Practical Junior OSINT Researcher (PJOR) exam and course review
As I continue to share my journey from zero to hero in the world of cybersecurity, I am excited to announce that I have successfully passed the Practical Junior OSINT Researcher (PJOR) Certification from TCM Security on my second attempt (you can verify my credentials here). Despite having no prior IT/cybersecurity background or experience, my passion for this field has driven me to pursue this path.
In my previous articles, I shared my experiences passing the CompTIA A+, Network+, Security+, and Practical Junior Penetration Tester (PJPT) certifications. If you’re interested in those stories, please explore them in my Medium profile.
In this article, I’ll share my journey of pursuing the Practical Junior OSINT Researcher (PJOR) certification. I’ll discuss my motivation for taking the exam, review the TCM Security OSINT course, share lessons learned from my first attempt, and detail my successful second attempt.
Why I Pursued the PJOR Certificate
At the time I decided to pursue the Practical Junior OSINT Researcher (PJOR) certification in March 2024, it was a relatively new certificate that had not yet gained widespread recognition within the cybersecurity community. My decision to challenge myself with this certification was driven by two factors.
I wanted to test and enhance my skills in Open-Source Intelligence (OSINT) gathering and analysis. I believe that OSINT skills have valuable applications in day-to-day activities. Whether conducting research for personal or professional projects or seeking specific information, the ability to effectively gather and analyze data from publicly available sources is a powerful asset.
Moreover, I had plans to pursue the Practical Network Penetration Tester (PNPT) certification in the future. The PNPT exam requires a strong foundation in OSINT techniques, as they are often employed in the reconnaissance phase of penetration testing engagements. Having already completed the TCM Security OSINT course, I felt that attempting the PJOR certification would serve as an excellent steppingstone and preparation for the PNPT.
OSINT Course Review:
Compared to other TCM courses, such as Practical Ethical Hacking and Privilege Escalation, the OSINT course is quite beginner friendly. It does not require any technical knowledge, making it accessible to anyone with a desire to learn.
The course structure is well-organized, focusing on essential concepts and techniques. The author not only teaches the tools and techniques but also emphasizes the mindset and methodology needed to approach OSINT tasks effectively. I thoroughly enjoyed the learning material and challenges.
However, I feel that the course could benefit from more hands-on practice exercises, similar to those in the Practical Ethical Hacking and Privilege Escalation courses, where each lesson is accompanied by practical exercises to reinforce the concepts learned.
First Exam Attempt:
Before taking the exam, I felt confident in my ability to pass, given my success with the PJPT exam, which I completed in 8 hours. I had taken thorough notes and knew how to find and search for information. However, I lacked a solid methodology to tackle the exam questions efficiently.
The exam allows three days to solve all questions and submit a report. Due to my limited practice in OSINT challenges, I spent a significant amount of time searching for information in the wrong directions and sometimes over-searching. As a result, I spent around 2–3 hours on each question on average, which was far too long.
The lack of a clear methodology led to moments of panic when I couldn’t find the answers. I even considered skipping questions and moving on, but my previous experience reminded me that this isn’t always the best strategy.
I managed to solve all the questions, but not all of them were correct (=. The exhaustion from spending long hours on each question took its toll, and I made a mistake by misunderstanding a question on the first day. I dedicated all three days, from 09:00 to 21:00, to the exam, with short breaks for meals and relaxation from the exam.
Exam Results and Lessons Learned:
After submitting my report on Sunday evening, I eagerly awaited the exam results. On Tuesday, I received the news that I had failed. It was a bitter pill to swallow, knowing that answering just one easy question correctly would have tipped the scales in my favor.
It’s crucial to understand that the exam report does not offer specific hints or pinpoint the exact questions where errors occurred. Instead, it only indicates the sections in which mistakes were made, placing the onus on the candidate to undertake a thorough review of their work and identify the areas that require improvement.
I meticulously reviewed my report numerous times, scrutinizing every detail and comparing it against the exam questions. Through this process, I identified only one mistake I made before the exam. The second mistake was identified during the second attempt.
The most significant lesson I learned was the crucial importance of having a structured methodology to approach the questions efficiently. However, it became apparent that this methodology is developed during practice, such as exam, rather than beforehand, as the OSINT course offers only a limited number of practice questions.
Upon reflection, I found that the majority of the 14 exam questions were well-crafted. Certain questions were designed in a way that, if successfully cracked, provided a clear indication of whether the solution was correct. However, there was one question that I found less appealing, as it required tedious manual searching across multiple resources, which felt like a monotonous and time-consuming task.
Second Exam Attempt:
Armed with the valuable lessons learned from my first attempt and a refined methodology, I approached the exam with renewed determination. The second time around, the process felt much smoother and more manageable. I had a clearer understanding of what to search for and how to conduct my searches effectively. As a result, I no longer spent hours agonizing over each question, allowing me to progress through the exam at a more relaxed and comfortable pace, dedicating an average of 3–4 hours per day.
One key insight I gained was the importance of drafting the report simultaneously with taking the exam. The reporting aspect of this exam is an extensive and time-consuming task, so it is wise to begin documenting your findings and thought processes from the very beginning. To give you an idea of the scale, my OSINT reports for both attempts spanned around 110 pages each.
PJOR certification exam and the accompanying OSINT course offered by TCM Security are valuable resources for anyone interested in enhancing their skills in Open-Source Intelligence gathering and analysis. The course is well-structured, beginner-friendly, and provides a solid foundation in OSINT techniques and methodologies. The exam itself is challenging yet well-crafted, with questions designed to test one’s ability to apply OSINT skills in real-world scenarios. Overall, the PJOR certification and OSINT course are excellent resources for those looking to enter or advance in the field of cybersecurity, particularly in roles that involve intelligence gathering and analysis.
Conclusion:
Failing an exam can be a disheartening experience, but it is essential to remember that setbacks are a natural part of the learning process. Instead of dwelling on the disappointment, focus on extracting valuable lessons from your mistakes and using them as steppingstones for growth and improvement.
Embrace the challenges presented by the exam, as they serve as powerful learning opportunities. The knowledge and skills you acquire during the exam preparation and the exam itself are just as valuable as the certification itself. Keep a positive mindset, stay determined, and approach your next attempt with the wisdom gained from your previous experiences.
I hope that sharing my journey and the lessons I’ve learned along the way has been helpful and inspiring to you. If you’d like to connect with me, discuss your own experiences, or explore opportunities in the cybersecurity field, I invite you to join me on LinkedIn. Feel free to send me a connection request.
Thank you for reading and happy studying!