I have put out several posts about breaking into cyber security, and one piece of advice I always give is to get some certifications (which I will call “Certs” from here on out, like all the cool people).  But I realized I haven’t given any advice on getting certs, so here is how I study for certs.

Why listen to me?

I have done a ton of certs and have never failed a test (I just jinxed myself so hard).  The first cert exam I took was in 2016 or so, and it was for the CISSP (a medium to advanced cyber security cert).  The test, at that time, was scheduled for six hours and it was generally considered pretty grueling.  I finished in about an hour and passed (more on that shortly).

I didn’t do another cert for three years, at which point I re-upped my CISSP (I tested again) and then, two weeks later, got my CISM (a management focused cyber security cert).  After that I got a bunch of random ones as part of my degree — Network+, Project+, Pentest+, CySA+ and a couple other smaller ones.  I don’t know everything, but in the area of studying for certification exams and then taking those exams I have a pretty good track record.  So that’s what I’m going to focus on.

Here’s what I do

I’m going to frontload this article with advice, and then have reasoning in the end.  So here’s a bullet list of what I do when prepping for an exam.  You can just read that and do those things if you don’t care about why I do them, but if you want to know why feel free to read after the list.

• Buy at least two good books for the exam, and at least one book of practice questions
  • I will typically read one book cover-to-cover, and the other one I will sample and look up areas that I don’t think were explained well in the first book
• As I go through the books, I make physical flashcards on index cards (like, a lot.  I usually end up with at least 300 cards, sometimes much more)
• I like to schedule the test after I’m about halfway through the books so that I can plan out how long the rest of the chapters will take and I can take the test when my wave of preparation is cresting
• Take a practice exam and, in the areas I did poorly, review my flashcards, go through the chapters again and make more flashcards
• Study the flashcards over and over (typically with my wife) until I can go through them with very few mistakes (like … 95% or better)
• Take additional practice exams, repeating them (and making more flashcards if necessary) until I can safely get above 90%
  • If I’ve done it right I hit that point no more than a week before the test
• Take a day off
• Do another practice test, repeat the process
• Keep going through flashcards up until the very moment of arrival at the testing center
• Take the exam.  When I do this I focus on the following (this works for me, but if you have a method of taking tests that has worked for you in the past, just stick with that.  I’ll explain more fully in a section below)
  • Read the full question “aloud” in my mind (don’t skip words — this is weird but sometimes reading with an accent in your head can force you to read the whole contents of the question, although if the accent is amusing it’s just a distraction)
  • Read all the answers (again, “aloud” in your head)
  • Narrow down the obviously wrong answers
  • Pick one of those that remains
    • If I have literally no idea, I can’t narrow it down and I don’t have any idea from the options presented then I’ll mark the question and come back to it at the end of the test.  Hopefully another question will help me or my subconscious will work on the question and find a solution while I work on the rest of the test
  • Move on
    • I rarely spend more than a minute on a question, if that
  • Don’t review questions besides those you flagged to review — leave the rest as you initially had them unless another question made you realize specifically that something you did was wrong.  But don’t just review without a specific purpose

There are two optional things I’ve done sometimes, but not always

• If there is a particularly complicated subject I’ll occasionally write an essay or blog post about that subject — basically self-imposed homework.  I did this with Public Key Infrastructure, for example, and it really helped me understand the concept
• Sometimes I’ll make a “quick study” guide or some books include them and I study THAT the morning of the exam, instead of all my flashcards
• My friend Branden pointed out that he sometimes takes a chapter test BEFORE studying a chapter to know where he should focus.  I generally only do this when I feel like I already know the subject matter — for instance, I took Pentest+ and CySA+ back-to-back and about 60-70% of the material is very similar, so on some chapter I could just take the practice test, pass it and go “Yeah, I’m good here.”  The only time I would NOT do this is if you don’t have a lot of extra practice questions.  Those are important to judging your preparation, and they’re not as effective the second time you do the same questions.

Now let’s talk about why I do this stuff.

Why books?

This is the shortest one — I have ADHD-PI, which means that I don’t learn as well from lectures or classes as most people.  Books work super well for me, so that’s why I do that.  If you tend to learn better from videos then, by all means, use videos.  I just like books.

I do also think it’s easier to make flashcards from books than videos, but again, maybe that’s just my own issues with videos and other people can make flashcards from them just fine.

Why physical flashcards?

Studies have shown that people who take notes with pen and paper typically remember more than people who take notes on a computer.  The act of writing helps us remember just as much as actually reviewing the cards.

Some books or programs include built in flashcards.  I say — don’t worry about those.  I mean, use them to test your knowledge, but I think it forces you to be more comprehensive when you’re making your own flashcards by hand.

I tried digital flashcards and pre-made ones and I’ve found that the studies are true.  I remember best when I make the flashcards myself.  Plus, I think there’s a psychological confidence factor to it.  When you grab a four inch stack of flashcards, go through them in a half an hour and get every single one right you FEEL like you know the material.  You go into the test with self confidence.

I could get into how I specifically create flashcards — the strategies I use, what I do for tables of data, etc. — but I think the most important thing is to do cards, review them, then take the test for that chapter and see how you did, then modify your flashcard process as necessary.  Find what works best for you.  Just remember it’s always better to have too many flashcards than too few, as long as you can actually study them all.

Why schedule the test when you’re half done?  And what’s this wave of preparation?

If you don’t schedule it then you can end up taking forever to do the test.  Halfway through the book gives you a good idea of how long it’ll take to finish the book, but it’s not so long that you’ll lose enthusiasm and move it to the back burner.

I also think of studying as a wave building.  The more you’ve read the more flash cards you’ll have, the longer practice tests will take, the longer it’ll take to just review what you’ve studied already (and I typically start study sessions by reviewing what I’ve already studied for a while).  You can start by studying for a half an hour, but in the last few days you’ll need to study for an hour or two just to get through everything.  In the last days I pick up my flashcards constantly throughout the day to quiz myself.

My point is, your effort should be building, and you should test when you’re right at the crest of the wave — before you burn out and crash down the other side.  If you wait too long you’ll forget the material, or lose confidence, or slack off on studying, or all three.  You want to hit the exam when you’re marinating in the material.

Why practice exams?

Because they’re the only way to judge how you’re doing, and it’s the best way to find out if there’s one area you’re WAY deficient.  Then you can shore up that area with additional study and flashcards (or an essay, if necessary).

As you take more tests you’ll eventually get a feel for which study “investments” are worth your time.  For example, in network based exams they’ll often give you 100 different port assignments you need to memorize which is just … such garbage.  But as you take the tests you’ll realize only 20 of them show up with any frequency.  You can then star those cards and make sure you get 100% of them right, and maybe 80% of the rest of the ports.

Finally, you need to aim for 90% because practice exams AREN’T the real exams.  A 90% on a practice exam could translate to a 90% on the real one, or a 70% (that has happened to me).  If that’s true and you can lose 20% going from practice exam to real exam, then an 80% isn’t enough to make sure you pass.  You could get a B on you practice exam and just barely fail the real one.

Why take a day off?

I mentioned “marinating in the material” above and, though that’s true, you can get overwhelmed.  Your brain needs time to move stuff between short term and long term memory.  It needs to correlate things and create a lattice of connections between the concepts you’ve learned. 

Or whatever, I’m not a neurologist, but I’ve found that I typically perform better when I have a day off before the test, but NOT the day right before the test.  I need to take a break, then just confirm that I still know everything.  For some reason I think this reveals to me areas where I need a little extra preparation because the info disappears after a day off.  Once I know those areas and solidify them they tend to stick around for the stress of the real exam.

Why all the specific info about taking an exam?

OK, here’s the one area where I think my advice may be less useful.  The truth of the matter is, I’ve always tested well.  I sit down, I look at the question and I feel like I have a knack for ruling out obviously wrong potential answers, and I just know if I know the answer right away.  It’s instantaneous — I don’t need to think about it.  I either know the answer right away from studying, or I have a strong feeling about what could be the right answer.

I’m not sure why that is, but it’s how I’ve always been.  That’s why I tend to finish tests really fast.  In school I was always the first one done for any test.  When I’ve done cert exams it typically takes me about a quarter of the allotted time.  This is one area where my brain works really well, and I don’t know why, but I’m not going to complain.

That said, I do think a couple of the pieces of advice I give are pretty solid.  Particularly:

• Try and knock out answers you know are wrong first
• Mark questions you don’t know and come back at the end and you may have the answer (anyone who has done a crossword or even wordle knows how this works)
  • This also helps you avoid getting stuck on a question and then not having enough time to finish — it’s better to get through the stuff you KNOW you can answer right, then come back and spend extra time on stuff you might get right
• Don’t review questions you already answered without a specific reason — in my experience I just second guess myself and change questions to wrong answers unless I gained additional insight from another question or something

Good luck!

And that’s what works for me.  Hopefully some of it is helpful.  Getting certs is a good way to stand out from others when trying to break into IT, and the ability to hoover up information is just a good skill to have in general.