CISM Passed 5/5/2018
minnesotanwolf
Registered Users Posts: 1 ■□□□□□□□□□
in CISM
I'd like to thank you for posting all the helpful info which helped me PRELIM pass my CISM exam today first of all. In return I would like to share some of my prep efforts over the past 3.5 months.
1. Please research your exam location: I randomly picked a location on PSI but regretted for not having done a thorough research of the location reviews. The reviews were complaining about the noise level (from adjacent dwellings and even from the bathrooms) which are all true. I also arrived 30 mins but the exam location was locked 10 mins until testing which was also mentioned in one of the comments. Make sure you do your intel to avoid places like this.
2. QAE vs CISM Manual: I have seen numerous forum members complaining about the dryness and sometimes even contradictory statements in the Manual vs QAE answers. However, it is a must have, at least IMO. Had a cover to cover read spanning across 3 months of time (I am a slow reader) and took notes as well. Then in the 2nd round i focused on highlighted paragraphs that i took note of in the first round. I'd say the read was definitely fundamental to my passing. I started doing QAE questions in 10-30 blocks concurrently as i started reading the study material. This was very helpful. I focused on new questions only and didnt go back to my "Missed Last Seen" or "Troubled" sections until 2 days before the exam. Remember to pace yourself as QAE questions run out pretty quick lol. As a result my practice exams in QAE were full of already seen questions so that didnt really help me a lot. QAE did a good job preping me on setting the right mindset (or, the "ISACA way") needed for ISACA exams. And admittedly, I saw almost at least 30% of questions HIGHLY similar to QAE questions. I averaged out 50 ~ 60% accuracy when i started QAE and ended around high 60 - 80% in the end, answering NEW questions only. I was a bit afraid that this trend rate isnt good enough but apparently it was for me as the exam turned out.
3. Other resources: Didn't really study any other resources b/c of the following reasons: Videos are too long and i dont have the time to watch them. Other questions posted by various other sites are essentially from the QAE so not much value add to look and search for them. I work at a big professional services firm and time means everything to me.
4. My background: 4 yrs into a big professional services firm. Mainly IT Audit background with CISA certification. CISM is a bit more cyber oriented and management oriented so I had to adapt myself a little more and learn a little more. I deal with infosec and cyber sec clients on a day to day basis a lot recently so thought of chasing the CISM before the almighty CISSP hence why I am doing this, and actually my recent infosec and cyber projects prep'd me well for this exam too. A lot of my projects also deal with ISO conformity and NIST framework so I do have cyber knowledge but not deep.
Hope this helps.
1. Please research your exam location: I randomly picked a location on PSI but regretted for not having done a thorough research of the location reviews. The reviews were complaining about the noise level (from adjacent dwellings and even from the bathrooms) which are all true. I also arrived 30 mins but the exam location was locked 10 mins until testing which was also mentioned in one of the comments. Make sure you do your intel to avoid places like this.
2. QAE vs CISM Manual: I have seen numerous forum members complaining about the dryness and sometimes even contradictory statements in the Manual vs QAE answers. However, it is a must have, at least IMO. Had a cover to cover read spanning across 3 months of time (I am a slow reader) and took notes as well. Then in the 2nd round i focused on highlighted paragraphs that i took note of in the first round. I'd say the read was definitely fundamental to my passing. I started doing QAE questions in 10-30 blocks concurrently as i started reading the study material. This was very helpful. I focused on new questions only and didnt go back to my "Missed Last Seen" or "Troubled" sections until 2 days before the exam. Remember to pace yourself as QAE questions run out pretty quick lol. As a result my practice exams in QAE were full of already seen questions so that didnt really help me a lot. QAE did a good job preping me on setting the right mindset (or, the "ISACA way") needed for ISACA exams. And admittedly, I saw almost at least 30% of questions HIGHLY similar to QAE questions. I averaged out 50 ~ 60% accuracy when i started QAE and ended around high 60 - 80% in the end, answering NEW questions only. I was a bit afraid that this trend rate isnt good enough but apparently it was for me as the exam turned out.
3. Other resources: Didn't really study any other resources b/c of the following reasons: Videos are too long and i dont have the time to watch them. Other questions posted by various other sites are essentially from the QAE so not much value add to look and search for them. I work at a big professional services firm and time means everything to me.
4. My background: 4 yrs into a big professional services firm. Mainly IT Audit background with CISA certification. CISM is a bit more cyber oriented and management oriented so I had to adapt myself a little more and learn a little more. I deal with infosec and cyber sec clients on a day to day basis a lot recently so thought of chasing the CISM before the almighty CISSP hence why I am doing this, and actually my recent infosec and cyber projects prep'd me well for this exam too. A lot of my projects also deal with ISO conformity and NIST framework so I do have cyber knowledge but not deep.
Hope this helps.
Comments
-
DZA_ Member Posts: 467 ■■■■■■■□□□Congratulations! A thorough write-up for future exam takers. Doing the CISM will pave a good foundation for the CISSP in the management aspect of it; policy management, security program, etc. Well done.
-
b0Ris Member Posts: 27 ■□□□□□□□□□minnesotanwolf wrote: »I deal with infosec and cyber sec clients on a day to day basis a lot recently so thought of chasing the CISM before the almighty CISSP hence why I am doing this, and actually my recent infosec and cyber projects prep'd me well for this exam too. A lot of my projects also deal with ISO conformity and NIST framework so I do have cyber knowledge but not deep.Congratulations! A thorough write-up for future exam takers. Doing the CISM will pave a good foundation for the CISSP in the management aspect of it; policy management, security program, etc. Well done.
For those who already have the CISSP, do you think reading the material in your post that the CISM is still an efficient way to study for the CISM? Are there any shortcuts someone with a CISSP can skip because they may already have parts of the material(s) down? -
DZA_ Member Posts: 467 ■■■■■■■□□□Personally I wrote the CISSP exam first and then wrote the CISM exam after (studied for about 2 months off and on). I did find that there was redundant and overlapping material when I was studying the CISM, however reading the CISM Manual wasn't too bad. I skimmed through the manual with highlighting points that wasn't covered in the CISSP material per se. Much of my focus was the missing gaps (defined by the highlighting) and going through the QAE database. You'll understand the ISACA way of answering the questions and formatting once you have done the QAE database generally. Aim for the usual 80 percent as a rule of thumb just like the CISSP.
I was speaking with a friend of mine and I advised that it would probably take a 1-1.5 months of dedicated studying for the CISM if you are either experienced in the field or just recently came of passing the CISSP exam. I hope that helps. -
b0Ris Member Posts: 27 ■□□□□□□□□□Personally I wrote the CISSP exam first and then wrote the CISM exam after (studied for about 2 months off and on). I did find that there was redundant and overlapping material when I was studying the CISM, however reading the CISM Manual wasn't too bad. I skimmed through the manual with highlighting points that wasn't covered in the CISSP material per se. Much of my focus was the missing gaps (defined by the highlighting) and going through the QAE database. You'll understand the ISACA way of answering the questions and formatting once you have done the QAE database generally. Aim for the usual 80 percent as a rule of thumb just like the CISSP.
I was speaking with a friend of mine and I advised that it would probably take a 1-1.5 months of dedicated studying for the CISM if you are either experienced in the field or just recently came of passing the CISSP exam. I hope that helps.
I appreciate the response - studying now for a CISSP concentration and I guess I will throw this on the to-do list afterwards! -
Info_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□Congratulations and nice review!Congratulations! A thorough write-up for future exam takers. Doing the CISM will pave a good foundation for the CISSP in the management aspect of it; policy management, security program, etc. Well done.
Definitely agree here as this is the route I took.X year plan: (20XX) OSCP [ ], CCSP [ ] -
LarryForm Member Posts: 21 ■□□□□□□□□□Congratulations to you Minnesotanwolf.
I work downtown st. paul MN (we could meet) and now preparing for the CISA.
Thanks for the sharing your study approach for the CISM as I know it could be similar to CISA.
It is funny how you called the CISSP, the almighty. I am CISSP certified and now thinking of the CISA and CISM as the almighty given all the comments on this forum and how ISACA makes their exams so difficult. I can share whatever material I have on the CISSP when ever you are ready for it.
Congratulations and thanks again. -
averageguy72 Member Posts: 323 ■■■■□□□□□□Congrats!CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
-
Info_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□It is funny how you called the CISSP, the almighty. I am CISSP certified and now thinking of the CISA and CISM as the almighty given all the comments on this forum and how ISACA makes their exams so difficult. I can share whatever material I have on the CISSP when ever you are ready for it.
IMHO, having taken the three, I would have to say CISSP is the most difficult. For the CISA and CISM, provided you have the necessary experience, the QAE DB should suffice to get you into the ISACA mindset. For the CISSP, I would say no practice test even came close. Yes, it did test the same concepts, but the approach of how the questions were framed is very much different.X year plan: (20XX) OSCP [ ], CCSP [ ]