4 things you should do if your team fails their cybersecurity certification exams
Continue reading
Tip 1: Understand why they failed
Failure is not the end; it's a pivot point. When someone on your team finds out they failed a certification exam, you'll remind them that setbacks are part of the learning process. They're road signs guiding you toward improvement.
Jerich Beacon, Chief Information Security Officer at Epiq, failed his first Security+ exam. "That was one of the lowest moments in my professional career," says Beacon. "As a Type A person, I'm always trying to better myself, and there was no way I was going to let that failure define me. Because of that experience, I was able to use that motivat...
Failing an exam can feel like a major setback, especially when your team members have invested significant time and effort into preparing. However, it's important to remember that some employees may not pass on their first attempt, and setbacks can be a natural part of their learning processes. Countless cybersecurity professionals have experienced exam failures, only to emerge stronger and more determined than ever before.
This guide will explore four practical steps to help your team members bounce back from an exam failure and achieve success. You'll learn from the experiences and advice of industry experts who have overcome similar challenges and emerged victorious on their certification journeys. From analyzing your team's gaps to addressing the emotional impact, developing an effective study plan and maintaining a positive mindset, this guide will provide valuable insights to help them turn failure into fuel for future triumphs.
Tip 1: Understand why they failed
Failure is not the end; it's a pivot point. When someone on your team finds out they failed a certification exam, you'll remind them that setbacks are part of the learning process. They're road signs guiding you toward improvement.
Jerich Beacon, Chief Information Security Officer at Epiq, failed his first Security+ exam. "That was one of the lowest moments in my professional career," says Beacon. "As a Type A person, I'm always trying to better myself, and there was no way I was going to let that failure define me. Because of that experience, I was able to use that motivation to not only retake the Security+ but to pursue and earn multiple other reputable certifications."
Most cybersecurity certifications offer feedback after the exam. Typically broken down by domain or topic, this report is a goldmine of information. For example, ISC2 states, "For those who failed an examination, a breakdown of the domains in proficiency levels will be provided." Both CompTIA and ISACA also provide similar breakdowns. Your employees should analyze this report closely to identify the areas that tripped them up. Once they know their weaknesses, they can create targeted study plans to solidify their understanding, which we'll cover in the next section.
Did some of them find themselves grasping the material but getting tripped up by the wording of the questions? This is a common hurdle. Cybersecurity exams often use technical jargon and can be phrased in a way that throws even seasoned professionals. As Infosec instructor Tommy Gober explained in a recent webinar, "There's the real-world answer, and then there's the test answer."
What should you learn next?
Remember, these exams test not only knowledge but also each candidate's ability to think strategically within the specific framework presented. Here's another thought Infosec Instructor Rod Evans shared during the same webinar: "There are three ways of knowing this material: the way you know it, the way the industry wants you to know it and the way exam providers want you to know it." By understanding this distinction and practicing within the exam's framework, your team members can significantly improve their chances of success.
In some instances, preparation may have been the primary issue. A few helpful questions to ask are:
- Was the type of training insufficient? For example, did they use a self-paced approach instead of live instruction?
- As their manager, did you perhaps not give them enough time to prepare or otherwise support their learning process?
- Did you check their preparation progress as they got ready for the exam? For instance, you may have access to reporting details on which materials have been completed, scores on practice exams and more.
Tip 2: Reassure employees who failed
Failing a cybersecurity certification exam can be a frustrating and demoralizing experience. It's essential to acknowledge your employees' emotions and permit them to feel disappointed or frustrated. It's normal to feel this way, and it's important for them — and you — to recognize that it's a normal part of the learning process.
To address the emotional side of failure, seek emotional support from peers, online communities or forums. This response on TechExams to someone who just failed their CCNA exam is a great example of the support and encouragement that can be found in online communities.
Reflect on psychological factors that may have contributed to their failure as well. Did anxiety, lack of confidence or imposter syndrome play a role? Harman Singh, who failed this CREST Certified Infrastructure Tester exam, discovered that "The key takeaway for me was to remain calm and believe in my ability to perform well."
It's also essential to consider their physical preparation and how it may have affected their test results. Did they get enough sleep, eat well and stay hydrated? Gober recommends that candidates schedule the test when they are at their sharpest, whether that's in the morning or "in the afternoon if you need a little time to boot up." And don't forget to fuel up — Gober enjoys a nice meal at his favorite restaurant before afternoon exams.
Beacon provides a cautionary tale about the importance of physical preparation. He admitted, "I took the test on an empty stomach because this is how I spent my lunch break — no time to eat. I didn't focus on wearing comfortable clothes, nor did I get a good night's sleep."
As a leader, your opinion and input matter to your team. Let them know you still have confidence in them as effective employees. Consider asking them if there's anything you could do better next time to support their success.
Tip 3: Help craft a winning study strategy
Once your team has identified areas to improve and they are ready to take another shot at the exam, it's time to craft a winning study strategy. Let's explore some powerful techniques used by cybersecurity veterans to consistently pass their exams.
Understand the retake policy
The first step is for them to familiarize themselves with the retake policies for the specific exam or training provider. Can they retake the exam immediately, or is there a wait period? How much is the cost of the retake? Check the exam's official site for its retake policy and full list of rules, like this one for CompTIA.
Although CompTIA doesn't provide a free retake, training providers like Infosec have an Exam Pass Guarantee with their live CompTIA boot camps, meaning your team members can get a second exam attempt at no cost — as well as the ability to re-sit their training.
Create a structured training plan
Next, they need to create a structured study plan that covers all the exam objectives and allocates sufficient time for each topic. Infosec Instructor Chris Stevens, who failed his IAPP CIPP/C certification, shares his approach: "I had developed a time-tested process for passing the IAPP privacy certifications. The process included purchasing the certification examination textbook, reading it twice, and using the examination blueprint to identify concepts and topics."
In addition to their study plan, they should take advantage of additional resources to enhance their preparation. This can include study guides, practice exams and online resources. "You need to get 75% of the answers right in the official practice test, and it needs to be questions you've never seen before," says Infosec's CISSP Boot Camp instructor Steve Spearman.
What should you learn next?
Find training support
"It's okay if you failed," adds Mari Galloway, co-founder of the Women's Society of Cyberjutsu. Galloway explained that she failed her Security+ and CISSP exams before ultimately passing. "Find a study group. It's really helpful just to go through questions and talk to other people and understand how to answer the questions."
A structured boot camp can also be helpful, as it was for Lili-Ann Mitchell, Partner and COO of Mirades Security. She notes that before the boot camp, she was averaging a 60% success rate on test exams, but she was able to hit 85% after the boot camp and go into her actual exam with confidence.
If multiple members of your team need training, having them train as a group is a great option. In addition to training discounts, the team will be able to offer each other support, learn together, share tips — and may even retain the material better.
What should you learn next?
Tip 4: Embrace failure as step towards success
Have you ever taken a test only to get an "F" or, in the case of a digital exam, the dreaded "fail" notification? If so, you have an idea of how some of your employees may feel. But you can tell them the story of Beacon. He felt a similar sting after failing his Security+ exam, but he didn't let that setback define him. He went on to pass that exam, earn his master's degree and pass many more certification exams. "In many ways, I would say that this failure was the catapult to the success I've had since," he said.
Failure can make you stronger. It teaches valuable lessons and strengthens your determination. Don't let "imposter syndrome" hold you back. Failing an exam doesn't diminish your abilities or potential. "You're not alone. There are plenty of other professionals out there who are facing the same challenges as you. Just keep moving! Every time we fail, we learn something new that we can use to help us be successful on our next attempt," says Singh. The key is to make sure they keep moving forward.
Even if you choose the perfect training provider with proven track records — like Infosec's 93% pass rates — there's still a chance that, eventually, someone on your team will fail an exam. This could be due to a lack of prep, nerves, an insufficient exam strategy, or having too many distractions — either at work or in their personal lives. That's why reputable providers like Infosec stand by their training by offering an Exam Pass Guarantee, which enables employees to retake the training.
Persistence is key, and failure should be viewed as a temporary obstacle on their path to success.