Certification Sprint

At the end of 2024, I took the beta test for the CompTIA Pentest+. I was not really prepared, but I thought I would give it a try anyways. This exam was the first cyber security certification test that I failed. Even though I wasn't overly confident going into the test, I still thought I could pass.

After failing this exam, I doubled down on studying offensive techniques. I started doing modules in the Hack the Box Academy. These helped me to get an understanding of tools, but most of the modules walked you through an attack and the asked you to perform the exact same attack. If you were unsure of what to do, you could just scroll up and there the answer was. Not all of the modules were like this though. There were a few that altered the box enough that it was a completely different experience.

I also setup a Kali VM and a few vulnerable machines, including Metasploitable 2 and 3, in Proxmox. I liked using Proxmox for my cyber lab because I could take snapshots of the machines and easily revert back to the beginning state. The snapshots were also stored on a separate machine running Proxmox Backup Server, so even when my hardware eventually failed, it only took me around 15 minutes to get completely up and running again.

One day I got an email from my councilor at Champlain College. She said that I would have enough credits to graduate the following Spring or Summer depending on whether or not I took a couple extra classes one semester. This was kind of a surprise to me. I knew that I was doing good and that certifications had put me a little bit ahead, but I was getting reading to graduate after just three years. This was both a good and bad thing. I was using my student discount to make my certifications more affordable since I was paying for them out of my own pocket.

Realizing that my discount would end soon, I went ahead and bought another attempt at the Pentest+. I was going on vacation with my family in July so I scheduled the test for the day before we were going to leave. I thought that it would help to stop me from thinking about it over vacation and if I passed I would have an extra reason to be happy on vacation. I went into the exam confident and passed. After two attempts, I had my Pentest+.

We ended up spending less money on vacation than I thought and when we got back I bought the exam and a retake attempt for the Cysa+ and the SecurityX exams. I had the retake so I thought I should go ahead and get a feel for the Cysa+. One week after returning from vacation, I took the test and passed it as well.

Now I was on a roll and feeling great. I thought I would go all in and give the SecurityX a try. I scheduled it for two weeks later. I studied hard, but thought I was not prepared enough. I went into the exam nervous about failing even though I had a retake attempt. I gave it my all and then waited afterwards. The SecurityX was different from the other exams because it was not graded. It was either pass or fail. There was no score. The results were also not immediate. I waited a few hours and then the email came in. I passed it.

I was over the moon now. When I started school, my goal was to get a degree and the Security+ certification. Now I was in my last year of school and had every CompTIA cyber security certification offered. I was amazed and inspired, but also had to figure out what came next. I had the desire to learn more and wanted a way to prove my knowledge if I could not get a cyber security job right away.

This is when I came across TCM Security. They offered certifications that were comparable to Hack the Box or Offsec exams, but more affordable. They also had a discount running at this time. So, I bought the TCM Practical Web Penetration Associate Exam. I had already been studying most of these topics, so I gave myself three weeks to prepare and then took this exam.

It was different from the CompTIA exams in that it was a hands on exam and there were no questions at all. The goal was to compromise a web app and then write a professional report. The exam lasted for three days. The first day, I managed to find three critical vulnerabilities and several medium vulnerabilities. I wrote the report the second and and submitted it. It seemed like it took forever, but three days later I got the results. I passed it as well.

I didn't set out to sprint through certifications, but that is what happened. From July 13 to August 25, I had taken and passed four different certification exams. Before taking these exams, I had never heard of stackable certifications, but now I had as many stackable CompTIA certifications as I did standalone ones.

After all this, I had several certifications, was almost through my degree, and had over a year experience in IT. It was an amazing feeling to actually be forcing change in my life. I would recommend anyone that is thinking about changing their life to go for it. The feeling of regret is so much worse than the feeling of failing. I would spend a few days, maybe a month, thinking about a failure, but I spent years dwelling on regret.