


Cybersecurity professionals are often expected to lead with confidence, decisiveness and a collection of certifications. But real leadership also means being open about missteps, especially when there’s something others can learn from them.
Recently, I was honored to be accepted into ISACA’s beta program for the Certified Cybersecurity Operations Analyst (CCOA) certification. I didn’t pass the exam.
With more than 20 years in technology and over a decade focused on information security, this wasn’t an outcome I expected. But it turned out to be a powerful reminder: even experienced professionals can stumble, and that’s exactly where the best lessons often lie.
Why I Took the CCOA
As someone who holds the CISM, CISSP and a master’s degree in cybersecurity, my role today centers around strategy, governance and building cyber resilience at scale. But I’ve always believed in staying technically grounded. You can’t lead what you don’t understand.
That’s why I jumped at the chance to participate in the CCOA beta. Unlike CISM, which focuses on program oversight and control frameworks, the CCOA is tactically focused, zeroing in on incident response, threat detection, asset protection and real-world decision-making under pressure.
I also regularly sharpen my skills through platforms like TryHackMe and Hack The Box. Virtual labs and simulated attacks aren’t foreign territory for me; I enjoy them. So, I felt well-positioned to approach the exam with both technical competence and contextual awareness.
What Went Wrong
The issue for me wasn’t the exam content; it was my exam setup.
The CCOA is delivered through remote proctoring using the PSI Secure Browser, which enforces a single-monitor rule. External monitors aren’t prohibited outright, but if both your laptop screen and external monitor are active at the same time, the exam won’t launch correctly.
In my case, I had both screens active. I didn't realize that this would be flagged or that it would limit my ability to work within the secure browser environment. Once the exam began, I found myself navigating lab scenarios on a single, cramped 13” screen, struggling to toggle between tools and data in a fluid way.
By the time I reached the first major lab, I recognized I wasn’t set up to succeed. I made the call to exit early.
Despite that, I did walk away with some positives, including a score of 800 in the “Adversarial Tactics, Techniques, and Procedures” domain. The knowledge was there. The problem was execution.
Lessons I’m Taking with Me (and Passing On to You)
- Respect the exam logistics.
Even if you know the content cold, it won’t matter if you’re fighting against your setup. Understand the delivery platform. Test your hardware. Know the rules, including carefully reviewing all exam-day guidance that is provided. - Experience doesn’t make you immune.
Having certifications and seniority doesn’t exempt you from operational missteps. Every certification has its own format and demands. Treat it with the respect it deserves. - Being vulnerable is part of being a leader.
It’s tempting to only share the wins. But growth happens in the open. If my experience helps even one person avoid the same mistake, then it was worth sharing. - The CCOA is the real deal.
This isn’t a multiple-choice memory test. It’s hands-on, realistic, and relevant to the actual demands of cybersecurity operations. I respect it even more now than I did going in.
Looking Ahead
I’ll be retaking the CCOA—this time with a better setup, a single active monitor and the benefit of hindsight. I still believe in the certification. In fact, I believe in it more now, because I’ve seen firsthand how rigorously it tests not just what you know, but how you apply it under constraints.
To anyone preparing for this exam: don’t just study, simulate. Replicate the environment. Practice labs with a single screen. Get used to discomfort. It’ll pay off.
And to fellow cybersecurity leaders, especially those who mentor others: step into the discomfort now and then. It keeps us sharp, humble and connected to the realities our teams face.
Failing the CCOA didn’t dent my confidence; it deepened my commitment. Because failing forward is still moving forward. And that’s what matters most.