Reviewing my Experience with CREST CPSA

I recently completed the CREST Practitioner Security Analyst (CPSA) certification, here are some of my thoughts and reflections on the experience.

CPSA is an entry level certification for cyber security analysts, focusing on practical skills in vulnerability assessment and basic penetration testing. The exam consists of 120 multiple choice questions with a 2 hour time limit. The questions range across multiple topics, with heavy focus on the fundamental concepts of security analysis rather than deep knowledge and practical experience.

I referred to the official syllabus as a checklist while studying, ensuring I covered all the necessary topics. I made my notes based on that, and also tweaked it further after looking for additional resources online to get an idea as to what kind of questions to expect. For fact recall type questions, I made flashcards to help with memorization and also practiced with free online quizzes that I could find. For the scenario based questions, it is important to understand the underlying concepts and technologies so it can be applied to different situations.

The exam itself was fairly straightforward, with a mix of theoretical questions and scenario based problem solving. The questions were generally clear and unambiguous, though some required careful reading to avoid misinterpretation. The exam enviroment allows flagging questions for review, which I used to mark difficult questions and return to them later if time permitted, which helped with time management.

Overall, I found the CPSA certification to be a valuable learning experience as it highlighted the gaps in my fundamental knowledge that I need to work on. While the exam was not overly technical, it did require a solid understanding of the core concepts and some memorization work, serving as a good refresher for the basics.