CRISC Passed. CISM, CISA, CRISC all cleared in 43 days.

JoJoCal19 · June 2017

Took the CRISC this morning and passed. I must say, this one was the toughest of the three. The questions were nothing like the QAE DB, and I could NOT just eliminate two or three answers immediately. So many questions the answers were all similar and you're trying to determine the best. Unlike the other exams, there wasn't a clear best that stood out to me. This one was also the exact opposite of the CISA QAE DB vs exam. With CISA, I did bad in the DB but aced the exam. With the CRISC I aced the DB but the exam felt super hard.

I was stoked when ISACA moved to CBT with instant pass/fail notification and I knew I was going to knock these out this year. Never thought I would do all three in ONE testing window! After the CISM felt really easy, I decided to go for the CISA and when taking it and feeling like it was so easy decided to attempt to squeeze in the CRISC. Whew! I am DONE with ISACA! (I don't have any reason or desire to push through the CGEIT). So I passed CISM May 8, CISA June 8 and CRISC June 21.

Part of the reason I pushed to knock these out is that I am about tired of pursuing certs that I need to read and memorize information/concepts and take multi-choice exams. I'm honestly about tired of certs period, but I want to pursue more hands on pentesting stuff and also learn to code. I plan to do the CCSK next week, then the PMP in July, and the TOGAF right after and then I think I am unofficially done with certs.

tphan3 · June 2017

Impressive! Congratulations again. How did you manage to tackle all three while working full-time?

JaBaRo · June 2017

Congrats! You must be a genius.

Kyrak · June 2017

Well done, those 3 are on my list as well, but I'm taking my break now after passing the CISSP.

JoJoCal19 · June 2017

tphan3 wrote: »

Impressive! Congratulations again. How did you manage to tackle all three while working full-time?

Thanks tphan. What I did was wake up at 5am every weekday, and occasional weekend day to practice the QAE DB. I also got in at least 1 hour mid-day. I work from home so I am able to save the time getting ready and commuting to work.

JaBaRo wrote: »

Congrats! You must be a genius.

Thanks JaBaRo. No no, far from genius. I think the key is that I have experience across the domains being tested, as well as I have a good GRC mindset, so that really helped.

Kyrak wrote: »

Well done, those 3 are on my list as well, but I'm taking my break now after passing the CISSP.

The good thing is with the new CBT and test windows, you can schedule and take them when convenient for you.

SecurityGuru23 · June 2017

JoJoCal19 wrote: »

Took the CRISC this morning and passed. I must say, this one was the toughest of the three. The questions were nothing like the QAE DB, and I could NOT just eliminate two or three answers immediately. So many questions the answers were all similar and you're trying to determine the best. Unlike the other exams, there wasn't a clear best that stood out to me. This one was also the exact opposite of the CISA QAE DB vs exam. With CISA, I did bad in the DB but aced the exam. With the CRISC I aced the DB but the exam felt super hard.

I was stoked when ISACA moved to CBT with instant pass/fail notification and I knew I was going to knock these out this year. Never thought I would do all three in ONE testing window! After the CISM felt really easy, I decided to go for the CISA and when taking it and feeling like it was so easy decided to attempt to squeeze in the CRISC. Whew! I am DONE with ISACA! (I don't have any reason or desire to push through the CGEIT). So I passed CISM May 8, CISA June 8 and CRISC June 21.

Part of the reason I pushed to knock these out is that I am about tired of pursuing certs that I need to read and memorize information/concepts and take multi-choice exams. I'm honestly about tired of certs period, but I want to pursue more hands on pentesting stuff and also learn to code. I plan to do the CCSK next week, then the PMP in July, and the TOGAF right after and then I think I am unofficially done with certs.

Congrats! BTW - I suggest you consider tackling the "CCSP" from ISC2 instead of wasting your time on the "CCSK" from CSA. I have the CCSK and felt like it wasn't much value added, it's open book, and ISC2 is a more reputable company than CSA.

When I took on the CCSK, the CCSP wasn't out yet so that's the only reason why. Just a thought - Good luck either way.

-SG

anthonx · June 2017

Wow! Amazing... congrats on the passed. What is your advise to those who will be taking the CRISC exam? Not to rely too much on the QAE DB? In your case, your experience across domains were a big help. This is the exact opposite from what I am hearing about the CISM exam, if you aced the CISM QAE DB then your chances is pretty good. Maybe, passing the CISSP, CISA, CISM & others also of great help to you. In my case, I'm watching the CRISC Cybrary videos to expand my knowledge.

Mike7 · June 2017

Congrats! I agree with SecurityGuru23, you should go for CCSP instead of CCSK. Fwiw, i get some hits for CCSP and none for CCSK when I do LinkedIn job search for my country.

NetworkNewb · June 2017

Very nice! Congrats. The CCSK is pretty easy though if he wants to add a cloud security cert. Agree it is not as popular though.

justdavey · June 2017

This is awesome. I couldn't agree more with trying to schedule quickly while you're in the ISACA mindset. Congrats!

Good luck with the PMP. Not sure what your PM'ing experience is but this is the only cert I took a sitdown class for, did a whole bunch of testing questions and still only managed a 'moderately proficient' rating. It was harder than the CISSP for me at least.

Davey

designated1969 · June 2017

Congratulation on Passing all these cert exams. Extremely impressed.

i passed CISM 4 months ago - last of the non CBT

I thought CISM was hard as you metioned questions were nothing like the DB.

I am preparing to take CRISC this Saturday. Currently getting high 90s on the DB questions but still don't feel confident.

Any last minute advice?

pinksj · June 2017

Congratulations pretty impressive. All the very best for the next ones.
Looks like while aiming at ISACA certs it is better to knock down all three with good planning like you.

JoJoCal19 · June 2017

Thanks everyone!

anthonx wrote: »

Wow! Amazing... congrats on the passed. What is your advise to those who will be taking the CRISC exam? Not to rely too much on the QAE DB? In your case, your experience across domains were a big help. This is the exact opposite from what I am hearing about the CISM exam, if you aced the CISM QAE DB then your chances is pretty good. Maybe, passing the CISSP, CISA, CISM & others also of great help to you. In my case, I'm watching the CRISC Cybrary videos to expand my knowledge.

I do recommend the QAE DB. For each exam I only used the QAE DB and not the book. For the CISA and CRISC I didn't crack open the books once. Work paid for them so they will make nice references for my bookshelf.

designated1969 wrote: »

Congratulation on Passing all these cert exams. Extremely impressed.

i passed CISM 4 months ago - last of the non CBT I thought CISM was hard as you metioned questions were nothing like the DB.

I am preparing to take CRISC this Saturday. Currently getting high 90s on the DB questions but still don't feel confident.

Any last minute advice?

If you're scoring high 90s then you're doing a little better than I was on the DB. I recommend knowing the WHY behind your answers. Most all of my questions were BEST, MOST, etc and it was a tough choice between some of the answers.

SecurityGuru23 wrote: »

Congrats! BTW - I suggest you consider tackling the "CCSP" from ISC2 instead of wasting your time on the "CCSK" from CSA. I have the CCSK and felt like it wasn't much value added, it's open book, and ISC2 is a more reputable company than CSA.

When I took on the CCSK, the CCSP wasn't out yet so that's the only reason why. Just a thought - Good luck either way.

-SG

Mike7 wrote: »

Congrats! I agree with SecurityGuru23, you should go for CCSP instead of CCSK. Fwiw, i get some hits for CCSP and none for CCSK when I do LinkedIn job search for my country.

The reason for the CCSK is because it's a 'quick win', and as NetworkNewb mentioned, it's an easy cloud cert to add to my resume as I have none. As for the CCSP, I have wanted it since it has come out but due to a couple of reasons I don't know that I'll pursue it. For one, seeing people fail it left and right in the cloud section of the forum. People that I would have thought would pass it for sure. And two, like I mentioned, my time studying for certs like that are coming to an end. I only think I have enough drive left for one more deep study cert and I want the PMP. These certs where you have to read, read, read and take mult-choice are really grueling for me. While I look at the CCSP exam outline and it seems fairly easy, if I put in the effort to study for it and didn't pass then that would probably kill any desire to do another cert for sure. Who knows, if I see more people pass it then I may see if I can do a 1-2 week cram after the PMP. But honestly, I think PMP and TOGAF will be the last of those types of certs I go for.

JoJoCal19 · June 2017

Ah screw it, challenge accepted! Read through the outline again and looked at the ToC for the Sybex CCSP Study Guide. I think I can do this without too much trouble.

tphan3 · June 2017

You should go for CCSP for sure. I am half way through the CCSP study guide, and it seems very easy to read. All the stuffs I have read so far are pretty basic as they are also included during my time studying for the CISSP.

designated1969 · June 2017

designated1969 wrote: »

Congratulation on Passing all these cert exams. Extremely impressed.

i passed CISM 4 months ago - last of the non CBT I thought CISM was hard as you metioned questions were nothing like the DB.

I am preparing to take CRISC this Saturday. Currently getting high 90s on the DB questions but still don't feel confident.

Any last minute advice?

Today I passed CRISC - final result in 10 days!:D

CBT experience was horrible, lots of technical issues, where the software just stopped responding with about 94 minutes left

by the time it was resolved the proctor had to leave so was forced to submit the exam with 30 minutes still on the clock.

I continued with DB review - logged about 60 hours scored 100% on three of the 4 modules but the DB questions were nothing like the real exam and a week off work to read the book - not the most exciting read but totally paid off.

[Deleted User] · June 2017

Congrats that is a lot to accomplish in 43 days!

datacomboss · July 2017

JoJoCal19 wrote: »

Part of the reason I pushed to knock these out is that I am about tired of pursuing certs that I need to read and memorize information/concepts and take multi-choice exams. I'm honestly about tired of certs period, but I want to pursue more hands on pentesting stuff and also learn to code. I plan to do the CCSK next week, then the PMP in July, and the TOGAF right after and then I think I am unofficially done with certs.

I took and passed the CRISC exam on 6/27 and I found some of the questions to be exactly like the online Q&A. Was fairly easy. PMP and COBIT 5 were more difficult IMO. You can pass the PMP using the PM Exam Simulator only, so don't waste time or money on books or classes. Just use a on-line source to get your 35 hours of required PM education.

asiru77 · July 2017

Congrats , what is your exp for level of difficulty for these 3 exams ?

TeKniques · July 2017

Congrats! Nice work, very impressive. Good luck on your next adventure!

JoJoCal19 · July 2017

datacomboss wrote: »

I took and passed the CRISC exam on 6/27 and I found some of the questions to be exactly like the online Q&A. Was fairly easy. PMP and COBIT 5 were more difficult IMO. You can pass the PMP using the PM Exam Simulator only, so don't waste time or money on books or classes. Just use a on-line source to get your 35 hours of required PM education.

Thanks for that! I'll take a look. I got my approval over the weekend so I've paid and have started studying.

asiru77 wrote: »

Congrats , what is your exp for level of difficulty for these 3 exams ?

Thanks! I have about a decade of experience across multiple InfoSec domains. For the ISACA exams I'd say overall 6+ years across the various exams' domains.

TeKniques wrote: »

Congrats! Nice work, very impressive. Good luck on your next adventure!

Thanks!

asiru77 · July 2017

thanks for your reply but i was asking that between CISM CISA and CRISC exams which one is most difficult and which on is the easiest and why ?

averageguy72 · July 2017

Wow, congrats!

IaHawk · July 2017

You are machine! Congrats.

JoJoCal19 · July 2017

asiru77 wrote: »

thanks for your reply but i was asking that between CISM CISA and CRISC exams which one is most difficult and which on is the easiest and why ?

Can only speak for myself, but the CRISC was my lowest score (504) and it felt the hardest while I was taking it (it felt the easiest while preparing for it thought). The CISM was in the middle, felt easy prepping and pretty easy during the exam (604). The CISA felt the hardest preparing for it, but the exam experience felt the easiest (654).

asiru77 · July 2017

JoJoCal19 wrote: »

Can only speak for myself, but the CRISC was my lowest score (504) and it felt the hardest while I was taking it (it felt the easiest while preparing for it thought). The CISM was in the middle, felt easy prepping and pretty easy during the exam (604). The CISA felt the hardest preparing for it, but the exam experience felt the easiest (654).

thanks for the input

Span · July 2017

JoJoCal19 - are you a student of full time employed? IT? Did you proof the needed on the job experience so you can be accredited or are you just writing the certs to validate your knowledge?

JoJoCal19 · July 2017

Span wrote: »

JoJoCal19 - are you a student of full time employed? IT? Did you proof the needed on the job experience so you can be accredited or are you just writing the certs to validate your knowledge?

I have over a decade of InfoSec experience in multiple domains and am currently a Sr Manager in Information Security Risk Management handling all of the stuff the ISACA certs cover. So I've more than met all of the requirements of the ISACA certs. That's also why the exams seemed easy for the most part. And yes, I am currently a student as well.

Span · July 2017

10 certs and counting. You're a machine!

woodwork · August 2017

Jojo - Congrats my friend! Do you have any suggestions on the CRISC exam? I am taking it in November of this year. My plan is to read the book & go through the questions but i saw on your post that the exam was far more difficult than you had expected. Is there anything you would do differently to prepare (even though you passed)? Is there any other content you may consider going through that you did not do the 1st time around...? Any other suggestions are welcomed

Thank you and a HUGE CONGRATS to you again.

FSF150 · August 2017

Congrats! Completed CRISC as well last weekend and agree with your assessment. Can't imagine what my actual score was, got another 5 business days until ISACA tells me.

I think CISA/CRISC is a good combo for me for now.

CRISC Passed. CISM, CISA, CRISC all cleared in 43 days.

Comments