In October of 2021 I passed CompTIA’s Security+ exam. For someone who does not work in the IT field, that was a major personal and professional accomplishment.
A little bit about me: I have been in the professional video production industry for 20 years. My career has ranged from broadcast journalism, to marketing, to my current specialty in commercial video production.
While technology is an important part of video production and my role involves IT tasks, I’ve never strictly been in the IT field. So earlier this year when I embarked on a journey towards the information security industry, I knew I had a lot of work to do. For me, that involved studying for the CompTIA Security+ certification.
No matter the subject matter, establishing a study routine is essential. It doesn’t matter if you are studying for a certification or a degree – consistent practice is essential for learning. I used the word “practice” deliberately. For true learning to take place, you need to be able to absorb information, think deeply about it, and do something with it.
The example I like to use is playing guitar. I’ve played guitar for over 25 years. To this day, if I want to maintain and improve my skills, I need to set aside time to practice and use the information that I am learning in a practical way.
Playing scales isn’t making music. Playing along with a track on Spotify is making music. And although it is fun to pick up my guitar and play for six hours or so on a weekend, true improvement comes when I dedicate a little bit of time everyday to stay sharp.
The same is true with studying for a certification like Security+. My goal was to master the information, not simply pass a test. And true learning takes time. So I set out to develop my own routine that would prepare me to go into the test being as confident as possible.
My study routine
My first step was to figure out what would work for me given my unique life circumstances. It took me a few weeks to figure this part out, because there was a lot of trial and error. At the beginning of my process, my daily routine involved getting up just an hour or two before work.
6 am & 10pm
Initially I thought that I would spend a little bit of time in the mornings studying, and then stay up late at night as well. But I noticed that I would come home from work absolutely exhausted with no energy left to study.
4:30 am
I realized that my best option was to study before work, when my mind was sharp and I wouldn’t have any interruptions. Over the course of a few weeks I adjusted my sleep schedule and eventually started waking up at 4:30AM.
I’d spend 3 hours before work studying. I realize not everyone is an early morning person. That’s OK. It doesn’t matter when you study. What’s important is that you block out time every single day and be consistent. This is just what worked for me personally.
It’s also important to dedicate a space for your studying sessions. Maybe studying on the couch works for you. Or from your bed. I tried those methods, but they didn’t work for me. I needed a separate space. Fortunately I already had a spare bedroom that I had converted into my work-from-home office.
Wherever you choose to study, the most important thing is consistency.
Different study methods to try
So how do you actually go about studying for a certification? It’s one thing to say, “I’m going to study for Security+”, but taking actionable steps is essential. I’m a fan of NetworkChuck on Youtube, and in one of his videos he recommends the following study method for any certification:
Read a book. Watch a video course. Make notes (or flashcards). Take practice exams.
1. Read a book
There are plenty of good Security+ books available. One thing I would specifically recommend though is to find a book that organizes the material in a logical manner, not one that structures the book according to the official objectives. While that is helpful as a reference source, I found it much easier to learn when I read a study guide that reorganized the material into a format more suitable for learning.
2. Watch a video course
It shouldn’t be hard to find an online video course for Security+. There are many of them. Some are free, while others require a fee, so whatever your budget, there is an option for you. But one thing you should consider is how the instructor presents the information.
In my opinion, CompTIA doesn’t present the learning objectives in the most logical manner. So, find an instructor who presents the information in the manner that makes the most sense to you.
3. Make notes or flashcards
I’m not a fan of flashcards. I never have been. That’s just a personal preference. They’re only useful if you actually use them, but I tend to create them and never go through them again.
I learn best through the physical activity of writing, so for me, writing good notes is an essential skill. And while it’s a good idea to type your notes out so that you can search them for future reference, I still recommend plain old pen and paper for your first round of note-taking.
Learning is all about repetition and understanding. You should read your book multiple times. You should also go through multiple phases of note-taking. I prefer using pen and paper for my first round of notes, and then for review I type them into a note-taking app on my laptop.
4. Take practice exams
Before I took the real exam I heard multiple people say the best preparation is to take practice exams. Take this to heart. Find good, quality practice exams and take as many of them as possible.
You may think you are ready, but once the timer begins and you feel the pressure, that’s when you’ll know if you are ready for the exam or not. I was encouraged after I took my first practice exam and scored in the 70’s (a passing score is 80), but after consistent results of not passing I realized I had a lot more work to do. When you are consistently scoring in the 80’s (ideally even in the 90’s) you should be ready for the real exam.
Practice on-the-go
But what about those times when you’re on the go, but want to get some practice in here and there? That’s where Pocket Prep helped me. In my current job, I am on the go quite a bit. Sometimes I don’t know my schedule until the day before.
In rare cases, I get a phone call saying, “Be at this location with the gear in an hour”. So I wanted to find a resource that I could use to get a quick quiz or two in on my phone when I had a few minutes to spare. I subscribed to Pocket Prep’s exam prep app for the Security+. Early on, the quiz results matched what I was getting on my longer practice exams.
By the week of my exam, I was consistently scoring in the 90’s. Even now, after passing the exam, I use the app to do a quick quiz and keep the information fresh in my mind. Since I am not currently working in the industry, I need to do whatever it takes to maintain what I learned.
What’s Next?
So, I passed Security+. Naturally, my next step is to look for work in the field. But it would be a serious mistake to assume that just because I’ve passed a certification that I don’t need to keep studying. So, I’ve started the process of studying for my next certification – CompTIA’s CySA+.
I’ve already selected my next book and video course and am slowly getting back into the study routine. And since I’ve identified cyber threat intelligence as the area I want to specialize in, I’m also reading material related to that specialty.
Your journey may be completely different. You may be working on a different certification from a different vendor. Perhaps you are working on a degree instead. Or maybe you are opting for neither path and instead are engaging exclusively in hands-on activities. Regardless, it’s important to find a study routine that works for you.
The goal, after all, is not merely passing a test, or finishing a degree, or completing a specific hands-on task. The goal is mastery of the material. Since that is a lifelong process, having a solid study routine will guide you along the way.