Looking to get an IT certification?
Have questions about them?
Obtaining an IT certification can be a boost to your IT or cyber security career. And there are certifications for all levels! Whether you are just beginning your journey or well into your career, there is a certification for you!
I recently obtained a new certification which is forcing me to consider my options moving forward in my career. But this post isn’t about my career…mostly. Instead, this post highlights observations I had as I prepared, took, and passed the exam. I would like to make clear before going further that I will not be discussing any test questions from exams nor am I offering 100% guarantee advice on passing your exam. I will be talking about ways to prepare for exams, what I believe to be an unspoken culture of IT certifications, and how certifications are used in our careers. Besides, you don’t need my advice for passing that CISSP exam that seems to be on almost every IT job posting.
Let’s move on though to exam preparation.
After choosing the exam you want to pass, you need to get good study materials to increase your confidence for the actual exam. This is where things get a little tricky as there as a plethora of materials “guaranteed” to get you that pass. The two most common paths of preparation are guided study and self-study. A typical guided study is structured as a lecture where the class last a set amount of time and is taught by someone who holds that certification and has been in the industry for a while. One great thing about guided study is that you can ask questions, get clarification and get study partners to share in your pain of preparing for the exam. Plus, many courses come with an exam voucher! Hard to beat that!
However if you’re like me, self-study can be the better option. There are usually a good number of books and exam guides in your local bookstore (or Amazon) written by professionals in the field. There is also a seemingly endless amount of material online for further explanations and practice. You can study at your own pace and there is nothing like saying “I read a 1000 page study guide to prepare for this”. True story!
Despite all of the information out there to help people prepare for exams, I have heard of some people not passing their exams. And it is not from a lack of trying!
An important aspect that seems to be missing from the exam prep talk is what exactly the exam is looking for. The way I like to look at it is this: “Cool! You know the OSI model! How do you use it?”
To be very generic, there is a difference between “What layer is the network layer on the OSI model” and “Bobby can’t get to the internet but still can print to the company printer. What layer of the OSI model should you troubleshoot”. The answer (Layer 3) is the same for both questions but the framing changed from “do you know what this is” to “do you know how to use this”. I believe when preparing for an exam, studying from this point of view boosts the odds in your favor for passing. Perhaps, this is what the practice tests are for but it would be nice to see this talked about more regularly.
Another thing I have noticed with the preparation phase is that as you move up in the certification hierarchy, there seems to be less material on that topic. Let’s take CompTIA’s A+. You would be hard pressed to walk into a Barnes&Noble and not find a study guide for it. Search online and you will get an avalanche of guides, books, videos and practice tests. Now try (isc)2 CCSP. It’s not a trickle but there is definitely less material online for the CCSP than for the A+. And I don’t know about you but I cannot recall a time of ever seeing the CCSP study guide in a Barnes&Noble. At a glance, one would think that the A+ is more important than the CCSP however the former is an entry-level certification while the latter is more mid-level. The only difference is one appears to be more marketable than the other. This makes moving up the certification ladder a little harder.
This brings us to an unspoken culture of IT certification. Passing is not free. No matter how you choose to study, you will likely pay for something besides the exam voucher. I have found that even though you can find a lot of free material online, they are often outdated or not a complete study of the topics covered for the exams. Or scams. At the very least, you will have to buy a book. A good practice test can also cost your a pretty nickle. This is on top of exam vouchers. The exam vouchers vary in price depending on the certification. Some can be as low as $220 to over $1000. Fortunately, the entry level exams are on the low end and having any certification gives you the opportunity to earn the money needed for a higher costing one later. In addition to understanding the material, exam and training costs are major barriers to achieving that goal for people who are not in school or who have their costs subsidized by a company or government organization which in turn makes it harder to create a more demographically diverse industry.
Let’s say that you are not in IT, working in a generic retail store and thinking about getting the A+ to break into the world of IT. According to the CompTIA website when it comes to the exam cost:
“[The] quick answer is that each exam voucher you’ll need to acquire to take your test is $219. You will need two vouchers to pass two exams to certify.”
That is not an easy amount to depart with on a minimum wage job. Not to mention taking the time to study, whether it is with a book or a structured course. And the bar seems to get higher as you go deeper into the field. The ECC’s CEH exam voucher is $950 plus a $100 application fee if you want to do self-study. It’s $850 if you want to attend the official training course.
If you have an IT job though, this barrier becomes easier to overcome over time so let’s talk what certifications do for your career. It is a misconception to believe that having a certification means you can do a job. It’s probably true but it is not the end all to be all. A certification acts more like an insurance policy. It increases the confidence of others who rely on your expertise or service. This is probably why some entry-level jobs post that a CISSP, one of the highest certifications available, is desired. That company is looking for assurance that whoever they hire can definitely do the job. Overkill? Absolutely. In fact, there are positions asking for certifications that are not necessary to the job…kinda like needing a bachelors degree to do a job that requires a high school level of education.
However, do not let that persuade you into thinking certifications are not worth it. Since it is acting as an insurance policy, a certification gives you a a stronger foothold to get that job interview or to ask for more pay. If you want to give a talk or mentor the next generation of cyber sleuths, your audience won’t write you off as some quack with a low budget webcam on Youtube.
A great comparison is the restaurant world. Think about going to a new restaurant that has no health inspection certificates hanging on their walls. How comfortable would you be eating there? A restaurant with a passing health inspection gives you more confidence that the food is safe to eat (taste is opinion) and that it holds itself to a higher standard than the before mentioned restaurant. IT certifications work in the same way.
Still looking to get that certification? Great! Getting just one is enough to get the ball rolling. It seems like a pain and a hassle to do so (and it is) but it is worth it in the long run.