CISA exam passed!
I just got done with my exam today. Overall, my experience with PSI was good. I took mine at a PSI center in New Jersey, and I must say that the staffs were very friendly and professional. The exam center was nice and quiet, so I could concentrate on my exam. I got an issue with the computer there at first. At first, the exam kicked me out (I had to log back in) once every six minutes. I was not happy, and I kept wondering why the connection to the ISACA server was that bad. However, I figured out how to fix the issue. Indeed, the clock in my computer ran 5 minutes faster than the normal clock, and I figured it was the reason why the test kept timing out on me. Hence, I updated the clock myself, and it did the trick to keep the exam up. So, just a tip if you find yourself in a similar situation.
Back to exam experience, imo CISA was the hardest exam I ever did. I even put I strongly disagreed that the exam questions were clear and concise in the survey at the end. Questions on the real exam were vague like usual. I got a lot of similar questions to the ones in the QAE. I marked a lot questions for review, and I changed about 10 of them. In the end, my eyes got so blurry, and I was so hungry that I could not concentrate. I still managed to review all questions at least twice. I could not be happier when I saw that I passed because I would not want to take this *not so good exam* again.
I studied for about 4 hours every day last May right after I was done with grad school. Before that, back in January, I started reading the study guide by sybex. I could not remember much. I read through the manuals twice, once back in March and once during the review period last month. I also used the all in one book (1st tho, it is old but still useful). I think the important part about prepping for the exam was taking a lot practice tests. I did all 600 questions from sybex, 400 from the all in one (tip: you can google the totalsem cisa exam for free tests), and I also finished all 1000 questions from ISACA with a total of 1700 questions attempted. For a new set of 100 questions, I only got around 70s. Like others have said, it was important to understand the concepts. Thanks a lot to those who took other exams before me and gave me tips.
Now on to the CISM on June 23rd. I will write my review about my experience on that as well
Back to exam experience, imo CISA was the hardest exam I ever did. I even put I strongly disagreed that the exam questions were clear and concise in the survey at the end. Questions on the real exam were vague like usual. I got a lot of similar questions to the ones in the QAE. I marked a lot questions for review, and I changed about 10 of them. In the end, my eyes got so blurry, and I was so hungry that I could not concentrate. I still managed to review all questions at least twice. I could not be happier when I saw that I passed because I would not want to take this *not so good exam* again.
I studied for about 4 hours every day last May right after I was done with grad school. Before that, back in January, I started reading the study guide by sybex. I could not remember much. I read through the manuals twice, once back in March and once during the review period last month. I also used the all in one book (1st tho, it is old but still useful). I think the important part about prepping for the exam was taking a lot practice tests. I did all 600 questions from sybex, 400 from the all in one (tip: you can google the totalsem cisa exam for free tests), and I also finished all 1000 questions from ISACA with a total of 1700 questions attempted. For a new set of 100 questions, I only got around 70s. Like others have said, it was important to understand the concepts. Thanks a lot to those who took other exams before me and gave me tips.
Now on to the CISM on June 23rd. I will write my review about my experience on that as well
Comments
-
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass! My exam is on Thursday.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
TankerT Member Posts: 132Congrats on the pass! My exam is on Thursday.
I'd say good luck, but with your background, I think you have a solid grasp on the items. -
scasc Member Posts: 465 ■■■■■■■□□□Nicely done - I'm debating to do one of CISA/CRISC as it looks good on CV - going for senior Cyber management roles (Deputy CISO type). For the life of me not sure which one to do. Have worked and done both audits/risk management etc.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
-
JoJoCal19 Mod Posts: 2,835 ModNicely done - I'm debating to do one of CISA/CRISC as it looks good on CV - going for senior Cyber management roles (Deputy CISO type). For the life of me not sure which one to do. Have worked and done both audits/risk management etc.
Both. But if you can only tackle one for a while, I'd say the CRISC for the type of role you're aiming for. FWIW my bosses boss, a high level Director that runs IRM globally for our org and is 2nd down from our CISO has CISSP, CISM, CISA, CRISC. I've seen similar combos for other people in high level positions. However the one differentiator I've seen between CXX level and below, is an MBA.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
scasc Member Posts: 465 ■■■■■■■□□□Thanks for the response - very interesting. I have seen a few CISO's going for the C/CISO certification which looks quite good, actually am keen on it myself as the content looks very relevant. This coupled with either the CRISC/CISA should do the trick hopefully - thus wanting to do just one of them.
The CRISC syllabus looks more interesting to be honest. CISA not necessarily
MBA would be nice - but I would only want to do from a world class school like LBS/MIT/Harvard etc - however these programs dont major in cyber as far as I know - an MBA in Cyber is great but I guess it depends on the reputation of the school.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia... -
tphan3 Member Posts: 39 ■■□□□□□□□□Congrats on the pass! My exam is on Thursday.
-
tphan3 Member Posts: 39 ■■□□□□□□□□Thanks for the response - very interesting. I have seen a few CISO's going for the C/CISO certification which looks quite good, actually am keen on it myself as the content looks very relevant. This coupled with either the CRISC/CISA should do the trick hopefully - thus wanting to do just one of them.
The CRISC syllabus looks more interesting to be honest. CISA not necessarily
MBA would be nice - but I would only want to do from a world class school like LBS/MIT/Harvard etc - however these programs dont major in cyber as far as I know - an MBA in Cyber is great but I guess it depends on the reputation of the school.
The qualification requirements for C|CISO look insane for the self-study track. I am just wondering why one would want to do CRISC if he/she already had C|CISO as C|CISO also includes governance as one of its domains? -
averageguy72 Member Posts: 323 ■■■■□□□□□□Congrats!CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
-
scasc Member Posts: 465 ■■■■■■■□□□The qualification requirements for C|CISO look insane for the self-study track. I am just wondering why one would want to do CRISC if he/she already had C|CISO as C|CISO also includes governance as one of its domains?
Valid point - same can be said about CISA too as it has a section on audit. however it still looks good on resume as it covers areas around strategic planning not found in the others (CCISO). As for the CRISC - I think it goes deeper into some of the things found so would be useful to still do perhaps. Either way they all are good HR filters.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...