Professional development

I failed my CREST Certified Infrastructure Tester exam: Here’s my story

Harman Singh
June 6, 2022 by
Harman Singh

Failing an IT or cybersecurity certification exam is common. It’s also common to have feelings of imposter syndrome creep in when that happens — or when you see others’ long lists of accomplishments and compare them against your current struggles.

It's interesting how our society discourages people from failing as if it is the end of the world. Failure is necessary. It’s an opportunity to learn and do better next time. We’ve all heard the saying, "Failures are just stepping stones to success." 

But when failure happens, many cybersecurity professionals feel imposter syndrome, a phenomenon that causes them to doubt their accomplishments and feel like a fraud. It’s not just those new to the profession who feel this way. It’s also common among high achievers who are afraid to let anyone know they may not be as perfect as they seem. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

If this sounds like you, don't worry, you're in good company. Many successful people have felt this way (or failed an exam) at some point in their lives, including myself.

How I failed my CCT Infrastructure exam

I remember my first attempt at the CREST Certified Infrastructure Tester (CCT INF) exam. The exam has two parts: a multiple-choice exam and a hands-on practical exam. I ran out of time during the practical exam. The underlying reason was my nerves. I felt the pressure that I was going to fail my exam. I never said to myself once, “It's OK if that happens. You can give it another go.” If I had this mindset, it would have spared me a lot of wasted energy — and it would have given me more headspace to strategize accordingly. 

Although I have done security certification exams before, the CCT INF is by far the most difficult one I ever attempted. I realized what worked for me previously (OSCP) might not be best suited for the CCT INF as the CCT INF involves much tighter timescales for its set number of challenges.

The pressure of an exam can wreck your normal state of thinking and if not careful, your confidence. This was the case in my first attempt, considering I put most of my efforts towards technical preparation versus mental preparation. This lack of confidence combined with the pressure was my main reason for the failure. 

5 ways to mentally prepare for your exam

For my second attempt at the CCT INF exam (possible after a 3-month gap), I was more mentally prepared — and I passed! The key takeaway for me was to remain calm and believe in my ability to perform well. Here are five things that helped me do just that.

1. Practice technical questions in timed sessions

While every individual has their own way of studying for exams, this was the method that worked best for me. I made sure I understood every concept and could answer any questions related to it. 

This gave me a sense of confidence, which is essential before taking an exam.

2. Visualize yourself succeeding in the exam

Before going to sleep or anytime throughout the day, close your eyes and imagine yourself succeeding in the exam. This will relax your mind and body, and increase your confidence.

3. Talk to someone who has passed the exam

This is a great way to get an idea of what to expect during the exam. Ask them about their experience and see if they have any tips on how to tackle the exam.

4. Perform relaxation exercises daily

These are a great way to destress and relax your mind before an exam. Try different breathing techniques or yoga stretches, or simply listen to relaxing music for a few minutes each day. This will help you remain calm and focused heading into the exam.

5. Manage your time carefully during the exam

The CREST CCT INF exam is well-known to security consultants for the practical exam challenges portion. Managing your time is vital to ensure you don't run out of it before completing all the challenges. Take regular breaks and stay focused throughout the attempt.

Failure is an opportunity 

Don't be discouraged if you don't pass your exam on the first try. And remember, you're not alone. There are plenty of other professionals out there who are facing the same challenges as you. Just keep moving!

Every time we fail, we learn something new that we can use to help us be successful on our next attempt. Use it as an opportunity to learn and do better next time. I know you can do it!

I don't believe that failure is an end in itself, but rather an opportunity to learn and grow stronger.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

I'll end this with the great Michael Jordan quote on failure (if you like it, print it and keep it with you):

"I've missed more than 9,000 shots in my career. I've lost almost 300 games. Twenty-six times I've been trusted to take the game-winning shot and missed. I've failed over and over and over again in my life."

Failure is a part of everyone’s path to success — provided they don't give up. And don’t forget to use your network work for support. We’ve all failed and felt doubt about our career goals. Ask for help. I am more than available to help any cybersecurity enthusiasts if anyone is facing any similar challenges (confidentiality will be maintained if required).

Harman Singh
Harman Singh

Harman Singh is a security professional with more than 10 years of consulting experience across private and public sector organizations. His day job involves serving his consulting business customers at Cyphere to reduce their security concerns. Cyphere's primary expertise lies in technical risk assessments across traditional networks and cloud computing threat landscapes. Besides delivering pentesting, he has also delivered talks and trainings at Black Hat and regional conferences. His favorite security topics are Active Directory, Azure and networks.