Man I hope you will achieve everything in your life you wish for! These videos are life changing. This is my second time watching the whole series and i can't believe how much I have retained by just watching these so far. I haven't gotten a book yet I'm just target reading based in the study guides using open source material like your channel. However, i got the cybex practice book and I am already feeling comfortable answering probably 50% correctly. I am going to study the book once it arrives and aim for above 80% accuracy. HopefullyI can take my exam in the next two months.
Love this series. Started watching with your CISSP series. You go in-depth and your content delivery isn't bland like others in this space. Keep up the great work!
I don't have words to express my gratitude for your work. Your videos helped me tremendously in passing the CISSP exam. Now, I am preparing to study for the CCSP, and I plan to use your videos again. Thank you so much for your incredible work. You are making a significant contribution to the development of many cybersecurity professionals. May I ask when you expect to finish the CCSP video series?
Finally, I found a series that is much better than any paid subscription on Udemy. Often, instructors have outdated knowledge or their lectures don't correlate with actual implementation and configuration in cloud services. As a cloud architect, it’s been challenging for me to grasp these concepts. However, with this lecture series, I have no trouble understanding the material because Pete explains it in a way that directly relates to real-world scenarios.
Hi Pete. I previously passed CISSP with your help. Thank you! Regarding CCSP, I noticed that the videos for each domain of CCSP tend to be twice as long as the CISSP counterparts. And there is a similar trend for Sec+ videos. My question is, how would you recommend the CISSP-passers approach CCSP material? On one hand, CCSP has new information, on another hand, because the videos are lengthy, it is very easy to skim over material, presuming that it was already covered in CISSP.
Nowhere near twice as long, but longer for a reason. I'll explain. In the exam crams, CISSP is about 8 hours, Security+ is 10 hrs 45min, and CCSP 11 hrs 54 min. In the CISSP, my first extended course, I covered all the most likely exam topics, meaning the legacy topics unlikely/less likely to appear in the live exam were not covered, intending to be a very effective supplementary resource. With Security+ and CCSP, I intentionally covered "every topic in the exam syllabus" to create a resource that was still very time efficient, but could better stand on their own as the sole/primary video resource to accompany the official study guide. With Security+, found this has been quite successful, so I repeated with the CCSP, which is much more cloud-focused than CISSP, and an exam even CISSP's struggle with, one telling me he passed CISSP on the first try but had failed CCSP twice! Initial reports on the CCSP Exam Cram from early candidates have been positive, with a newly awarded CCSP yesterday calling it "outstanding". 👍 Hope this helps! Good luck on the exam! 🍀🤞
22:00 symetric key doesnt provide non-repudiation. Symmetric key encryption uses the same key for both encryption and decryption, so both the sender and the receiver share the same secret. This means that there is no way to prove who actually encrypted or decrypted the message, and either party can repudiate the message.
Correct, which is why if you look at the slide again, you will notice it says "Lacks support for scalability, easy key distribution, and non-repudiation". Lacks support for = does not help with.
Pete your content is GREAT so much better than the £3000 fee based I have paid for CCSP and CISSP courses. I would of preferred giving you the money. CCSP Exam next week for me. Thank you
@@InsideCloudAndSecurity : we simply love your class , one more request , can you please have the rest of domains released soon and then provide some practice test engines so that our concepts are rock solid
30:17 "It is a good ideal to store you cryptographic keys with CSP unless you have requirements that mandate your organization to manage its keys". I find this contradictory to the CBK 3rd Edition by Mike Chapel & David Saidl in Chapter 2.3.1 ; "Outsourcing Key Management: Keys should not be stored with the data they're protecting, and we shouldn't make physical access to keys readily available to anyone who doesn't have authorization and need to know for that data; therefore, in cloud computing, it is preferable to have the keys stored somewhere other than the cloud provider's data center. One solution is for the cloud customer to retain the keys, but that requires an expensive and complicated set of infrastructure and skilled personnel. This would reduce some of the benefit in reduced costs we get from offloading our enterprise to the cloud provider. Another option is using a cloud access security broker (CASB)". Considering the risks that come with cloud technology especially where data erasure assurance needs to be attained (even if its not a regulatory requirement), keeping Keys with CSP seem to not prefered.
CBK agreement with my assertion is right there in the text you quoted: “one solution is for the cloud customer to retain the keys, but that requires an expensive and complicated set of infrastructure, and skilled personnel”. The overwhelmingly most common practice is that the customers will rely on CSP (Microsoft, Amazon, and Google) to manage those keys, except in cases of where sensitivity or regulatory compliance necessitates, customer-managed keys, such as with HIPAA/HITRUST.
This is a really good layout of topics fantastic explanation. I will see if recommended resources in this series along with the videos will allow me to pass the exam. I will report back after few months.
in multiple models. You'll find emphemeral storage in IaaS in the form of a temp disk, as well as PaaS services like AWS Lambda and Azure Automation, and more.
Will depend on the situation and customer need (high sensitivity, regulatory, etc). CSP services (like storage) offer provider-managed keys and a customer-managed keys option.
Appreciate the comment, but in ISC2 perspective, their official study guide agrees with this representation. This segment is supported by diagram in ISC2 CISSP official study guide (9th edition) Fig 5.1. In any event, I expect questions on this exam to focus more on adequate data protection and key management to secure various types of non-public data.
(ISC)² developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks. A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration.
Man I hope you will achieve everything in your life you wish for! These videos are life changing. This is my second time watching the whole series and i can't believe how much I have retained by just watching these so far.
I haven't gotten a book yet I'm just target reading based in the study guides using open source material like your channel. However, i got the cybex practice book and I am already feeling comfortable answering probably 50% correctly.
I am going to study the book once it arrives and aim for above 80% accuracy. HopefullyI can take my exam in the next two months.
Glad you’re finding them helpful! Good luck on your exam!🍀🤞👍
Love this series. Started watching with your CISSP series. You go in-depth and your content delivery isn't bland like others in this space. Keep up the great work!
Glad you enjoy it! Good luck! 🍀👍
I really enjoy your CCSP class. It's amazing! Hopefully, it will help me pass the exam at the end of the month.
Glad you're enjoying. Best of luck! 🍀🤞
I don't have words to express my gratitude for your work. Your videos helped me tremendously in passing the CISSP exam. Now, I am preparing to study for the CCSP, and I plan to use your videos again.
Thank you so much for your incredible work. You are making a significant contribution to the development of many cybersecurity professionals.
May I ask when you expect to finish the CCSP video series?
Very happy I could help. CONGRATULATIONS on the CISSP! 🏆🎉🌟
Amazing videos, clear and to the point! Thanks a lot Pete.
Happy to help! Domain 3 coming soon! 👍
Far better than paid courses on Udemy. Thanks a lot Pete
Thanks, that’s great to hear! Good luck! 👍🍀
Yes, agreed, you've done a great job. Although I'm not studying to pass the exam, this is an excellent series to enhance a good base of knowledge
Excellent work! Big thanks Pete👏
Happy to help! Good luck on the exam!
Your CISSP series was very helpful in passing my CISSP. Excited to learn from the CCSP videos as well. Thanks for this great content! 🥇
Glad it was helpful! Good luck on the CCSP!!! 🍀🤞👍
Finally, I found a series that is much better than any paid subscription on Udemy. Often, instructors have outdated knowledge or their lectures don't correlate with actual implementation and configuration in cloud services. As a cloud architect, it’s been challenging for me to grasp these concepts. However, with this lecture series, I have no trouble understanding the material because Pete explains it in a way that directly relates to real-world scenarios.
Glad you’re finding it helpful! Good luck on the exam!👍🍀
You got me through CISSP and next up is CCSP! Thank you for your work!
You got this! 💪Good luck! 🍀🤞
Doing great work Pete. Greatly appreciated.
Much appreciated! Good luck! 👍
Hi Pete. I previously passed CISSP with your help. Thank you!
Regarding CCSP, I noticed that the videos for each domain of CCSP tend to be twice as long as the CISSP counterparts. And there is a similar trend for Sec+ videos.
My question is, how would you recommend the CISSP-passers approach CCSP material? On one hand, CCSP has new information, on another hand, because the videos are lengthy, it is very easy to skim over material, presuming that it was already covered in CISSP.
Nowhere near twice as long, but longer for a reason. I'll explain. In the exam crams, CISSP is about 8 hours, Security+ is 10 hrs 45min, and CCSP 11 hrs 54 min. In the CISSP, my first extended course, I covered all the most likely exam topics, meaning the legacy topics unlikely/less likely to appear in the live exam were not covered, intending to be a very effective supplementary resource. With Security+ and CCSP, I intentionally covered "every topic in the exam syllabus" to create a resource that was still very time efficient, but could better stand on their own as the sole/primary video resource to accompany the official study guide. With Security+, found this has been quite successful, so I repeated with the CCSP, which is much more cloud-focused than CISSP, and an exam even CISSP's struggle with, one telling me he passed CISSP on the first try but had failed CCSP twice! Initial reports on the CCSP Exam Cram from early candidates have been positive, with a newly awarded CCSP yesterday calling it "outstanding". 👍 Hope this helps! Good luck on the exam! 🍀🤞
Many Thanks Pete. This series better than my paid bootcamps 😁
LOVE to hear that! Hope your exam went/goes well! 👍
Great we were waiting for part two thanks for sharing
👍 Good luck! Ping me if questions along the way!
The real life demo was really helpful!! Thanks for giving us this course and looking forward to Domain 3!
Glad it was helpful! 👍
22:00 symetric key doesnt provide non-repudiation. Symmetric key encryption uses the same key for both encryption and decryption, so both the sender and the receiver share the same secret. This means that there is no way to prove who actually encrypted or decrypted the message, and either party can repudiate the message.
Correct, which is why if you look at the slide again, you will notice it says "Lacks support for scalability, easy key distribution, and non-repudiation". Lacks support for = does not help with.
aha okie, Understood now. thanks for quick reply.@@InsideCloudAndSecurity
Pete your content is GREAT so much better than the £3000 fee based I have paid for CCSP and CISSP courses. I would of preferred giving you the money. CCSP Exam next week for me. Thank you
So glad you like it! Good luck on your exam! 🍀🤞👍
Thanks a lot, Pete!! 👏
👍
Thank you for your efforts and cooperation.
My pleasure! Happy to help! 👍
👍 Thanks a lot Pete!!!
Great, Thanks a lot Pete
Happy to help. Good luck!👍
Thank you Pete
Glad you like! Ping me in the comments or on LinkedIn with questions. Good luck on the exam! 🍀🤞
You're a god send brother
Glad I could help!👍
Thanks , Pete
Happy to help! 👍
Hi thank you so much for the video. Is there a way to access these slides?
Yes, see "PDF Presentation Download" link in the Description section beneath the video. Same is true of individual domain videos and the full course.
Thanks Pete !
You're welcome!
@@InsideCloudAndSecurity : we simply love your class , one more request , can you please have the rest of domains released soon and then provide some practice test engines so that our concepts are rock solid
30:17 "It is a good ideal to store you cryptographic keys with CSP unless you have requirements that mandate your organization to manage its keys". I find this contradictory to the CBK 3rd Edition by Mike Chapel & David Saidl in Chapter 2.3.1 ; "Outsourcing Key Management: Keys should not be stored with the data they're protecting, and we shouldn't make physical access to keys readily available to anyone who doesn't have authorization and need to know for that data; therefore, in cloud computing, it is preferable to have the keys stored somewhere other than the cloud provider's data center. One solution is for the cloud customer to retain the keys, but that requires an expensive and complicated set of infrastructure and skilled personnel. This would reduce some of the benefit in reduced costs we get from offloading our enterprise to the cloud provider. Another option is using a cloud access security broker (CASB)". Considering the risks that come with cloud technology especially where data erasure assurance needs to be attained (even if its not a regulatory requirement), keeping Keys with CSP seem to not prefered.
@InsideCloudAndSecurity I look forward to your further guidance here
CBK agreement with my assertion is right there in the text you quoted: “one solution is for the cloud customer to retain the keys, but that requires an expensive and complicated set of infrastructure, and skilled personnel”. The overwhelmingly most common practice is that the customers will rely on CSP (Microsoft, Amazon, and Google) to manage those keys, except in cases of where sensitivity or regulatory compliance necessitates, customer-managed keys, such as with HIPAA/HITRUST.
Very valuable
Glad you like them. Ping me in the comments or on LinkedIn with questions as you prepare. Good luck on the exam! 🍀👍
Great stuff Pete!
Thanks! 👍
This is a really good layout of topics fantastic explanation. I will see if recommended resources in this series along with the videos will allow me to pass the exam. I will report back after few months.
Glad you think so. Good luck on the exam! 🍀🤞👍
Ephemeral storage is used in IaaS or Saas?
in multiple models. You'll find emphemeral storage in IaaS in the form of a temp disk, as well as PaaS services like AWS Lambda and Azure Automation, and more.
Brilliant
Thanks! 😉 Good luck! 🍀👍
According to (ISC)2, where should the cloud customer’s encryption keys be stored?
Will depend on the situation and customer need (high sensitivity, regulatory, etc). CSP services (like storage) offer provider-managed keys and a customer-managed keys option.
@@InsideCloudAndSecurity I am sorry. explanation isnt clear. But thanks for responding
Minor comment, but I disagree with the order of 'Private' and 'Sensitive' at 1:09:29
Appreciate the comment, but in ISC2 perspective, their official study guide agrees with this representation. This segment is supported by diagram in ISC2 CISSP official study guide (9th edition) Fig 5.1. In any event, I expect questions on this exam to focus more on adequate data protection and key management to secure various types of non-public data.
Thank you and great job. Please help me understand who is CSSP for versus CISSP. Looking to get certify
(ISC)² developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security
professionals have the required knowledge, skills, and abilities in cloud security design, implementation,
architecture, operations, controls, and compliance with regulatory frameworks. A CCSP applies information
security expertise to a cloud computing environment and demonstrates competence in cloud security
architecture, design, operations, and service orchestration.
@@InsideCloudAndSecurity Thank you.
finally, passed ccsp tho
Congratulations Matt! 🏆🎉🌟