Passed CISM 21/9

I read the study guide twice and went through as many questions as possible daily in the QAE. I began studying in May immediately after passing GCIA. Now a small break from certifications to focus on Dutch.

Find more posts tagged with

SAVE $250 on Your ISACA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View ISACA Boot Camps

Comments

NetworkNewb

Congrats sir!

JoJoCal19

Congrats on passing!! I'm even more impressed you were able to make it through the guide twice. I got 24 pages in and quit. Never touched it again after that.

mattster79

Great stuff! Well done. Hoping to be in your shoes at the end of November!!

E Double U

Thanks guys!

@ JoJo - It was a tough read, but it gave me something to do on my daily commute. My train ride is 50+ minutes. The first time was a solid read and the other was going over the areas I marked for review then skimming the rest.

@ matt - Good luck! I highly recommend the QAE db if you haven't already purchased it.

mattster79

I purchased the Q&E DB yesterday. Seems like a great resource!

The CISM manual format just doesn't grab me. Will be interesting to see what the 'All-In-One' CISM book will be like (even though I hope to certified well before that book is released!).

E Double U

mattster79 wrote: »

The CISM manual format just doesn't grab me.

You are not the only one. I just figured I might as well read since I had it.

diogoaleixo

Did you get the hard copy ou online DB?

mattster79

diogoaleixo wrote: »

Did you get the hard copy ou online DB?

I bought the online version.

PJ_Sneakers

Do you all feel that the online DB is sufficient as a primary resource? I was thinking of getting the six month access.

diogoaleixo

There is no 6 months access, only 12 months and it is very expensive! The 6 months access is an extension for the 12 months only...

PJ_Sneakers

Oh ok, 12 months it is then!

mattster79

I personally feel like it’ll be fine as the primary resource.

In addition to the Q&A DB I’ve watched the Cybrary videos, and I’ll be reviewing my CISSP notes too. It certainly helps that there is so much overlap with the CISSP and CISM.

E Double U

I also have the hard copy of the QAE, but I didn't like that the correct answers are shown right under the questions. So I purchased the online version to get the real testing experience.

userav

Congrats !

SEC-lexy

Newbie to the site here.

Received my CISM score today - 637 (highest area was 722, lowest 567) overall so I am not too sad.
Much better than my CISA in which I scored 598.

Congrats to all those who have passed and remember to maintain your skills!

/ excuse the following rant

I have never been a big fan of certificates because IMO they don't tell anything about ability to apply book knowledge to actions, thus don't know how to feel about my scores. This goes for both top-level strategic certificates as well as certificates focusing on lower level day-to-day work.

I have led a team in where I once had a person who had CISSP, CISM etc. etc. which kind of made me feel like he should lead me. When it came to actual understanding of security I had to request this person to be moved to a different project because he lacked any knowledge of terminology, how to apply those skills to new topics or initiate actions according to the program. I moved him from technical to managerial role first but received similar complaints about inability to understand actual security topics. That moment I realized certificates are good, but should not be used for judging skills by any means.
/ rant over

rockafell77

where can I get the q/a database?

E Double U

SEC-lexy wrote: »

That moment I realized certificates are good, but should not be used for judging skills by any means.

If you cannot get the skills, get the cert

@rockafell77 - On the ISACA site: https://www.isaca.org/bookstore/Pages/default.aspx?. The name is CISM Review Questions, Answers & Explanations Database - 12 Month Subscription

ougijoe

Have you received your score yet? Passed on the 22nd, but nothing yet for me.

E Double U

ougijoe wrote: »

Have you received your score yet? Passed on the 22nd, but nothing yet for me.

Still patiently waiting.

E Double U

My total scaled score is 536

Information Security Governance: 512
Information Risk Management and Compliance: 621
Information Security Program Development and Management: 481
Information Security Incident Management: 512

cbdudek

Sounds like they take almost the full two weeks before you get your official results and designation. That is good to know. I passed mine last week on 10/29. So I will probably get feedback next week.

HawkWinter

Took my CISM on 9/22 and got my final results today (10/5).

Info_Sec_Wannabe

Congrats on all those who passed the exam!

I've been reading a lot of posts on this forum since last year and I can't help but notice a few guys who already have their CISSP and took the CISM after. I'm not sure if I'm asking the right question here, but which is harder between the two? I plan (and hope) to sit for CISSP next year and thought of taking CISM first to get a feel of where I'm currently at.

cbdudek

They are both equally difficult, but in their own unique ways. One is not easier than the other.

The CISSP is difficult because of how broad it is. The saying "mile wide and inch deep" is accurate. The CISM is difficult because it dives deeply into the management side of things and is not technical at all. So there is room for subjectivity depending on your experiences. You have to really learn the concepts in order to pass.

What I can tell you is that after you pass one, go for the other. While they are different, they do have some overlap which will help you.

E Double U

CISSP was more difficult for me because I didn't have the think like a manager mentality at the time of the exam. I had just came from five back-to-back Cisco exams for CCNA/P Security. I failed the CISSP twice. Taking that experience with a non-technical security exam plus 2+ more years of security experience helped when it came time for the CISM. I don't think the content of one is more difficult than the other, but CISSP did have more information to cover in my opinion.