About Me
In March of 2022, I was able to successfully pass the Isaca CISM exam. For reference, I also have the following active certifications: CySA+, Security+, Amazon CCP and Certified Ethical Hacker (although I could write an entire article complaining about EC-Council…but, I won’t do that today). My current job (as of mid-2021) has me leading a group that performs penetration testing, threat intelligence and vulnerability management.In addition to this, I’ve held another leadership position prior to this. I went into studying for the CISM really thinking I had a good grasp on what it entailed – until I really started studying. More on this in a bit…
The certification portion of my career really kicked off in 2019 when I obtained my Security+. This was the first and only time I had ever went to a physical location to take a certification test. The rest of my exams, including the CISM were all taken from the comfort of my home (which I perfer).
My Personal Review & Experience
I must admit, when I started studying for CISM, I really believed that I understood most everything there was about being a leader in the security world. For example, I understood costs vs benefits, risk (after all, I am in charge of the vulnerability management team which calculates risk for a living) and I REALLY understand how to communicate with senior/executive staff. I truly (and admittedly) believed this test would be a cake walk for me. After really – really reading the material, I found that I did actually learn a lot and do use the data that I have learned in several aspects of my career.
If you are on the fence about deciding whether or not to take the exam, also note the experience requirements CISM has in place to actually earn the certificate. It’s one thing to pass, another to get someone to vouch whether or not you have 5 years experience in the field.
Overall, I had spent about 3 months studying (deciding I would take the test mid-December for my 2022 certification New Years’ resolution). I studying almost everyday, including weekends for 1-3 hours per day. I probably over studied to be honest, but CISM is so highly regarded among management in cyber and I did not give myself the option to fail. The idea that only 50-60% pass the first time made me a bit nervous. I tend to be very hard on myself when I do fail, I did not want to go down that path – though if I did, I would have still learned a lot. Do not be as hard on yourselves as I can be on myself – I am working on it.
On the actual test day, I tried not to burn myself out studying. This is why I tend to schedule my tests as early as I can since that’s when I can think the clearest. I had also taken the entire day off work to clear my head of any work related anxiety and pressures that could interrupt my test…I’m serious when I say I truly tried my best not to fail. All of these things make difference (including what you eat the morning of). Logging into the test environment was not hard. You are able to log in and start your test 30 minutes early if you choose to (I did). You can only have one monitor and no items are allowed on your desk.
By the way, if you choose to do your test at home, you’ll also need to download Isaca’s secure browser tool. The tool will test to make sure your microphone and camera work. Also, the secure browser said my mic was not working, a Windows test showed it was fine…Don’t let this hang you up – appeared to be a glitch in their tool). Unlike other at home exams, the proctor did not talk to me at all, it was all done through a chat window.
Study Materials & Tips
I try not to spend a bunch of money buying out material from the certification company. I know thats how they tend to get you to spend way more than you need to. (Same reason why I don’t buy an overpriced drink when I go to McDonalds…)
First, I bought the All-In-One CISM guide (dubbed “AIO” in Reddit). In my opinion, you do not have to buy the latest and greatest edition. Use this purely as a way to read and get a high level understanding of the material.
Second, lots of practice exam questions. WARNING, there are many available free online but be cautious!! There are many instances of incorrect answers on uncredible sources like Quizlet. It may sound cost-effective to use someone else’s notecards but trust me — they can often be incorrect and cause you to go down a rabbit hole. I did use the Isaca Question and Answer database, aka “QAE” (in textbook format ). Note that I did not buy it off of the Isaca site. I actually got it off eBay for 1/2 the price. This was a great way to really understand what an Isaca test is like. My tip to you here is that when you get an answer wrong, read the entire explanation. The pieces in the explanation may actually be part of a question in the actual CISM exam. The other tool I used was the IT & Cyber Security Pocket Prep phone app. I rate the app 10/10, I did all 600 CISM questions in the phone app and felt so happy I did when my CISM exam had a bunch of topics that the app touched on as well.
The CISM exam will change June 2022 (Here is the latest outline: https://www.isaca.org/credentialing/cism/cism-exam-content-outline)
Finally, good luck!!! I wish you all luck in your infosec journey.
Related Links
Pingback: legitimate canadian mail order pharmacies