did anyone take and pass CISA after CISSP?

just want to ask how the things learned through the CISSP study would contribute to the CISA exam. I passed CISSP this May.

As my employer will just pay for whatever security exam that i can think of, i am considering get the CISA done if it does not take me too much time.

what else would you recommend to study?

I am also considering OSCP, but it will take 1+ year with extensive amount time spent.

I have CCNP security, CISSP, MCSE, RHCSA

Find more posts tagged with

Comments

TankerT

n95950 wrote: »

just want to ask how the things learned through the CISSP study would contribute to the CISA exam. I passed CISSP this May.

As my employer will just pay for whatever security exam that i can think of, i am considering get the CISA done if it does not take me too much time.

what else would you recommend to study?

I am also considering OSCP, but it will take 1+ year with extensive amount time spent.

I have CCNP security, CISSP, MCSE, RHCSA

I took the CISA after the CISSP. I used the ISACA online test database (this is a must) and got to the point where I was scoring 80%+ on the exams I took. I also had the CISA exam book by Peter Gregory. Mostly, it was the test engine, with the book for reference on a few items. I passed with flying colors. I have been around the audit world for 15+ years, although I am not an auditor. If you have the CISSP, you'll have the tech stuff down cold.

You will find with ISACA, most people will tell you to use the official practice tests. What else to use will vary a lot.

coffeeisgood

CISSP passed May 2016
CISA passed Sept 2016

they are related but study the official material, database of questions.
I used the CISA Sybex "unofficial" study guide as well. The Sybex unofficial guide is actually readable and did help with the overall understanding. That said, you must use the official guide & database to pass.

numberfive

The problem of CISA exam is that they expect you to have very specific ISACA-mindset and knowledge of theory, sometimes answers are very not obvious if you follow common logic.
You will not be able to answer some questions if you don't know the exact ISACA position on the topic and your security experience will lead you to the wrong conclusion.
I think CISSP is more straight forward.

Minding your security background, you can pass the exam itself practicing only with test engine, after like 700-800 questions you will get the idea of the difference between ISACA audit methodology and reality.

No_Nerd

hum.... maybe I should put PMP on hold and work on CISA ....