Certification Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Certification Survey. These posts contain previously unpublished Certification Survey data.
There are a lot of questions in life, and everyone has their own decision-making process. Some people just take whatever comes. As the late philosopher and humanist Neal Peart once declared, "There are those who think that life has nothing left to chance — with a host of holy horrors to direct our aimless dance."
One important decision that both aspiring and current cybersecurity professionals have to grapple with is how to prepare for their next certification exam. And while the occasional holy horror may arise to complicate matters, deciding how to study and what materials to use really is a decision that calls for thoughtful consideration.
It's rare, after all, for for two people to have the exact same approach to satisfying all of the variables in the certification preparation equation: finding time to study, allocating available financial resources, choosing the best training of one's preferred type, and so forth.
Certification is an ongoing pursuit, of course, so you aren't likely to enter the IT industry, whatever your specialization, with every cert you'll ever need already in hand. For our recent Cybersecurity Certification Survey, we asked certified information security professionals how they get the best results.
Survey respondents rated the effectiveness, per their most recent certification experience, of various cybersecurity certification study materials. As always, those surveyed had the option to mark "Does Not Apply" for study approaches that are foreign to their experience. Here's what we learned:
It would probably be wrong to conclude from this data that all training and study materials are well prepared and of unimpeachable quality. On the other hand, very few survey respondents handed out "Poor" ratings, even for quasi-ethical solutions like brain dumps and largely unvetted ones like internet mailing lists.
The workplace is a key arena of learning for many, as demonstrated by the fact that 64 percent of survey participants have experienced some degree of success in furthering their certification efforts through on-the-job-training. If you know enough to get a job in IT, then you can do work, get paid, and enrich your skill set all at the same time.
Other strong options include instructor-led training (at least for those who use it) and computer-based training or simulations. Community college courses, boot camps and online mailing lists/forums are apparently beneath the notice of many certified information security professionals looking to study up for a certification.