Certification Prep

IT Certification Study Hub

Structured preparation for every major IT certification — domain guides, practice questions, exam how-tos, and study plans built for practitioners who learn by doing.

Covering CompTIA, ISC2, Cisco, AWS, Azure, Google Cloud, ISACA, GIAC/SANS, EC-Council, Offensive Security, Red Hat, and the Linux Foundation — more than 60 certifications across vendor-neutral and vendor-specific tracks.

Browse by vendor / body

Choose your certification track

Select a certification family to access domain-by-domain study guides, practice questions, and a recommended study sequence.

CompTIA

The vendor-neutral gold standard for foundational and advanced IT security, networking, and infrastructure skills.

A+ Network+ Security+ CySA+ PenTest+ CASP+ Cloud+ Linux+

ISC2

Internationally recognised professional credentials for security architects, cloud security engineers, and GRC practitioners.

CISSP CCSP SSCP CSSLP CGRC

Cisco

Networking and security certifications that underpin enterprise infrastructure, from associate to expert-level credentials.

CCNA CCNP Security CyberOps Assoc. CCIE

Cloud Providers

AWS, Microsoft Azure, and Google Cloud certifications for architects, engineers, and security specialists.

AWS SAA-C03 AZ-104 AZ-500 GCP Pro SC-200

ISACA

GRC and audit-focused certifications for IT governance, risk management, information systems auditing, and privacy engineering.

CISM CISA CRISC CDPSE CGEIT

Offensive Security & GIAC

Hands-on offensive security, penetration testing, and incident response certifications from SANS/GIAC, Offensive Security, and EC-Council.

OSCP CEH GPEN GSEC GCIH

PMI & ITIL

Project management and IT service management credentials recognised worldwide — from PMI's PMP and PMI-ACP to ITIL 4 Foundation and Specialist modules.

PMP PMI-ACP PMI-RMP ITIL 4 Foundation ITIL 4 Specialist

DevOps & IaC

Infrastructure-as-code, container, SIEM, and practical offensive security certifications — Terraform Associate, Docker DCA, Splunk, eJPT, and PNPT.

Terraform Assoc. Docker DCA Splunk Core eJPT PNPT
How we structure prep

What you get on every certification page

📚 Domain study guides

Each exam domain broken down into concise, scannable study notes aligned to the official exam objectives. Covers key concepts, frameworks, and terminology the exam actually tests.

❓ Practice questions

Multiple-choice practice questions that mirror the style and difficulty of the real exam, with detailed answer explanations that reinforce domain knowledge rather than just reveal the answer.

🗺️ Study plans

Recommended study sequences for 8-week, 12-week, and 16-week timelines, designed for full-time workers. Includes daily study hour targets, resource prioritisation, and review milestones.

📝 How-tos and labs

Practical how-to guides covering lab setups, tool configurations, and technique walkthroughs aligned to performance-based exam tasks. Particularly detailed for hands-on certifications like CCNA and OSCP.

Additional cert families

More certifications covered

Covered in detail on dedicated pages — click each card to access study guides, practice questions, and free resources.

Career planning

Choosing your next certification — career pathways

The right certification depends on your current role, target role, and time horizon. The pathways below reflect 2025 hiring data and represent the most cost-effective progressions across cybersecurity, cloud, and infrastructure careers.

Pathway: New to IT → Cybersecurity Analyst (12–18 months)

  1. CompTIA A+ — foundational hardware, OS, troubleshooting. ~3 months.
  2. CompTIA Network+ — TCP/IP, routing, switching, common protocols. ~3 months.
  3. CompTIA Security+ — DoD 8570 IAT II credential, the most-requested entry security cert. ~3 months.
  4. CompTIA CySA+ or Cisco CyberOps Associate — SOC analyst skills. ~3 months.
  5. Optional: Microsoft SC-200 (Defender) or Splunk Power User — vendor SOC tooling.

Outcome: qualified for SOC Analyst Tier 1/2, IT Support with security focus, MSP analyst roles.

Pathway: Sysadmin → Cloud Security Engineer (12 months)

  1. AWS SAA or Azure AZ-104 — pick the cloud your target employers use. ~3 months.
  2. AWS Security Specialty or Microsoft AZ-500 — cloud security specialisation. ~3 months.
  3. Terraform Associate or CKA — IaC or container orchestration. ~3 months.
  4. CCSP or AWS Pro-level certification — senior credential. ~3 months.

Outcome: cloud security engineer, DevSecOps engineer, cloud architect roles. Heavy market demand — average compensation premiums of 20–35% over generalist cloud roles.

Pathway: Security Analyst → Penetration Tester (18–24 months)

  1. CompTIA PenTest+ or eJPT — entry-level pentesting concepts. ~3 months.
  2. Hack The Box / TryHackMe — 50+ rooted machines, document each. ~6 months.
  3. OSCP (PEN-200) — the industry-standard offensive certification. ~6 months.
  4. CRTO, OSEP, or Burp Suite Practitioner — specialisation in red team or web app.

Outcome: junior pentester, red team operator, application security consultant. OSCP holders command $95k–$140k salaries in major US markets in 2025.

Pathway: Security Engineer → CISO/Security Manager (24+ months)

  1. CISSP — the prerequisite credential for senior security leadership. Requires 5 years experience.
  2. CISM — management-focused, complements CISSP. ~3–6 months after CISSP.
  3. CCSP or AWS/Azure Security Specialty — cloud credibility for modern CISOs.
  4. CRISC — risk-focused for organisations with mature GRC programmes.
  5. Optional: SABSA, TOGAF — security architecture frameworks for enterprise CISOs.

Outcome: Security Manager, Director, vCISO, CISO. CISSP + CISM combination is the strongest pairing for security leadership roles.

Pathway: Developer → Application Security Engineer (12–18 months)

  1. Security+ or CSSLP fundamentals — secure development concepts.
  2. Burp Suite Certified Practitioner — web application security testing skills.
  3. OWASP Top 10 mastery — practical exploitation of each category against intentionally vulnerable apps (DVWA, WebGoat, Juice Shop).
  4. OSWE (WEB-300) — advanced web application attacks; or eWPT for an accessible alternative.
  5. Optional: CSSLP — secure SDLC certification for senior AppSec roles.

Outcome: AppSec engineer, secure code reviewer, penetration tester (web). High demand as DevSecOps shifts security left.

Pathway: IT Manager → GRC/Compliance Specialist (12 months)

  1. ISO 27001 Lead Implementer — operationalise an ISMS.
  2. CISA — audit-focused, recognised by every regulated industry.
  3. CDPSE or CIPP/E — privacy specialisation; critical given GDPR, CCPA, and emerging state laws.
  4. CRISC — risk management for senior GRC roles.
  5. Optional: HITRUST CCSFP, PCI ISA — regulated industry specialisations.

Outcome: GRC Analyst, Compliance Manager, Internal Auditor, Privacy Officer. Increasingly remote-friendly with strong work-life balance.

Pathway: Sysadmin / Developer → DevOps Engineer (12 months)

  1. AWS SAA-C03 or AZ-104 — cloud fundamentals for your target platform. ~2–3 months.
  2. HashiCorp Terraform Associate — IaC; required or preferred in most DevOps job descriptions. ~2 months.
  3. CKA (Certified Kubernetes Administrator) — container orchestration is table stakes for senior DevOps. ~3 months.
  4. AWS DevOps Pro or Azure DevOps Expert — CI/CD pipelines, SRE practices, cloud-native monitoring. ~3 months.

Outcome: DevOps engineer, platform engineer, SRE. Terraform + CKA combination is the most requested credential combination in DevOps job postings in 2025.

Pathway: Technical Lead → Project Manager (18 months)

  1. Google PM Certificate (Coursera, free to audit) — 35 contact hours required for PMP; this satisfies the requirement. ~3 months.
  2. ITIL 4 Foundation — service management framework; required by many IT management roles. ~1 month.
  3. PMP — the most globally valued PM credential. ~6 months of preparation with 3–5 years documented PM experience.
  4. PMI-ACP — agile specialisation; highly valued in tech organisations running Scrum or SAFe. ~3 months after PMP.

Outcome: Senior PM, Programme Manager, Delivery Manager, PMO Lead. PMP holders earn a median 20% salary premium over non-certified peers in comparable roles.

Study methodology

How to actually pass certification exams — a research-backed approach

Most candidates rely on watching video courses and reading. Both rank near the bottom of evidence-based learning techniques. The approach below applies cognitive science research (spaced repetition, retrieval practice, interleaving) to certification preparation.

1. Build a domain-weighted study plan

Every certification publishes an exam blueprint with percentage weightings per domain. Allocate study time proportionally — there is no advantage to over-studying a 10% domain at the expense of a 30% domain. Build a spreadsheet listing every exam objective with three columns: confidence (1–5), hours spent, and questions answered. Update weekly. This single discipline separates passers from re-takers.

2. Active retrieval, not passive review

Reading and watching are inefficient. Instead: read a section, close the book, write down everything you remember, then check. This forces retrieval — the act that strengthens memory. Practice questions are the most efficient form of retrieval practice: do 20–50 questions daily, review every wrong answer (and every right answer where you were uncertain) by writing the explanation in your own words.

3. Spaced repetition for memorisation-heavy domains

Ports, protocols, cipher suites, command syntax, compliance article numbers — anything requiring memorisation belongs in Anki or another spaced repetition system. The SM-2 algorithm shows cards at expanding intervals based on recall difficulty, drilling weak areas without wasting time on what you already know. 15–20 minutes daily of Anki is more effective than 2 hours of cramming.

4. Hands-on labs for performance-based items

Modern exams (RHCSA, CKA, AWS, Microsoft, CompTIA performance-based questions) test execution, not recognition. Build a personal lab: free tier cloud accounts, VirtualBox VMs, TryHackMe, HackTheBox, Cisco Packet Tracer, EVE-NG. Aim for 30–50 hours of hands-on time per exam. The muscle memory of typing commands under time pressure is what passes performance-based exams.

5. Practice exams under real conditions

One week before the exam, take a full-length practice test in a single sitting, timed, with no breaks beyond what the real exam allows. Score it. If below 80%, push the exam back. Use practice exams from at least two different sources — free options include CertMaster Practice (CompTIA 5-day trial), official Microsoft Learn practice assessments, AWS Skill Builder practice, ISC2's self-assessment quiz, and the official exam body's own sample questions depending on the certification. Avoid braindumps — they are typically copyright violations and often contain incorrect answers that train bad habits.

6. Test-day logistics matter

Sleep 7+ hours the night before — performance drops sharply with sleep deprivation. Eat protein, not sugar, for breakfast. For online proctored exams: clear your desk, test your webcam/microphone in advance, check your room for prohibited items, use a backup connection (mobile hotspot ready) in case Wi-Fi fails. For in-person: arrive 30 minutes early. Most exams allow earplugs and a noteboard provided by the centre — request them. Skim the entire exam first, answer easy questions, mark hard ones for review.

Related research

Our research feed covers certifications in context — regulatory requirements for certified staff, framework alignment to exam domains, and workforce intelligence on credential market value.

Browse the research feed Cybersecurity pillar