Security exam tips

Written on 21 December 2018, 05:07pm

Tagged with: , , , , ,

After successfully passing 3 IT security exams this year, here are some high level tips:

  • schedule your exam well in advance to avoid procrastination
  • study from at least two sources
  • use quizzes: they make a huge difference in memorizing things
  • use the learning channels compatible to your brain (ex. I always prefer text or classroom training instead of audio or video)
  • Right before the exam: get a good night sleep the night before
  • schedule your exam in the morning when your brain is fresh
  • try to clear your mind in the hours before the exam
  • resist the temptation to go one more time through your materials before the exam
  • During the exam: keep an eye on the watch
  • don’t go back to a question: make the best effort to answer and then forget it (some exams will not even allow you to revise a question)
  • don’t change your answer (exception: when you realize that you misread the question)

And some basic, but interesting things about security:

  • people are the most important asset
  • but humans are also the weakest link in every security program
  • security is always about protecting the CIA triad
  • security controls can bring the risk to an acceptable level, but there is no such thing as risk zero
  • a company exists for the sole reason of making profit. This means that they will always look at the return of investment as primary metric in evaluating any security control
  • security is not a one-time project to fix things, but rather an ongoing program that needs to be planned and revised periodically
  • complexity is the enemy of security
  • as a security professional, you must learn to tailor your language to your audience
  • you are just an adviser, but not a decision-maker
  • you should act as a prudent man. Like this guy would:
https://breakingbad.fandom.com/wiki/Mike_Ehrmantraut