Just passed CISSP ... should I now do CISM whilst it's fresh in my head? - EXAM BOOKED!!!

lucky0977

@CyberCop123; You already have the OSCP and CISSP, which are already impressive achievements. I assume the reason you want to do this is for your own personal achievement rather than your employer requiring you to do it. If I had to pay out of pocket for this, I wouldn't do it but it's your money.

musimusi

So did u pass the 2nd attempt

CyberCop123

musimusi said:

So did u pass the 2nd attempt

Hey, I didn't actually try again.

Just after I failed this I managed to get put on two SANS courses which were only two months apart.  

I did the SANS FOR572 (Network Forensics and Threat Hunting, and SANS FOR610 (Reverse Engineering of Malware)

I passed both and just haven't had much time to look again at CISM.  I am unlikely to go back to do it to be honest.  I'm more likely to look at doing the OSCE at some point in the next 1-2 years, need a break first!  

JDMurray

Why does someone who does so well in the areas covered by the OSCP, GNFA, and GREM cert need the CISM too? Those are completely different InfoSec career paths. Were you looking to give up the technical track and go into InfoSec team management soon?

CyberCop123

JDMurray said:

Why does someone who does so well in the areas covered by the OSCP, GNFA, and GREM cert need the CISM too? Those are completely different InfoSec career paths. Were you looking to give up the technical track and go into InfoSec team management soon?

At the time I didn't have the GNFA or GREM.  I only had the OSCP and CISSP - however your point is still very valid.  I didn't need the CISM but I got a bit greedy!

I love studying for IT certifications and the thought of an easy win with the CISM was too tempting.  It back fired though.  I only failed by 1%.

I'm not looking to go into Information Security, I much prefer the technical side.  With that in mind I am pretty sure I won't be doing the CISM (unless something changes in the future) 

JDMurray

It was a good attempt even if you were a bit haphazard in your preparation. However, had you passed, your only pay-off would have been knowing that you passed the exam. If you had passed the CISM exam you still would not have been awarded the CISM certification. ISACA, like the (ISC)2, has a professional work experience requirement for their certifications. You wouldn't have received the CISM cert, or been allowed to put "CISM" on your resume until you acquired the requisite years of InfoSec management experience and were vetted. Presently, you are given six years to acquire this experience.

balance

No worries . I failed a few months ago and sat again in September... knocked it out.  Get back in the saddle you can get it done.

dinhtq

it's depend on your money.

Grafixx01

I just want to know if you were paid by the poster on the topic saying that you'll pass with their guarantee? Just kidding

Sorry about the non-pass, it stinks.

imnewbie

CyberCop123 said:

JDMurray said:

Why does someone who does so well in the areas covered by the OSCP, GNFA, and GREM cert need the CISM too? Those are completely different InfoSec career paths. Were you looking to give up the technical track and go into InfoSec team management soon?

At the time I didn't have the GNFA or GREM.  I only had the OSCP and CISSP - however your point is still very valid.  I didn't need the CISM but I got a bit greedy!

I love studying for IT certifications and the thought of an easy win with the CISM was too tempting.  It back fired though.  I only failed by 1%.

I'm not looking to go into Information Security, I much prefer the technical side.  With that in mind I am pretty sure I won't be doing the CISM (unless something changes in the future) 

I want to know what study material did you use for CISSP?

bigdogz

@CyberCop123
Most find the CISM exam is easier than the CISSP.  As @kaiju has stated, if you go through the book a 2 (or 3) times, you will get the subject matter.

evanyeap

I dont think the CISSP is that similar to CISM in fact, I did the certs back to back and after chewing through the practice exam questions, I found that there is a fair bit of correlation with other standards such as SABSA and ITIL. These are completely not in the CISSP exam.