Is your team training the wrong way? 5 common employee mistakes

Jeff Peters
August 15, 2024 by
Jeff Peters

Deciding to get your team members certified can be a great decision. You are investing in both their performance and your business. Ensuring they successfully hit their goal of getting certified is key. It’s also a challenge to ensure they learn new, actionable skills they can take back to the job and help your organization reach its goals. On a higher level, earning a certification can also boost employee happiness and keep them relevant in an evolving job market. 

How can you ensure they learn the material in a way that gives you the highest return on your investment? In this guide, we’ll cover some common mistakes that make it difficult for some to prepare for a certification exam. We’ll also provide expert advice on how to avoid these pitfalls. 

Continue reading

1. Learning the wrong skills 

As their leader, you can help direct your team toward the certification or training that will impact them and their professional lives. With so many different topics to study, it can be challenging to decide which areas they should focus on and where they need to start. Figuring this out in the context of their current and future roles is key. 

For example, some exams, such as CompTIA Security+ or ISC2 CISSP, are quite broad, and it may seem like they cover everything cybersecurity. Mor...

Deciding to get your team members certified can be a great decision. You are investing in both their performance and your business. Ensuring they successfully hit their goal of getting certified is key. It’s also a challenge to ensure they learn new, actionable skills they can take back to the job and help your organization reach its goals. On a higher level, earning a certification can also boost employee happiness and keep them relevant in an evolving job market. 

How can you ensure they learn the material in a way that gives you the highest return on your investment? In this guide, we’ll cover some common mistakes that make it difficult for some to prepare for a certification exam. We’ll also provide expert advice on how to avoid these pitfalls. 

1. Learning the wrong skills 

As their leader, you can help direct your team toward the certification or training that will impact them and their professional lives. With so many different topics to study, it can be challenging to decide which areas they should focus on and where they need to start. Figuring this out in the context of their current and future roles is key. 

For example, some exams, such as CompTIA Security+ or ISC2 CISSP, are quite broad, and it may seem like they cover everything cybersecurity. More targeted exams, such as those that cover cloud, Cisco networks or auditing, are designed to build could require a deeper topical expertise. 

Help them choose the right type of certification. Then, they should laser focus on the exam objectives to put them in the best possible position to pass their exam. 

Step one is to analyze the exam outline. Each outline lists all the objectives and information you need to know. As a general rule of thumb, if something isn’t on the list, it is best not to go down that rabbit hole. Even though learning about cybersecurity is always important, it’s best if your employees focus on what they need to get certified. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

2. Lacking dedicated training time 

Getting your team certified is an investment, so if they’re doing live or self-paced training, it’s important to carve out space that frees them up to learn. 

For example, you wouldn’t want to enroll them in a live boot camp, which is time- and energy-intensive, and then expect them to also cover their duties while the boot camp is in session. 

Even if some of your employees are experienced cybersecurity professionals or have aced previous cybersecurity training, they can’t rest on their laurels. They must commit to learning all the concepts the exam covers. And this takes time and effort. 

Because everyone’s busy, it can be easy to get distracted by work, family and other responsibilities. But if they establish a structure for self-study and have the discipline to follow through, they can make it work. But they can’t do it without their manager’s support simply because you have the power to consume or free up their time. 

Employees may self-study outside of work hours, explains Infosec Instructor Tommy Gober, but that doesn’t always lead to the best outcomes. “You have to be honest with yourself; you have to be a disciplined learner, and, let’s face it, how many of us really, truly are disciplined enough to sit down and learn our way through this thing?” 

This is where a boot camp may help. Each boot camp comes with structure and dedicated training time, so they don’t have to worry about how they budget their time while learning each topic. If they have your support as their manager, they should have enough time to gain the mastery they need and pass the exam. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

3. Not understanding the exam point-of-view 

Every exam has a specific point of view, and your team needs to see things from that perspective. As Infosec instructor Rod Evans says, “I tell my class, there are three ways of knowing this material: the way you know it, the way the industry wants you to know it and the way the exam’s organization wants you to know it.” 

It’s important to focus on how the exam’s writers want your team members to demonstrate their knowledge. 

To illustrate, the CISSP is a CAT exam. CAT stands for computerized adaptive testing. It decides which questions to ask as the test-taker goes through the exam. The first questions they will come across will be easier to answer. Then, as the exam progresses, the questions are designed to give test-takers about a 50% chance of answering them correctly. To calculate the applicant’s grade, the exam uses the difficulty of each question they answered. Therefore, two test-takers can get the same number of questions correct but end up with different scores. 

While this can be good for the assessment process, it comes with a drawback: they can’t go back and review their answers or change their choices. This means that if they’d like to approach testing by going back and forth between questions, that approach won’t align with the CISSP — or any other exam that is CAT adaptive. 

This is why they need to check the exam outline and guide provided by each vendor; it breaks down the format and types of questions they’ll see. 

As Infosec instructor Steve Spearman explains, your employees need to follow proven test-taking strategies to increase their chance of passing: “The most important advice is to take your time. The second most important piece of advice is eliminating wrong answers first.” By making sure they consistently take their time and eliminate wrong answers first, they can significantly boost their chances of earning a top score. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

4. Focusing on memorization instead of learning 

As a manager, you want your employees to learn skills they can bring back to the workplace. If they merely memorized things so they could pass the exam, you wouldn’t be getting much of a return on your investment. Also, the certification process would have minimal impact on their careers. 

Even though studying is important, you don’t want your team to get caught up with memorizing material instead of learning how to apply it and how each concept works. 

Jerich Beason, who earned his CompTIA Security+ certification, explains how he fell into the memorization trap and how that caused him to fail his first time around: “I started to memorize the questions, and that gave me a false sense of preparedness. It wasn’t until later I came to the realization that I wasn’t learning the building blocks I needed to truly understand the material.” 

He explains the consequences of his initial approach when taking the exam. “Nerves set in; I began to sweat. Time seemed to speed up. The questions seemed like they were trying to trick me. This is not what I prepared for, is all I kept thinking. I powered through and relied on trusty ‘C’ as my answer for all questions I was clueless about. In retrospect, I did fairly well. I only failed by six points.” 

However, Beason later started focusing on truly learning the material, earned his Security+ certification and went on to earn more cybersecurity credentials to boost his skills and career. 

5. Training individually instead of as a team 

Training as a team, instead of as individuals, comes with benefits for both your organization and those going for their certifications. For one, they’ll all have a uniform experience. This puts you in a position to easily administer and monitor their training, and using the same learning materials allows your team to collaborate and learn together. 

If they prepare on their own, the speed at which they do so varies, and there’s no way for you to have any control over the consistency of the learning process. 

It’s also important to keep in mind that if you have enough people attending training, it can be customized to meet their needs. This is the case with Infosec, where we can also provide you with training on-site. 

If you establish a team-based support system, your team can enjoy higher pass rates and deeper skill development. 

You can also use group training to save money. With Infosec, for example, by having several members of your IT team get training simultaneously, you can take advantage of a bulk discount. This means you can train more people or have employees take multiple types of training without exceeding your budget. 

Create your plan for team success 

Your plan for your team’s success should include not just what you need to do but also what you need to avoid doing. Make sure they don’t spend training time focusing on the wrong concepts. You also don’t want to overwork them while they’re training. Even though general knowledge is valuable, it’s important to hone in on the exam’s point of view, answering questions the way test writers designed them to be. 

You also want to ensure your team avoids simply memorizing test questions and exam material. Instead, they should fully understand the underlying concepts behind each topic. Finally, training as a team is better than individually because it makes it easier for you to monitor their progress and paves the way for saving money via bulk discounts. 

If, like many, your team needs more resources or structure, they can take advantage of live boot camps — both online and in person. You also have the option of buying them self-paced boot camps if they aren’t able to get away for several days of dedicated study. 

Study groups and online communities can also be valuable resources, especially if they need advice and help. An investment in your team’s certification can pay off for years as your team flourishes. 

Jeff Peters
Jeff Peters

Jeff Peters is a communications professional with more than a decade of experience creating cybersecurity-related content. As the Director of Content and Brand Marketing at Infosec, he oversees the Infosec Resources website, the Cyber Work Podcast and Cyber Work Hacks series, and a variety of other content aimed at answering security awareness and technical cybersecurity training questions. His focus is on developing materials to help cybersecurity practitioners and leaders improve their skills, level up their careers and build stronger teams.