Are you training the wrong way? 5 mistakes to avoid when preparing for your exam

Deciding to get your certification can be a great decision. You are investing in yourself and your career. At the same time, the process can be daunting. How can you make sure you learn the material in a way that gives you the highest return on your investment? 

In this guide, we’ll cover some common mistakes that make it difficult for some to prepare for a certification exam. We’ll also provide expert advice on how to avoid these pitfalls. 

Continue reading

1. Spending training time on the wrong concepts 

With so many different topics to study, it can be challenging to decide what to focus on and where to start. This is especially true for some of the broader exams, such as CompTIA Security+ or ISC2 CISSP, because it seems like they cover everything cybersecurity. 

On the other hand, more targeted exams that go deeper into one area or technology can also be challenging because they go into so much detail. For example, learning the ins and outs of the cloud, Cisco networks or auditing could require a de...

Deciding to get your certification can be a great decision. You are investing in yourself and your career. At the same time, the process can be daunting. How can you make sure you learn the material in a way that gives you the highest return on your investment? 

In this guide, we’ll cover some common mistakes that make it difficult for some to prepare for a certification exam. We’ll also provide expert advice on how to avoid these pitfalls. 

1. Spending training time on the wrong concepts 

With so many different topics to study, it can be challenging to decide what to focus on and where to start. This is especially true for some of the broader exams, such as CompTIA Security+ or ISC2 CISSP, because it seems like they cover everything cybersecurity. 

On the other hand, more targeted exams that go deeper into one area or technology can also be challenging because they go into so much detail. For example, learning the ins and outs of the cloud, Cisco networks or auditing could require a deep dive that consumes a lot of time and mental bandwidth. 

As Infosec instructor Wilfredo Lanz explains, “You have to concentrate on the topics that are most relevant to the exam.” Since you can’t learn every single aspect of a security topic, you need to hone in on those that are most relevant to the exam you’re taking. 

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

So, how do you focus your studies so you’re not wasting time or energy? Step one is to start with the exam outline. Each outline lists all the objectives and information you need to know. Generally, if something isn’t on the list, it is best not to go down that rabbit hole. Even though learning about cybersecurity is always important, it’s best to focus on learning the right things when preparing for your exam. 

2. Focusing on strengths instead of weaknesses 

For many, it’s a natural inclination to gravitate towards what you’re good at, what you’re comfortable with or what already interests you. Even though it can be valuable to reinforce current knowledge and dive into what you’re passionate about, you want to focus on tackling your weaknesses for the exam. 

To identify your weaknesses, Infosec instructor expert Tommy Gober recommends going through the exam objectives line-by-line. 

“I encourage folks to print these things out, keep a copy on hand and then go through with a pen, checking off things as you understand them,” Gober explains. “If you can describe what this bullet point is about to your cat, to your neighbor’s fencepost, whatever, put a line through it. Then, if you don’t understand it, skip it and move on. Do a real, honest, personal assessment of the content. Then, once everything’s checked off, guess what? You’re ready to go.” 

3. Not understanding the exam point-of-view 

Every exam has a specific point of view, and you need to see things from that perspective. As Infosec instructor Rod Evans says, “I tell my class, there are three ways of knowing this material: the way you know it, the way the industry wants you to know it and the way the exam’s organization wants you to know it.” 

It’s important to focus on how the exam’s writers want you to demonstrate your knowledge. 

To illustrate, the CISSP is CAT adaptive. CAT stands for computerized adaptive testing. It decides which questions to ask as the test-taker goes through the exam. The first questions you come across are easier to answer. Then, as the exam progresses, the questions are designed to give you about a 50% chance of answering them correctly. To calculate your grade, the exam uses the difficulty of each of the questions you answered. Therefore, two test takers can get the same number of questions correct but end up with different scores. 

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

While this can be good for the assessment process, it comes with a drawback: you can’t go back and review your answers or change your choices. This means that if you’d like to approach testing by going back and forth between questions, that approach won’t align with the CISSP — or any other exam that is CAT adaptive. 

This is why it’s important to check the exam outline and guide provided by each vendor, because it breaks down the format and types of questions you’ll see. 

As Infosec instructor Steve Spearman explains, you should train your brain to approach the questions correctly: “The most important advice is to take your time. The second most important piece of advice is eliminating wrong answers first.” By making sure you consistently take your time and eliminate wrong answers first, you can significantly boost your chances of earning a top score. 

4. Lacking commitment to dedicated training time 

Even if you’re an experienced cybersecurity professional or if you aced your cybersecurity classes in your computer science major, when it comes to these certification exams, you can’t rest on your laurels. You must commit to learning all the concepts the exam covers. And this takes time and effort. 

Because we’re all busy, it can be easy to get distracted by work, family and other responsibilities. But if you establish a structure for self-study and you have the discipline to follow through, you can make it work. 

As Gober puts it, “Self-study is completely doable. Plenty of folks do it. But you have to be honest with yourself; you have to be a disciplined learner, and, let’s face it, how many of us really, truly are disciplined enough to sit down and learn our way through this thing?” 

This is where a boot camp may help. Each boot camp comes with structure and dedicated training time. So, you don’t have to worry about how you budget your time while learning each topic.  

You also get a live instructor with a boot camp. Having an expert who understands the preparation process and what it takes to ace the exam is especially valuable from an organizational and time budgeting standpoint. They know how much time you should dedicate to each topic, and they can tell you whether you need to invest more time to better comprehend something on the exam. 

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Get Your Plan

5. Focusing on memorization instead of understanding the material 

Even though it’s important to study for the test, you don’t want to get caught up with memorizing material instead of learning how to apply it and how each concept works. 

Jerich Beason, who earned his CompTIA Security+ certification, explains how he fell into the memorization trap and how that caused him to fail his first time around: “I started to memorize the questions, and that gave me a false sense of preparedness. It wasn’t until later I came to the realization that I wasn’t learning the building blocks I needed to truly understand the material.” 

He explains the consequences of his initial approach when taking the exam. “Nerves set in. I began to sweat. Time seemed to speed up. The questions seemed like they were trying to trick me. ‘This is not what I prepared for,’ is all I kept thinking. I powered through and relied on trusty ‘C’ as my answer for all questions I was clueless about. In retrospect, I did fairly well. I only failed by six points.” 

However, Beason later started focusing on truly learning the material, earned his Security+ certification and went on to earn more credentials from GIAC and ISC2. 

Create your plan for success 

Your plan for success should include not just what you need to do but what you need to avoid doing. Make sure you don’t spend training time focusing on the wrong concepts. You also don’t want to only focus on your strengths while avoiding your weaknesses. Even though general knowledge is valuable, it’s important to hone in on the exam’s point of view, answering questions the way test writers designed them to be. 

When it comes to your approach to learning, make sure you have the discipline to commit to dedicated training time. The responsibilities of life and other distractions may get in the way, so it may be best to invest in a structured boot camp. And, finally, avoid simply memorizing test questions and exam material. Instead, you should make sure you fully understand the underlying concepts behind each topic. 

If, like many people, you need more resources or structure, you can take advantage of live boot camps — both online and in person. You also have the option of using self-paced boot camps if you aren’t able to get away for several days of dedicated study. 

Study groups and online communities can also be valuable resources, especially if you need advice and help. Remember, you’re not alone, and help is available. An investment in your certification can pay off for years into the future as your cybersecurity career flourishes.