ASIS International’s Certified Protection Professional (CPP) certification is highly beneficial for security professionals seeking leadership roles. It has its flaws but, anecdotally, I have seen it mentioned in job ads more often than any other designation. When I passed the requisite exam in early February and promised to offer my thoughts, the reaction from future test-takers was welcoming. So here they are. To paraphrase the Law & Order TV franchise, “this is my story. DUN DUN.”

Let us set the scene. My study materials consisted of the Protection of Assets (POA) set, minus one book that I could not get my hands on. I also had the full deck of official ASIS flash cards and used the unofficial Brandon Gregg flash card compilation. For study strategy, I drew on Travis Lishok’s guide, though I stretched it out over a few extra months to account for a busy fall work season and my inability to stay awake while reading the POA volumes.

With that in mind, these are my personal tips, tricks, and observations for exam prep, but especially for taking the exam. They are not meant to touch on specific content, but rather help you logic your way to a passing score. The caveats are that I do not know how I did on any individual questions, and that the POA set, and presumably the exam itself, are in the process of getting updated.

• Be on the lookout for sneaky adverbs – if you have taken any standardized test, you should be familiar with the danger of words like “always” and “never.” The CPP exam is no exception, and on several occasions when going back to a question I was uncertain about, I realized that I had not noticed those tripwires the first time around.
• Later questions can help answer earlier ones – another reason to revisit earlier questions has to do with the fact that you may stumble upon answers later in the test. If you encounter a similar concept a few dozen questions after one you were unsure about, see if there is a clue to help you with the previous query.
• Use the same answer across multiple similar questions – so you crammed the night before and do not remember a theory or some physical security system component that pops up multiple times? The best strategy might be to answer the same way for all those questions. I figured it was better to get at least one out of three right, though this was an admittedly risky approach.
• Memorize one-definition concepts and key terms – the POA books are full of ideas described through extensive bulleted lists. But on a four-option multiple choice exam, it is somewhat easier for ASIS to ask questions about terms that have one facet as opposed to ten. Memorize those one-definition concepts, whether they are in the flash cards or not.
• Yeah, those absurd tables matter - along the same lines, discrete numerical values are also easy to leverage for multiple-choice test development. Consequently, I am sorry to say that you should become fast friends with those terribly exact spec and best practice tables.
• Find patterns on “exception” questions – if you took any CPP practice exams—including the one on the ASIS site—you probably noticed there are many questions asking you to identify which of the four choices does not fit. This again has to do with the POA set’s love affair with bulleted lists and the impossibility of fitting all the correct bullets into four choices. On these types of questions, I recommend simply thinking hard about which choice has nothing to do with the others instead of aiming to memorize all the correct answers when studying.
• When in doubt, choose the holistic answer – in addition to tricks, I think it is helpful to consider the psychology of both ASIS and the corporate security industry writ large when taking the exam. One element is the tendency toward holistic approaches and inclusion. The need for communication and collaboration especially is a reoccurring theme throughout the POA books, so if you find yourself in doubt, choose the answer that brings you closer to that goal.
• Err on the side of conservatism – no, not political conservatism and or anything that holds back industry progress. I am referring to conservatism as gradualism and evolution rather than a radical break with the past. Each POA book describes at least five to ten processes or cycles, so if you find yourself leaning toward a choice favoring sudden change, ask yourself whether it is truly warranted.
• You are in the private sector now, act like it – the POA set helps security professionals become more skilled, but it is also a tool for transforming public sector employees into capable private sector leaders. There is no shortage of possible questions where the right answer for law enforcement would be the wrong answer for a business setting. Choose business every time.
• People and values trump all else – the last thread that unites all the POA books is the idea that people are the most critical security asset and the most significant security vulnerability. I would therefore argue that answers highlighting the importance of humans and their characteristics are generally a safer bet than answers putting faith, or fault, in security gizmos.