Daniel Velez

As a newcomer to InfoSec who is attending a cybersecurity bootcamp full-time, I’ve been receiving tons of questions from my peers at Fullstack Academy regarding my approach to swiftly obtaining certifications.

From January 14th to January 30th, I passed the exams for the following certs on my first try:

CompTIA Security+ SY0-601, CompTIA Network+ N10-008, CompTIA PenTest+ PT0-002, AWS Cloud Practitioner, Splunk Core Certified User

SwiftCert

To begin, I must be frank and say that most of my diligence comes down to having a strong sense of urgency to achieve the vision I have for my life.

But nevertheless, in this article, I’ve compiled some valuable tips that may help you if you’re interested in obtaining any of the aforementioned certifications in a short timeframe.

I’ll start with a broad approach to any cert, then move on to specific resources for all of the ones I mentioned.

1. Simulate the Real Thing

Tailored practice exams and quizzes typically reign supreme over ALL methods of preparation.

Why’s that? Because you can quickly gauge your current level of readiness by simulating the actual testing experience.

I spent 6 days studying for Security+ before taking the exam — the most out of all of the certifications because of the colossal amount of content it covers.

When I began, all of the acronyms, terms, and technologies that I had to learn about overwhelmed me at first.

The suggestion you’ll often hear in response to this is to read a bunch of written content on the material, which I find tedious and ineffective.

So after bootcamp ended at 6 PM, I immediately started studying for hours, with a significant portion of my time being spent on practice tests.

Whenever I got a question wrong or didn’t know what something meant, I turned to Google right away to quickly enhance my understanding of the topic.

Don’t feel bad about consistently taking advantage of Google — it’s the best resource for efficient learning.

Most searches will pay off one way or another, even if it’s simply a matter of refreshing your memory.

Conversely, if you have to enter every possible answer for a multiple-choice question into Google, don’t despair.

Virtually nothing is off-limits when you’re preparing for a test.

This “simulate the real thing” approach can also be applied to a practical cert such as the OSCP, which I plan on obtaining soon.

For instance, most of my preparation time will be spent developing my rhythm of rooting machines while simultaneously writing reports.

Perhaps it’s common sense, but it’s always best to prioritize whatever comes closest to the actual exam experience when you’re studying.

2. Go Through The Objectives

Most IT certification companies, such as CompTIA, provide downloadable PDFs that contain lists of the topics that will appear on your exam.

This “exam objectives” file comes in handy, and I recommend going through it twice:

  • Immediately after deciding to pursue a specific cert.

  • Within an hour before you’re scheduled to take the actual exam.

image

Getting an overview of the areas you’re meant to gain proficiency in will serve as a compass while studying and a refresher right before taking your test.

3. Manage Your Time

Time management is absolutely CRUCIAL.

Divide your time carefully and recognize the areas that need improvement.

Throughout the entire process, I used timers to devote a fixed amount of time to specific activities:

  • Watching course videos
  • Going through Quizlet flashcards
  • Participating in study sessions
  • Taking practice exams and quizzes

Once the timer went off, I navigated to a different preparation method like clockwork.

This cycle repeated until I was too tired to continue.

Ensuring that my time was evenly dispersed set me up to succeed on exam day by regularly strengthening my deficiencies.

With those tenets out of the way, let’s go over my favorite educational resources.

CompTIA Security+ and Network+

For the CompTIA Security+ and Network+ certifications, my favorite resource is definitely Professor Messer.

You’ve likely heard of his courses before, but I recommend checking out his “Study Group” videos in particular.

Watch them at 1.5x speed and fast-forward when necessary to avoid wasting time.

image

Most people can pass both certs by solely consuming the high-quality content he’s published.

His study group videos are great because he provides questions that are directly relevant to the exam, then goes through each answer and explains the correct one.

Here is a link to his study group playlist for the Security+ SY0-601 exam: https://bit.ly/messerstudy

I find the layout of those videos to be much more engaging than simply going through a bunch of topics without being actively tested.

He also has a Network+ N10-008 study group playlist on his channel.

In addition to that, I highly recommend taking the Take Ten quizzes on his website, which test if you’re ready for the real thing.

Moving on from Professor Messer, another great resource is the collection of Security+ and Network+ Practice Exams put together by Jason Dion on Udemy.

I feel like Dion’s tests did the best job preparing me for the actual CompTIA exams out of all the practice tests I took.

Many individuals consider his tests to be more complex than the actual exams, which means that doing well on them should significantly boost your confidence.

Lastly, if you’re taking Network+, this Subnetting Mastery playlist is EXTREMELY helpful.

The subnetting cheat sheet he goes over makes it easy to answer subnetting questions in two minutes or less.

CompTIA PenTest+

PenTest+ was the certification I did the least amount of direct preparation for.

I owe my success to finishing tons of rooms and learning paths on TryHackMe and pwning machines on HackTheBox.

What’s neat is that TryHackMe has a specific learning path for anyone who wants to take the PenTest+ exam.

image

As someone who completed it, I recommend checking it out to gain hands-on experience with the tools and tactics mentioned in the PenTest+ objectives.

Another great resource to explore is Wiley.

They have a collection of “official study guide” books within their database.

Simply answer a question related to the study book’s content to get an activation code that gives you full access to its practice tests and explanations.

For example, here’s a screenshot of when I was going through Wiley’s Network+ N10-008 Testbank:

Wiley

Wiley is definitely worth looking into — it stands right behind Dion’s tests in terms of quality.

AWS Cloud Practitioner

You’re mainly asked about fundamental cloud terminology and AWS services on the AWS Cloud Practitioner exam.

Therefore, one of the best resources is the free Cloud Practitioner Essentials course created by AWS, unsurprisingly.

It’s a 6-hour long course that goes over the vast majority of the topics you need to learn about.

But some of the things that appeared on my test weren’t covered in the course.

For that reason, I advise that you check out collection of practice quizzes provided by ExamsDigest.

They also have courses on most of the other certifications I’ve mentioned, so their entire website may be valuable to you.

image

Splunk Core Certified User

Last but not least, let’s go over the Splunk Core Certified User certification.

If I were writing this before October 2021, I would say that completing Splunk’s Fundamentals 1 course and going over the PDF they provide would be enough to pass.

However, some of you may know that Splunk completely changed their educational business structure, and they now charge $500 for individual pre-recorded modules.

As a result, this made preparing for their certifications more difficult.

Regardless, I have some great resources that should adequately prepare any of you for your Splunk Core Certified User exam.

This Quizlet set on the Fundamentals 1 course was invaluable because it helped me internalize all of the info I needed during the two days I studied for this cert.

image

Many of the specific questions I was asked during the real exam are inside there.

Go through Quizlet’s “Learn” feature at least twice before taking the actual exam — it’ll pay off.

A few of the free training videos Splunk provides could also help you, depending on your level of expertise.

Lastly, TryHackMe’s Splunk 101 Room is a solid preparation resource for the Splunk Core Certified User exam.

In conclusion, I’d say that it mostly comes down to how badly you want to obtain the certs you’re pursuing.

Caffeine also helps out a ton.

Best of luck on your future exams!

You Might Also Enjoy

Valentine HackTheBox Write-Up

Valentine is a Linux machine on HackTheBox that focuses on the Heartbleed vulnerability, which was a severe flaw in the OpenSSL cryptography library.

Active HackTheBox Write-Up

Active is a Windows machine on HackTheBox centered around common vulnerabilities associated with Active Directory.