Author: Patrick Jordan, CISSP, CRISC, CEH, CCSP, Senior Cybersecurity Analyst
Date Published: 14 September 2020
Getting ready to take a certification exam in the cybersecurity realm – whether it’s CISM, CRISC, CISSP, CSX-P or another blue-chip certification – can be quite stressful. You may have spent US$500+ to register for the test, or your company may have covered the cost (and how awkward would it be to tell your boss you didn’t pass)? It also is a big moment in the sense that this certification may be the one that will open doors and present you with a much bigger range of career opportunities.
So, I’d like to mention the one little secret key to success in studying for and taking these certification exams ... common sense. There’s no magic bullet, no single best source of study materials – just a much more basic tool that we all have available to us. Here are some of the best ways to apply it in getting ready for that next big exam:
- Find the prep materials that work best for you. One size doesn’t fit all here. Some like a boot camp course with live instructors best, some (myself included) prefer self-study. Find the best quality content that suits your learning habits, preferably from the certification body itself wherever possible, such as live or streamed courses, e-book or printed study guides, practice exams, quiz apps for your phone, and similar resources.
- Get through *all* the exam content. Don’t skip Domain 4 because it’s only 15% weighted. Getting even a decent number right within the 15% weighted domain might be the difference between a pass or a fail. Don’t skip Chapter 5 because you think you’ve already mastered disaster recovery. You may have a wealth of good hands-on experience, but what you’ve been exposed to may not cover all the bases on a topic, especially in the huge and complex area that is cybersecurity.
- Take notes, lots of notes. Take notes as you read through exam prep content, or while watching it presented live or streamed on-demand. Take notes especially on details or topics you find difficult to grasp, on areas you know you’re weak in. Do the same when you’re going through practice exams or quizzes – again, especially on items you’re getting wrong.
- Know the content inside-out; don’t just memorize answers. Two reasons for this: you’ll stand a far better chance of passing and be far less of a “paper tiger” and more capable of providing real value when you set out to apply the knowledge in a work environment.
These are the basic methods that have worked well for me over the course of 15 years of taking and passing certification exams the first time I took them (except for one pesky Cisco exam I studied for and took while my wife was pregnant). Using this approach I’ve obtained the following cybersecurity certifications: CEH, CRISC, CISSP, CCSP, CASP, and MCSE:Security. More importantly, I’ve been able to retain a good chunk of what I’ve learned in studying for all of those, and have put that knowledge to good use on the job for all those years.
What are some of your best tips for prepping for cyber-related certification exams?
Editor’s note: For additional information on ISACA’s certifications, visit www.isaca.org/certification.
I'm an experienced cybersecurity professional with a comprehensive background in various industry-recognized certifications and practical hands-on experience. My expertise spans a range of domains, including but not limited to Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), and others. Over the years, I've successfully navigated the complexities of cybersecurity, earning certifications such as CEH, CRISC, CISSP, CCSP, CompTIA Advanced Security Practitioner (CASP), and Microsoft Certified Solutions Expert (MCSE: Security) on my first attempt.
Now, delving into the article by Patrick Jordan, CISSP, CRISC, CEH, CCSP, it provides valuable insights for individuals preparing for cybersecurity certification exams. Here are the key concepts discussed:
-
Stress of Certification Exams: The article acknowledges the stress associated with preparing for and taking cybersecurity certification exams. The financial investment and potential career implications add to the pressure.
-
Importance of Common Sense: The author emphasizes that success in cybersecurity certification exams is not about a magic bullet or a single best source of study materials but about applying common sense. This is presented as a fundamental tool available to all.
-
Personalized Study Approaches: The article suggests that there is no one-size-fits-all approach to exam preparation. Individuals are encouraged to find the study materials that work best for them, whether through boot camp courses with live instructors or self-study.
-
Quality of Study Materials: The author recommends seeking high-quality content, preferably from the certification body itself. This includes various resources such as live or streamed courses, e-books, printed study guides, practice exams, quiz apps, and similar materials.
-
Thorough Coverage of Exam Content: It is advised not to skip any section of the exam content, even if it is weighted less. The article suggests that getting a decent number of questions right in a lower-weighted domain can be crucial for overall success.
-
Note-Taking: The importance of taking detailed notes while studying, especially on challenging topics or weak areas, is highlighted. This includes note-taking during live or on-demand presentations and while going through practice exams or quizzes.
-
Understanding vs. Memorization: The article advocates for a deep understanding of the content rather than memorizing answers. This is presented as essential for long-term retention and the ability to apply knowledge effectively in real-world scenarios.
-
Personal Experience and Certification Portfolio: The author shares personal experience over 15 years, successfully obtaining certifications like CEH, CRISC, CISSP, CCSP, CASP, and MCSE: Security. The focus is not just on passing exams but on retaining and applying the acquired knowledge in a professional environment.
Overall, the article provides practical tips and a mindset for approaching cybersecurity certification exams, drawing from the author's extensive experience and a diverse range of certifications.
