Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field.
I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by ISC2. At the time, I was the Compliance Coordinator and a member of a company’s IT Security Team. I primarily served as the facilitator of our annual SSAE16 (later SSAE18) SOC2 audits along with other security related duties. At the time, obtaining the certificate was suggested as a way to help me understand technical and security related concepts—and I agreed. Obtaining the cert was also a performance goal for my annual review.
I had forgotten how stressful it was preparing for and taking tests, but during the process, I learned a few strategies that worked for me. In this post, I am sharing 20 strategies that helped guide me through the certification process. Please keep in mind that following these suggestions is in no way a guarantee that you will pass certification tests.
- Obtain the related study material. If there is a practice test guide in addition to the study guide, try to obtain both. If I had a choice between one or the other, I would choose the practice test, preferably an electronic version, because they usually have explanations for the correct and incorrect answers. Often, those descriptions have enough information for you to understand the concept.
- Take the practice test offered at the beginning of most study guides. This can give you an idea of where you initially stand, and you can retake the practice test later to track your improvement.
- If you have a paper-based practice test, try not to mark the answers in the book. This way, when you retake a section, you don’t have the answer already selected. Track your answers on a separate piece of paper.
- The certification tests appear to be designed for the test-taker to understand the concepts and not just have the ability to memorize the questions and answers. Most of the certification exams I have taken had 150 or more questions. Of the 150 questions, maybe five (5) were worded exactly the same way as in the study guide—you have to understand the concepts!
- It has been my experience that those who study for the tests but have not been active in the specific field very long do well on these tests. This is because sometimes, the test provides best practices answers. When you have been in the field for a while, you may have experienced too many real-world situations, and it may be hard for the experienced worker to un-learn certain processes.
- Read and then re-read not only the questions but also the answers. I cannot stress this enough, as it is my number one downfall when practicing tests. I start reading the answer and glance at answers A and B without even looking at C and D. This is because I know for a fact that either A or B was the right answer. Of course, it is not A or B. If I read all of the answers first, there’s a good chance I will choose the correct answer.
- Sometimes, the questions start with phrases like, “Which answer best supports,” or “Which answer is least likely.” These questions bother me because there can be many “best” answers or situations that are “least likely” to be correct. If the answer involves personnel safety, such as in the case of disasters or incidents, ensuring personnel safety is often the correct answer.
- There are usually two answers that are completely wrong, leaving you with two possibilities for the correct answer. Use the process of elimination to determine the right answer.
- If there are two answers that are totally opposite, they are likely both the wrong answer.
- When all else fails and you have no clue, choose option C. I don’t know how true this is, but I did read it somewhere!
- These tests are timed. It has always been a benefit for me to go through the entire test first, answering the questions of which I am most certain. If you are less certain, mark an answer but flag the question, and if you have no clue, leave the question unanswered. Then, go back to the beginning and tackle the remaining questions.
- Once you have gone through the first iteration and answered the questions you feel most confident about, don’t flip out if you only answered 10 of 150 questions! This happened to me for the SSCP test and 15 minutes into the test, I convinced myself that there is no way I would pass!
- Make sure you answer all questions! This should be obvious, but none of the tests I have taken penalized you for wrong answers like the SAT.
- Since we all have smartphones, see if there is a downloadable app for the test that you can use during idle downtime.
- Try not to second guess your answer if you a pretty certain you are correct. For me, this is when I have at least a 70% chance that I am correct. These tests are pass/fail, and in the end, you never know which answers were truly correct or incorrect. I believe I may have changed answers that were initially correct.
- Determine the topics where your knowledge is weakest and focus on strengthening your grasp of those areas. Many of the electronic study guides provide this systematically, but if you don’t have the luxury of the electronic version, manually keep track of your strengths and weaknesses.
- If it is offered and you have the financial resources available, take a class or boot camp course on the subject.
- Schedule the test date on a realistic date in the future. By realistic, I mean allow enough time to adequately prepare without taking too much time. I am a victim of procrastination and if I don’t establish a deadline, I will put off studying for the test. In some cases, if you take too long, you risk forgetting topics that you learned earlier.
- Study regularly but cram right before the test—preferably within no more than two (2) days before the test. I usually spend six (6) to eight (8) uninterrupted hours of studying the day before the test.
- If the test isn’t offered at a location that has private areas, ask the proctor if they have noise-canceling headsets or ear plugs. This is helpful for me, but you may perform better on tests with noise and distractions.
Since obtaining the SSCP certificate, I earned the Certified Information Systems Auditor (CISA) offered by ISACA in 2017, the Qualified Security Assessor offered by the PCI Security Standards Council in 2018 , and most recently, the Certified Information Security Manager (CISM) offered by ISACA in February 2020. Each and every one of the certificates generated the same amount of fear and anxiety during both test preparation and while taking the test. Despite this, I can honestly say there is no better feeling than seeing the message, “You have passed,” after clicking submit on that last question. I truly hope that some, if not all, of these tips are equally as helpful for you. Good luck!