Prep to Pass Cyber Certification Exams - Do's and Don't s
Updated: Sep 19
Some simple tips to help pass cybersecurity certification exams
Cybersecurity certification exams - from the entry level like Security+ to the higher level exams such as CISSP and Cisco certifications - can be a big help to anyone looking to get into a career in cybersecurity or advance in the field.
There's a wealth of content around that offers advice on how to pass these sort of exams - so I'm going to keep my take on this pretty brief and offer just a handful of Do's and Don't s that I believe will help you succeed on these. Here we go:
Don't: Think that one size fits all for study prep
For some people, a boot camp or any form of training course with an instructor is a must to fully absorb all the content, for others (myself included) self study is preferred and more effective way to learn.
Do: Find the best quality content that suits your learning habits
Wherever possible, look for official study resources from the certification body itself - printed or ebook study guides, live or streamed courses, practice exams, quiz apps for your phone, and similar resources. Most or all of the certification providers will offer good options for this.
Don't: Skip domains or sections in the study content
Even if you're confident that your existing knowledge and/or hands-on experience with a specific section or domain covered by an exam is very strong, don't ignore it in your prep work. The exam may cover areas of a topic you just haven't been exposed to, or cover them from a different standpoint.
Do: Focus on retaining what you learn
Take notes, lots and lots of notes - on paper, on your favorite mobile device or PC, or whatever works. Or use your own favorite method to help review and build up your retention of the content.
Don't: Memorize practice exam answers and think you're all good
More often than not the exams will contain a very small percentage of questions that are a direct match for what you saw in practice
Do: Focus on knowing and understanding the content
There are two reasons for this - you’ll stand a far better chance of passing, and you’ll be far less of a “paper tiger” and more of a useful fit when you set out to apply the knowledge in a work environment.
Do: Avoid "Brain Dump" sites
These sites are not highly trustworthy and, more importantly, they often border on, or actually are, unethical or considered a form of cheating by the certification bodies.
These are the basic methods that have worked well for me over the course of 15 years of taking and passing cybersecurity and IT certification exams the first time I took them (except for one pesky Cisco exam I studied for and took while my wife was pregnant). Using this approach I’ve obtained the following cybersecurity certifications: CRISC, CISSP, CCSP, CASP, CEH, and MCSE:Security. More importantly, I’ve been able to retain a good chunk of what I’ve learned in studying for all of those, and have put that knowledge to good use at work for all those years.
*** Side Note: The recommendations above are tailored to exams that are largely multiple choice questions, and some simulations to work through. A very different approach will be needed if you are taking an exam with a heavy focus on hands-on proof of skills - like the OSCP for example.
What are some of your best tips for success in cybersecurity certification exams?