fbpx

How To Pass The PORP Certification Exam

by | Apr 16, 2025 | Learning | 0 comments

How to pass the PORP Exam
The Practical OSINT Research Professional (PORP) certification tests your ability to gather, analyze, and report on open-source intelligence. Like any TCM Security exam, we designed the test to mirror what is being taught in the course – in this case, the “Open-Source Intelligence (OSINT) Fundamentals” taught by the one and only Heath Adams. Creating this exam has been one of the highlights of my career, and so it’s with great pleasure I present this primer on the PORP exam. If you want to pass, here’s what you need to focus on.

Understand the Exam Structure

The PORP is a practical exam with hands-on challenges where you must compile a report on your findings. There’s no multiple-choice guessing – your success depends on actual research, reporting skills, and time management. The exam is scored on a 100-point system, with a passing score of 80 points. Students have 72 hours to complete their research and report, unlike other TCM exams where work and reporting time are separate. This means that from the moment students start the PORP, they have exactly 72 hours to submit their report to the exam platform.

Take the OSINT Fundamentals Course

As previously stated, the exam was created to mirror what students learn from the Open-Source Intelligence (OSINT) Fundamentals course. Go through it, take notes, go back through parts that potentially didn’t make sense but don’t feel too much pressure, you’ll get to keep the course for 12 months after purchase.

The following concepts are taught in the course:

  • OSINT Overview
  • Effective Note keeping
  • Creating Sock Puppet Accounts
  • Basic and Advanced Search Engine OSINT
  • Image OSINT
  • Email Address OSINT
  • Breached Data OSINT
  • People OSINT
  • Phone Number OSINT
  • Username OSINT
  • Website OSINT
  • Social Media OSINT
  • Wireless Network OSINT
  • OSINT with Tools
  • Automating OSINT
  • Report Writing

If you would like to get a feel for the training, we have you covered on YouTube where we’ve uploaded the previous version of the course (5 hours of content).

learn how to hack, then prove it

Grow & Know Your OSINT Methodology

The key to success in OSINT isn’t in knowing just the tools, it’s understanding the methodology behind them. Tools come and go, but a solid research process remains essential. Learn how to find and use OSINT tools effectively, but also be prepared to conduct thorough, manual investigations when needed.

Don’t forget to take great notes on methodology and tools! You’re more than welcome to utilize the course during the exam if you need it, as well as those notes.

Practice, Practice, Practice

There is no better way to learn OSINT than to do OSINT, so here’s a bonus challenge:

Identify this Park!

This park is named after an interesting geological finding here, one of the largest collections in the world. These curiosities would inspire many paleontologists to do research here, one of the first being an interesting character. Who was the paleontologist that first led a fossil expedition in the park and what museum did they fund and establish in 1908?

Not many can say they’ve been to this museum as it is closed to the public. Rumor has it, however, that a resident fossil there adorns a festive hat sometimes. Find the picture, I promise at least one exists out there.

To succeed at this challenge, you’ll need to correctly answer the following questions:

  • What national park is this?
  • Who first led a fossil expedition in this park and what is the name of the museum established?
  • What fossil wears a festive hat at the museum identified above?
Example of location OSINT
Applying your skills to real-world scenarios like this is a great first step, but to get the full effect of what you’ll face in the PORP go ahead and write up these findings in report form.

You can find the answers to this question, along with other practice questions, pinned in the #tcm-sec-porp channel of our Discord server.

TCM Sec PORP Discord sample

Focus on Time Management and Report Writing

You have a limited window to complete the exam, so plan your time wisely. Personally, the method I follow looks something like this:

  • Skim through all the tasks first.
  • Prioritize and then perform the ones you’re confident in, complete the report for those findings
  • Review the remaining and re-prioritize, repeat reporting
  • Leave time for a final review of the report for consistency and appropriate screenshots

Speaking of that last bullet, finding information isn’t enough, as you’ll need to present it clearly. Your report should be structured, concise, and professional. Include:

  • The methodology you used
  • Your findings with supporting evidence (screenshots)
  • A well-organized conclusion for each question

If you need a report template for the exam, we’ve made one that you can use.

Before submitting, double-check your findings. Cross-reference sources, ensure links are valid, and confirm your report is complete.

Final Thoughts

Passing the PORP exam isn’t about memorization but about skill. If you practice consistently and refine your research and reporting abilities, you’ll be well-prepared to pass.

Reports are graded in the order that they are received, so expect a response within a few days (or shorter, our Support team is legendary). For questions during the exam, always direct them to [email protected], as asking questions in Discord or elsewhere can result in some unwanted consequences.

Finally, and on a personal note, this exam was designed to be fun. The course and exam should challenge you to consider how to find and think about data but also allow you the creativity to explore these questions and create a meaningful report. Take breaks, get good rest, and eat well. You’ve got this.

Get your training and vouchers for the Practical OSINT Research Professional today!

About the Author: Angela Brown

As a versatile cybersecurity professional, Ang (d1r7b46) currently serves as an Offensive Security Engineer at TCM Security. Prior to joining TCM, Ang held roles as a DFIR Team Lead and Security Consultant. With a specialization in Open Source Intelligence (OSINT), she dedicates her expertise to researching and combating scams.

Beyond her technical proficiency, Ang actively contributes to community initiatives, particularly within cybersecurity-focused Discord servers. Ang holds a Bachelors of Business Administration, as well as the PNPT and several cloud certifications.

About TCM Security

TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.

Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Email List | LinkedIn | YouTube | Twitter | Facebook | Instagram | TikTok
Contact Us: [email protected]

See How We Can Secure Your Assets

Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.

tel: (877) 771-8911 | email: [email protected]