What I Learned From Failing the Security+
Getting certified is a great feeling, especially after you have worked so hard studying to understand the exam material. No wonder that people are very quick to share their success stories.
But not everyone passes on their first attempt. You don't often hear about people's experiences when they fail at achieving a goal — which is a shame. There are plenty of lessons to be learned from failure, even if they are painful ones.
Here are some key takeaways from my very own CompTIA Security+ failure — and subsequent redemption. If you recently failed an exam, there's hope. If you are about to take an exam, use some of these lessons to strengthen your study efforts.
I decided on earning CompTIA Security+ because I already had CompTIA Network+ certification. Also, CompTIA A+ didn't make sense as I have over 15 years of computer troubleshooting and repair experience under my belt.
I have an interest in cybersecurity and Security+ is an entry-level certification, making it a solid starting point for me. It's also a U.S. DOD-approved certification, which could open up more career opportunities.
The other draw of Security+ being entry-level is that it eased me back into the process of studying for IT certification exams. Full confession: It had been a while since I took a certification exam. Prior to taking Security+, the last exam I took was in 2007, when I earned my Network+
My Study Approach
I used a combination of CBT Nuggets videos, my own notes, and practice exam questions. I found the Security+ videos very helpful and they were my main area of reference. CBT Nuggets' Keith Barker is a very good teacher and I found his enthusiasm contagious.
Before diving into training, I printed out the training resources that CBT Nuggets provided, which tells you which videos cover specific exam objectives. I used these in conjunction with CompTIA's exam objectives. Every domain area that I finished was checked off the list, every single objective was ticked off by the time I went into the exam.
I study by taking notes. Lots of notes. I filled out an entire exercise book with shorthand notes of each and every video. I drew diagrams and pictures as well. I also went over the two recommended IPV4 videos as refreshers, which helped jog my memory about how to calculate subnets and how to convert values from binary. Again, lots of notes.
When I got about halfway through Keith's Security+ videos, I tried some practice exams online. I knew that my prospects were not good, but I felt that "scaring" myself with a few fails would help motivate me. My first practice exam was a failure, I got a 58 percent.
All of the highlighted areas that I got wrong were areas that I hadn't gotten to yet. I got a few basic questions wrong that I should have gotten right. I knew that I needed to concentrate on my next attempt. I kept studying, and every time I made progress, I would retake a practice exam. I got gradually better — to around 90% to 95%.
At that point, I decided that I would schedule the Security+ exam.
All That Prep. Still Failed.
The key event that sticks out in my mind is that I got caught up in the performance-based questions at the beginning. They took a very long time for me to complete, even though they were not difficult.
I got flustered after that and this resulted in myself making a fatal mistake. I didn't read the questions thoroughly.
With any IT certification exam, you need to carefully check the wording and meaning behind every question. For example, questions can seemingly have multiple "right answers. But only one is the correct right answer. Truly comprehending what you're being asked is key to choosing the best answers.
Slow down and make sure you read and understand every question. One wrong answer could be the difference between passing and failing an exam.
My Gut Feeling During the Exam
I had performed well on all of my online practice tests with 90% – 95% scores in some cases. But deep down, I knew that I needed to round off my cryptography knowledge. Oh, and the concept of public private key exchange was still kind of confusing me.
It also dawned on me that I hadn't practiced many of the basic troubleshooting commands that were recommended in the Security+ exam objectives, which was an oversight that definitely contributed to my failed attempt.
The Exam Aftermath
Well, the first thing I did was call my boss and let him know that I had failed, which was not pleasant. He took the news well and was supportive, but I knew that I had messed up. I scored a 715, which was short of 750 passing score. I had only missed passing by a few questions, which was frustrating but also oddly comforting as well.
Luckily, CompTIA gives you a printout of the exam after you have completed it with a detailed breakdown of what exam objectives you got questions wrong on. My suspicions were confirmed when my cryptology blank spots showed up as being one of the main areas that I needed to improve in. In fact, I got at least one question wrong in each domain. This wasn't good.
I booked the exam again the very next day. I knew that I had prepared very well, and I didn't want to give myself a chance to start forgetting information. I needed to work on revising my notes, and I needed to re-watch some of the videos that I did not completely understand.
Next, I went through every single exam objective and checked off each item that I had covered. If I was not sure about an exam objective, I went back to the corresponding video and made sure I understood it.
I also checked out CompTIA's /Reddit and I also found lots of tips on YouTube from successful (and smug) successful exam takers. Each of these resources helped to prepare me for my second attempt. Using these resources would have been a big help before my first attempt!
What I Did Differently the Second Time
The second attempt I decided to flag the performance-based questions and come back to them at the end, and I am so glad that I did that. I encountered at least five questions that, if I hadn't read them at least three times before answering, I would have gotten wrong. Not being rushed was huge.
There is some subtle language on the Security+ exam and it really requires you keep your wits about you. Never just jump straight to an answer. Take a deep breath and read the question again, slowly. This undoubtedly made all the difference for me as I scored a 782! I was Security+ certified at last.
Failure is painful, but it can also help motivate and inspire you. Don't let people tell you that an IT certification exam is easy just because they passed it. Most IT cert exams are an inch deep and a mile wide. Knowledge retention is imperative and comes down to how well you study.
Again, remember take your time on exams. Read the questions thoroughly. And stay calm. Good luck on your next exam.