Self-studying for your next cybersecurity certification is full of hidden expenses that quickly add up – especially if they don’t help you to pass.
It’s a point that many cybersecurity practitioners pursuing certifications don’t know or choose to ignore: a large percentage of test-takers fail the exams on the first, second, and even third attempts. Up until recently, the only options available to cert hopefuls were to resort to self-study and week-long boot camps (AKA cram sessions). For the latter, be sure to check out our write-up why week-long boot camps are a lie. If you’re thinking about self-study, read on. While it might seem like the most economical option, it can be an unreliable study method that can cost you significantly in both time and money.
Every certification is backed by an official reference textbook from either the test-maker themselves or a company selected by the test-maker. Most self-studiers gravitate toward these books because they contain all of the content that might appear on the exam. They’re almost always the first purchase a self-study cert hopeful makes.
These are reference books – meaning that they read like an encyclopedia rather than a well-structured narrative. Oh, and they’re dense. For the CISSP certification, for example, the Common Body of Knowledge reference book from (ISC)² is a 4-pound,1,236-page colossus. While it’s helpful to thumb through at times and refer back to during your studies to be sure to get all of the details you need, you will quickly realize that these books are as hard to digest as they are to carry around. You’ll likely decide to move on to purchasing another book for general studying.
Official Study Guides
Next, you’ll probably head to Amazon and check out the top textbooks and study guides for your desired certifications. That’s not a bad thing – there are lots of good materials out there and checking out some reviews from other practitioners is certainly helpful. That said, picking a good textbook isn’t easy.
You see, like the cybersecurity field itself, certification exams change. To illustrate, the CISSP is posting a change on April 15, 2018 and the CEH version 10 is currently being rolled out. So unbeknownst to you during your online shopping trip, that five-star book you’re eyeing might already be obsolete. The difference between a passing and failing score on most certification exams can be slight, so studying the most up-to-date and accurate content is imperative. Expect to shell out some more dough (around $40-$100 if you’re getting the most recent edition) on more than one textbook.
Even if you manage to source an up-to-date textbook, the material you end up choosing might fail you in other areas. Here are a few points of feedback we hear from former self-study folks:
- Many textbooks aren’t any easier to read than the reference books.
- The content developers for the textbook didn’t follow the domain structure accurately.
- The textbook is too light on diagrams and use cases to help drive the concepts into long-term memory.
- The chosen book didn’t provide many opportunities to practice new knowledge in the form of review quizzes or practice tests.
- Many textbooks aren’t any easier to read than the reference books.
All of these reasons can work in a vexing collaboration to waste your time, collapse your motivations, and cost you more money.
At this point in the self-study process, your confidence is probably waning and all you’ve done is read pages with words and perhaps a few diagrams. You’re probably asking yourself questions like “Have I learned the material?” and “Will I pass this thing?” In order to find the answers to those questions, you’ll move to purchasing practice questions or quizzes or scouring online for free ones.
Yet, here we are again. Most practice tests aren’t updated to the new domain content from the last update – just like that second textbook that’s starting to collect dust. To add insult to injury, when you didn’t perform well on the practice exam you are left with even more ambiguity about sitting for the real exam and your performance than you had going into the exercise. Most practice exams provide information on a passing score, but many don’t provide clear next steps for how you can improve on your weak areas.
If you plan on going the free route for more practice questions, beware. There are oodles of resources or “brain dumps” on the web that offer free sample questions, but they are not only unethical, they also tend to be misleading, outdated, and unreliable.
*Shameless Plug* If you are hitting a wall in your prep and not in a position to do a full training course, our partners at Kaplan IT Training offer intelligent practice exams that provide you with valuable practice and insight on your performance.
We haven’t yet quantified the cost of time, especially wasted time. Misused time usually involves studying and committing to memory things that you don’t need to know for the exam. If you try to prioritize content on your own, you feel pressure to know and study everything – a feat that is impossible, and a waste of time.
If the average self-studier spends about 200 hours studying, you will likely spend 75 of those hours studying useless content, such as encryption key lengths or the providers in a SAML token exchange (stuff that’s cool or seems important but is unlikely to appear on exams). That’s 75 hours that could have spent on more relevant topics, a long weekend getaway, watching 19 Major League Baseball games, or binge watching all of those latest Netflix shows in your queue. If you think in more monetary ways, consider a round salary of $100,000 a year, that means your time is worth about $48/hour, which means you wasted $3,600.
It’s time to schedule the exam and your anxiety gets superseded, briefly, by another emotion: sticker shock. Shock at the price of the sticker price for admission for taking your exam. Here are the retail prices of the most popular certification exams when purchased independent of a training course:
- CISSP: $699
- CISM: $750 (or $575 for ISACA members)
- CEH: $1,050 ($950 plus a $100 application fee)
- Security+: $320
While the pass rates for each of these exams is not made public, it is known that a large percentage of exam takers do not pass on the first try and those rates are significantly more dire for self-studiers. If you become a member of the first-time-fail club, you’ll be shelling out for that exam voucher a second time.
More Study Hours
Retaking the exam also means re-studying some material. Assuming you need to reexamine about 50% of the material from your first round of studying, you will have to spend another 100 hours preparing for your exam retake, which equals $4,800 worth of your valuable time.
When you pass a certification exam and earn your certification, you’re likely to be a more valuable asset to your employer. Specific to CISSP or CISM cert holders, you will likely make $18,000-20,000 more per year relative to your next move or promotion. So if you spend two more months studying for your certification, when you could have passed the exam the first time, that’s two months of lost wages at your new salary or about $3,000 in extra coin.
Let’s Make It Official
As you can see, the grand total cost of self-studying can add up quickly when you factor in the assets you’d need to buy and your staggering opportunity costs.
When preparing for your next cert, you must study efficiently, intelligently, understand test day strategies, and study the right stuff because studying the wrong material is just as harmful as not studying at all. Within CyberVista’s Certify training courses, we do all of the organizing, prioritizing, streamlining, and bundling for you. We do the planning and curating, so all you have to do is follow your customized and efficient study plan and reap the benefits of that shiny new cert. Don’t go it alone – choose CyberVista to be your training partner in pursuit of your CISSP, CISM, CEH, and Security+ certification.