Welcome to the first post in my Certification Series! In this series, I’ll be breaking down my experience with the various IT and cybersecurity certifications I’ve earned over the years, starting with the most foundational: The ISC2 Certified in Cybersecurity (CC).

Overview of the ISC2 CC Exam

The ISC2 Certified in Cybersecurity (CC) is an entry-level certification designed to prove fundamental knowledge of cybersecurity concepts. ISC2 launched it as a way to help bridge the massive cybersecurity workforce gap, offering it as a starting point for those wanting to enter the field.

Unlike the CISSP (which requires 5 years of experience), the CC has no experience requirements. It covers five main domains:

  1. Security Principles
  2. Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
  3. Access Controls Concepts
  4. Network Security
  5. Security Operations

Why Get the CC?

As my very first cybersecurity certification, the CC was an attractive starting point for a few key reasons:

  • The “One Million Certified in Cybersecurity” Program: ISC2 offered free training and a free exam voucher to the first million people who signed up. It was impossible to turn down a free opportunity to learn and add a recognized credential to my resume.
  • ISC2 Ecosystem: It served as an excellent introduction to how ISC2 writes their questions. ISC2 exams (like the SSCP and CISSP) focus heavily on management and “best, most, first” type questions, which is a great mindset to develop early on.

Study Materials Used

Because this was my introduction to formalized IT security concepts, I relied heavily on structured training.

  1. Official ISC2 Self-Paced Training: I utilized the official course provided by ISC2. Since it was included with the free voucher, it was the most logical place to start. It covers the high-level material that aligns directly with the exam domains.
  2. Mike Chapple’s LinkedIn Learning Course: Mike Chapple is legendary in the ISC2 space. If you have access to LinkedIn Learning (often available for free through your local library), his course is excellent for reinforcing the core concepts.
  3. Flashcards: Creating flashcards for key terms (CIA Triad components, incident response phases, types of access controls) was vital.

My Study Strategy

My main strategy here was understanding the language of ISC2.

  • Think Like a Manager: Even at this foundational level, ISC2 wants you to understand why a control is put in place, not just how to configure it. Always prioritize human safety first, and align security with business goals.
  • Don’t Overthink It: The technical depth of the CC is relatively shallow. Don’t worry about memorizing port numbers or complex cryptographic algorithms; focus on the high-level concepts (e.g., knowing that hashing provides integrity).

Exam Day and Difficulty

The exam itself was straightforward, provided you have studied the material. Because this was my very first foray into IT and security certifications, I had to spend extra time understanding foundational concepts like networking basics and the CIA triad.

If you don’t have prior IT knowledge, don’t worry—the official material is designed for beginners. Just make sure you understand the core concepts rather than trying to memorize everything.

Difficulty Rating: 4/10 (for absolute beginners with no prior IT experience).

If you take advantage of the free voucher program, it is 100% worth your time to get this foundation under your belt.

In the next post of this series, I’ll be diving into a staple of the industry: The CompTIA A+.