipeline.
Application
09
Cloud SOC
CloudTrail + GuardDuty + Security Hub for cloud-native SOC.
Operations
10
Cloud IR
Walk a real cloud breach across IAM, S3, Lambda, KMS.
Operations
11
BCDR
Multi-region DR for a cloud-native banking workload.
Operations
12
Vendor Risk
Build a CSA CCM v4 vendor-risk assessment pack.
Legal
+ 12 micro-labs across CSA CCM v4, BNM RMiT cloud and ISO 27017.
Exam Information
One exam. CCSP.
CCSP has one exam. 150 questions, 4 hours, scaled scoring. You need 700 / 1000 to pass. The exam is dense across all six domains — demanding architect-level judgement.
CCSP Exam
Questions150 multiple choice
Duration4 hours
Passing score700 / 1000 (70%)
FormatPearson VUE proctored
Validity3 years (CPE-renewable)
Industry avg pass rate~64% first attempt
Nexperts pass rate90% first attempt
Our 4-Mock Programme
01
Diagnostic
End of day 1. Sets the baseline. Average 56%.
02
Domain Drill
End of day 4. By-domain mock. Highlights weak areas.
03
Full Mock
End of day 5. Full timed simulation. 75%+ before booking.
04
Clearance
Week after class. Final clearance. 80%+ before booking.
0%
Pass Rate
90% of our CCSP candidates pass on first attempt.
The ISC2 global first-attempt rate for CCSP sits around 64%. We hit 90% with hands-on AWS / Azure / GCP labs that turn theory into reflex, plus a clearance-mock gate before booking.
Multi-cloud labsBNM RMiT-mapped90% first attemptFree retake voucherISC2 + CSA aligned
Why our pass rate is 90%
Industry average: ~64%
Most candidates can recite cloud security frameworks but cannot design KMS or VPC architecture under timer. CCSP demands architect-tier judgement, not memorisation.
Nexperts: 90%
We work cloud-architecture exercises for 70% of class time. We drill cloud-IR scenarios. We gate booking on a clearance mock. By exam day, cloud-security-architect thinking is reflex.
Your Cloud-Security Path
CCSP pairs with CISSP and CISM.
CCSP stacks naturally with CISSP (security breadth), CISM (security management), or AWS / Azure cloud-security tracks for vendor depth.
Expected salary range after CCSP + 5 years experience: RM 14,500 – RM 24,000/month for cloud-security architect roles in MY banks, telcos, GLCs and tech firms with multi-cloud workloads.
Student Reviews
What our CCSP graduates say.
4.8
★★★★★
72 reviews
5★
61%
4★
9%
3★
2%
★★★★★
"Best cloud-security course in MY. The multi-cloud labs are the differentiator — most providers do AWS-only or theory-only. Nexperts gives you AWS, Azure and GCP hands-on with BNM RMiT context."
AS
Adam Shahrul
Cloud Security Architect · CIMB Group
✓ Passed first attempt
★★★★★
"I came in CISSP-certified and cloud-curious; left a cloud architect. The KMS + envelope-encryption lab on day 2 alone was worth the course fee."
DM
Divya Manoharan
Senior Security Engineer · Maxis
✓ Passed first attempt
★★★★
"CCSP is dense — 6 domains in 5 days is brutal. But the clearance mock told me exactly when I was ready. Cleared on first attempt."
TF
Tan Fook Wai
Cloud DevSecOps Lead · BoostMY
✓ Passed first attempt
★★★★★
"BNM RMiT mapping is the reason I picked Nexperts. Won an internal architect-tier role 3 weeks after passing. Worth every ringgit."
HS
Hafizah Salleh
Cloud Architect · RHB
✓ Passed first attempt
Copy page link
Share this course page with your team or save the URL for later.
