Why I Decided to Take the ISC2 CC Exam (And What Comes Next)
- Jun 9
- 4 min read

When I first started learning about cybersecurity, I wasn't planning to pursue a certification right away.
Before deciding to pursue the certification, I spent time exploring the field through introductory courses and hands-on learning opportunities.
One of the first steps I took was completing the Introduction to Cybersecurity course from Cisco. The course provided a solid overview of cybersecurity concepts, common threats, and the importance of protecting information and systems. Upon completion, I earned a certificate and gained a greater appreciation for the role cybersecurity plays in both organizations and everyday life.
I also completed the AI-Aided Cybersecurity course with Steven Smith from ELTVR. In that course, I explored how artificial intelligence can be used to support cybersecurity efforts. The course introduced several interesting concepts and further expanded my understanding of the field. I plan to share more about my experience with this course in a future blog post.
My background is also in data analysis, and for years I've enjoyed working with data, identifying trends, solving problems, and finding answers hidden beneath messy data.
All these learning experiences helped spark and strengthen my interest in cybersecurity. They showed me that cybersecurity is a field that combines analytical thinking, continuous learning, and problem-solving. Cybersecurity is often portrayed as a highly technical field filled with hackers, complex tools, and endless acronyms. While there is a technical side to it, I quickly discovered that cybersecurity is also about risk management, business continuity, governance, and understanding how organizations protect their most valuable assets.
That's what led me to the ISC2 Certified in Cybersecurity (CC) certification.
Building a Strong Foundation
One of the things that attracted me to the ISC2 Certified in Cybersecurity (CC) certification was its focus on fundamentals. Rather than jumping straight into advanced technical topics, the CC covers the core concepts that form the foundation of cybersecurity, including security principles, access controls, network security, business continuity and disaster recovery, security operations, and risk management.
I wanted to understand the "why" behind security practices, not just memorize terminology for an exam. Building a strong foundation felt like the right place to start, especially as I continued exploring my interest in cybersecurity.
As I researched entry-level cybersecurity certifications, the ISC2 CC stood out to me for several reasons:
No experience requirement. Unlike the CISSP, the CC is designed for people entering the field — career changers, students, and analysts like me who are crossing over from adjacent disciplines.
Vendor-neutral. It's not tied to Microsoft, AWS, or any single platform. It's foundational security knowledge that applies everywhere.
Free training. ISC2 offers a free self-paced course for the CC. For someone building a certification roadmap while managing real-life financial priorities, that matters.
Challenging Myself
Another reason I decided to pursue the CC certification was personal growth.
It's easy to stay comfortable with what you already know. Learning cybersecurity has pushed me to explore new concepts, understand different technologies, and think about security from both a technical and business perspective.
The process has been challenging at times—network security has stretched my understanding and encouraged me to dig deeper into the material—and that's also what makes it rewarding.
More Than Just a Certification
For me, the ISC2 CC exam isn't simply about earning a credential.
It's about building knowledge, developing new skills, and gaining a deeper understanding of a field that I find genuinely interesting.
Whether I'm studying network security, business continuity, access control models, or security operations, each topic helps me understand how organizations defend against threats and manage risk.
Looking Ahead
As I continue preparing for the exam, I've learned that cybersecurity is a journey rather than a destination.
The ISC2 CC certification is just one step on that journey, and it's an important one. It's helping me build a strong foundation while exploring a field that continues to challenge and inspire me.
The CC isn’t the finish line — it’s the launchpad for what comes next.
After this, the plan is:
CompTIA Security+ — The industry standard for government contracting and federal-adjacent roles. It goes deeper into threat analysis, cryptography, and network defense.
AWS Cloud Practitioner → AWS Security Specialty — Cloud security is where I want to land long-term. The AWS path gives me both the cloud fluency and the security-specific credential that makes a cloud security analyst role realistic, not just aspirational.
CySA+ → eventually CCSP — The longer game. CySA+ maps directly to my analytics background. The CCSP is the horizon I'm building toward.
There will always be new threats, new technologies, new things to learn. In this field that's not a warning — it's the whole point.
Why I'm Writing This the Week Before the Exam
My exam is on June 20th. Eleven days from now.
I'm not writing this from the other side of a pass. I'm writing it from the middle — still reviewing Domain 4, still running practice questions, still second-guessing whether I've studied enough.
But that's kind of the point of DataSec Chronicles. I'm not here to show you what success looks like after it's already happened. I'm here to document what it looks like while it's still uncertain.
That uncertainty used to make me uncomfortable. Now it feels familiar.
In atmospheric science, it's "model uncertainty." In cybersecurity, they call it "the threat landscape." Either way, the answer is the same — stay curious, stay sharp, and never assume the forecast is final.
Following along? Subscribe to DataSec Chronicles for the post-exam reflection, my Security+ study plan, and everything in between.



Comments