“Give me six hours to chop down a tree and I will spend the first four sharpening the axe.”
-Abraham Lincoln
Writing an article about how to study for a test is a bit like telling somebody how to dress in the morning; there might be some good rules of thumb, but at the end of the day, it’s going to look different on you than me. That said, I’m pretty sure I can give some ideas on ways to wade through the Alphabet Soup that these exams tend to be.
I’ll be discussing three main prinicples that I followed for this exam (and most exams);
- Go broad and shallow when you start
- Allow your curiosity to distract you
- Use practice exams to focus in
These principles not only led me to a passing score, but allowed me to view the content as a cohesive whole, rather than rote memorization of acronyms.
Start Broad and Shallow
“I listened to podcasts, subscribed to daily newsletters, watched YouTube and read books….Soon, I found that many of the most important concepts were repeated so often that I couldn’t help but recognize them in the study materials.”
If you are not a cybersecurity professional, much of the content of the Security+ can feel pretty overwhelming. I like to start studying for these kinds of tech exams by finding a course online that is engaging and comprehensive. While I used ITPro.tv for my studies, there are plenty of great online courses for free on YouTube. Professor Messer has excellent content and a great online community if you haven’t discovered his channel already.
Regardless of how you start, the beginning is all about absorbing as much content as possible. This allows you to get a good high level overview, introducing you to general concepts, terminology, and technologies that will be important on the exam. It is okay if you don’t understand everything you are seeing and reading at this stage. You will be hearing these terms a lot as you immerse yourself in all things cybersecurity.
In addition to the main course, start looking for other ways to get cybersecurity content. I looked for everything I could that talked about cybersecurity from the perspective of professionals in and around the industry. I listened to podcasts, subscribed to daily newsletters, watched YouTube and read books. There is no such thing as bad information. Soon, I found that many of the most important concepts were repeated so often that I couldn’t help but recognize them in the study materials.
I also found many subjects that absolutely fascinated me, and realized I wanted to know more.
Let Your Curiosity Distract You
“At the end of the day, I am taking this test because this stuff is just so cool.”
If you are trying to get this certification, you probably want to get a job in cybersecurity. This is an obvious statement, but an important one. Why do you want to be a cybersecurity professional? For most of us, it means learning skills that are fun so we can do work that matters. I means playing with new toys, learning new skills, and accepting new challenges. While listening to podcasts, reading books, or watching videos about breaking into the industry, I kept hearing a few key attributes that employers are looking for in new hires.
Passion. Enthusiasm. Problem Solving.
At the end of the day, I am taking this test because this stuff is just so cool. I want to learn everything I can because it’s amazing. So I set up a virtual machine to run Kali linux and attack other virtual machines. I picked up some books and did some free courses on writing scripts in Python and Bash and JavaScript. I spent some time on HackTheBox learning the (very) basics of enumeration and penetration testing. Looking at different training courses, I even found several that allowed me to get a peek inside of SIEMS and do some basic configuration on firewalls.
Does this mean I’m ready to be a penetration tester, or a threat hunter, or write programs that change the face of cybersecurity? Of course not. I’ve probably forgotten most of what I learned already! But, as I continued my broad overview of the coursework, I had much better contextual knowledge of what was being talked about. And maybe more importantly, I grew my passion and excitement for the work.
Practice Exams
“Failure is one the most tremendous teachers…but you have to be a good student.”
So, going on long and fascinating tangents is one of the greatest joys of learning. But, of course, at the end of the day, you still have to pass the exam, which means you have to know the actual stuff on the test.
This is where practice exams come in. If you are using a paid online course, such as ITPro.tv, then this is one of the things that are built into the membership. Other study materials might also come with great practice exams, such as the McGraw-Hill All-in-One Security+ which comes with a code to access online study materials (and is a wonderful reference guide). There are also lots of free exam questions if you google them, though the quality varies.
The downfall of practice exams is that you tend to unintentionally memorize the answers, rather than learn them. When the question is asked a different way later, you are almost just as likely to choose incorrectly. Failure is one the most tremendous teachers, as I talked about in another blog post. But you have to be a good student.
My technique involved taking a test after each major section of the Security+ curriculum. Most practice tests allow you to choose the exam objective for your questions. When I answered wrong (and I got so many answers wrong!), I would make a note of the topic I didn’t understand. This list was what I used to do focused study. Most of the notes that I took during my process came from these mistakes.
I used those notes to google, look up in my physical study guide, or rewatch videos. This helped make sure that I learned the information, rather than memorize.
Conclusion
Obviously there are many ways to go about studying for an exam. Here I just wanted to give an example of my process and how it led me to be more enthusiastic about what I was studying. More importantly, It allowed me to put the concepts into a greater context for the world in which I am trying to enter. Certifications on their own don’t add value to you as a student or professional. Your value comes from what you know and what you are willing to learn. It comes from the intensity and drive that you display, and your integrity.
So go out into the world and add value to yourself. Get excited and get distracted, and then get focused with renewed enthusiasm. Employers will recognize this more than the badge on your resume.
-themikemcadams