Just passed CISSP ... should I now do CISM whilst it's fresh in my head? - EXAM BOOKED!!!

CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
edited December 2018 in CISM
Was not considering this at all, however I saw someone on another site post something like:

I advise anyone that has passed CISSP to spend 2-3 weeks doing CISM questions and then do that exam too as it will be very very little work.

Would you agree with this?  
The same person also recommended doing CCSP too 

Thanks
Cybercop 
My Aims
2017: OSCP -
COMPLETED
2018: CISSP -
COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
COMPLETED
           GIAC GREM - Reverse Engineering of Malware -
COMPLETED

2021: CCSP
2022: OSWE (hopefully)
«1

Comments

  • E Double UE Double U Member Posts: 2,238 ■■■■■■■■■■
    I do agree.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • COBOL_DOS_ERACOBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□
    Ditto, that's a not a bad way to approach CISM and CCSP, since the exam prep information from CISSP is still fresh in your mind. Go for it. Good Luck!!
    CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Darn, I just went to register just to check the pricing and saw it is $760 USD (£606 GBP).  For some reason I thought it was much less than this, not sure why, guess I saw something somewhere that made me think that.

    Not sure I can afford it yet.  I was going to register for 3-4 weeks time to do the exam 
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • COBOL_DOS_ERACOBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□
    Haha! I know those ISACA exams are as expensive as ISC2 exams.
    CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    Darn, I just went to register just to check the pricing and saw it is $760 USD (£606 GBP).  For some reason I thought it was much less than this, not sure why, guess I saw something somewhere that made me think that.

    Not sure I can afford it yet.  I was going to register for 3-4 weeks time to do the exam 
    It's cheaper if you are an ISACA member, and oftentimes during the year they will do an additional $50 exam discount for members.
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    You might as well before you start forgetting things. I did mine two years after finishing the CISSP and took about two weeks to go through the Q&A database before taking the CISM.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    It all depends on your return on your investment for writing the CISM exam, there is a TON of overlap between the two exams and some say that CISSP has a lot of more value compared to its little brother CISM. I went through the CISM Manual and QAE database over the course of the winter break and wrote my exam in March based on work commitments and I passed. It just turns your mindset from a ISC2 Security Manager to a ISACA Security Manager. This also depends on your financial situation whether you think its justifiable to write both exams under the same topic. 

    Cheers
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Thanks guys

    If I do this then I will get the 12 month access to Q&A and that's it . I don't believe I need the manual as well.

    I'll make a decision tomorrow but I'm leaning towards doing it as it doesn't seem much extra work for a quality certification
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I passed CISM without any prep. and I don't hold CISSP. so it's definitely possible! 
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    UnixGuy said:
    I passed CISM without any prep. and I don't hold CISSP. so it's definitely possible! 
    I also hold CISM without CISSP. Somehow I don't think CISM-to-CISSP will be as easy as CISSP-to-CISM.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Tempted to just book the exam and give it a go asap now. 
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Tempted to just book the exam and give it a go asap now. 
    Do it...I'll bet money you'll pass. 
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    UnixGuy said:
    Tempted to just book the exam and give it a go asap now. 
    Do it...I'll bet money you'll pass. 
    Ok, if I don't pass you have to pay me $760

    Deal?

     ;) 
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    UnixGuy said:
    Tempted to just book the exam and give it a go asap now. 
    Do it...I'll bet money you'll pass. 
    Ok, if I don't pass you have to pay me $760

    Deal?

     ;) 
    Deal...if you pass transfer me 770$ USD
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    edited December 2018
    Oh god oh god oh god...... I have booked and scheduled the exam for this Friday - just two days time!





    Bit nervous now as I know this exam is more about management and a bit more governance, so more specifically focusing on one area. 







    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    Oh snap you done did it now!!!!! HAHAHAHA

    You'll probably be fine. Watch this video:
    https://www.youtube.com/watch?v=p_74Kk3b8hQ

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Bring it on! Read the questions carefully and enjoy it! It's not a difficult exam! Good luck! 
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    FAILED

    Will post more later 

    Just left exam centre

    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    edited December 2018

    FAILED

    As previous post indicated, I failed the exam.  The whole thing started badly.  The test was supposed to start at 9am, and I got there at 830.  The exam person booked me in, checked my ID and showed me to computer.  I started the test, and 3 questions in all screens displayed an error message like "LOST CONNECTION" or something.

    Nearly an hour to fix the issue, and during this time the man running the test centre kept just saying "either wait or reschedule" - really unhelpful and I ended up having an argument with him about it.  

    Anyway, I eventually got underway about an hour after originally starting and was really struggling to concentrate and focus.  I'm not sure why, I think I was just tired and wasn't feeling in the mood.  

    The exam was MUCH MUCH harder than I expected.  Mainly as with the CISSP there is tons of different subjects so if you're weak in one area it moves on quite quickly.  

    My stupidity in not preparing at all and thinking I could just pass meant that I struggled with many of the concepts.  The constant focus on things like Business Impact Assessment, GAP analysis, Benchmarking was just a killer for me as I had no clue on any of that.  

    Additionally, it is very very accurate to say that one of my biggest issues and failings was not understanding the angle of the questions/answers and what ISACA are looking for.  

    As an example, many questions were similar to this:

    There has been a major issue noticed with the web server.  What is your FIRST priority

    (A). Report it to the IT manager
    (B). Conduct a risk assessment and consider taking it offline immediately
    (C). Notify senior management
    (D). Notify the business owner

    ... Not a clue.  Almost all of them seemed fairly plausible.  I kept thinking:

    • Is my priority to escalate this upwards, tell the big bosses about it?
    • Or should I, as Information Security Manager own this issue and deal with it?
    • Or maybe I should just prioritise this big security incident and take action now
    • Maybe I should get this offline now if it's such a big issue?
    • The IT manager needs to know though, I should tell them first

    It went on and on.

    My biggest failing was not doing the Q&A Database questions.  Had I done that I think I'd have been more aware of what type of answers they need.  E.g. I would have noticed that I should be escalating upwards most of the time... or whatever it is.

    Conclusion

    Feel pretty down now.  After passing the CISSP and the relief that I didn't have to pay to re-take, I have stupidly failed the CISM because I didn't prepare and rushed into it.  Even more stupid is the fact that I never ever was interested in it, I just saw a post on Reddit a few days ago in which someone recommended doing it soon after.  

    I am pretty sure I am going to get the database questions and re-take this in 3-4 weeks time, in early January.  I feel like I need to pass now as I've started this process and also want to have the certification on my CV.  






    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Oh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it! 
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    edited December 2018
    UnixGuy said:
    Oh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it! 
    Thanks, yea I've accepted it now.  Stupidly naive, but lesson learnt.  

    I've done some research and most say to just avoid the manual and focus on the Q&A database.  I've paid for that today and so I will start using it tomorrow and next week.  

    I think that 70% of the reason I failed was because I didn't understand what angle I should have been taking with the question, e.g. often there were 4 "right" answers but there was only one that was correct in the context of a CISM manager.  30% of the reason I failed was just a lack of knowledge.  

    I'm going to re-sit in a months time.  Fingers crossed! 
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    UnixGuy said:
    Oh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it! 
    Thanks, yea I've accepted it now.  Stupidly naive, but lesson learnt.  

    I've done some research and most say to just avoid the manual and focus on the Q&A database.  I've paid for that today and so I will start using it tomorrow and next week.  

    I think that 70% of the reason I failed was because I didn't understand what angle I should have been taking with the question, e.g. often there were 4 "right" answers but there was only one that was correct in the context of a CISM manager.  30% of the reason I failed was just a lack of knowledge.  

    I'm going to re-sit in a months time.  Fingers crossed! 
    I think so too, it's about thinking from a risk-management perspective. I know you have the knowledge, perhaps those Q&A will get you the pass score. Chin up, you had a fantastic year with lots of achievements to celebrate.  you haven't lost anything with CISM exam, money comes back. Enjoy the holidays!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Got my results through after I failed the CISM exam...

    The pass mark is 450
    I got 437

    Very annoyed by that, probably just a 1-2 questions off passing.  Arghhh...


    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Dam you nearly had it!!!!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    @CyberCop123 - You're so close man, I would say you're exam fatigued / burnt out from all the studying! Take a break, relax, decompress a bit and if you want rewrite the exam at a later time. On a side note, I thought they wouldn't write an exam in the same exam windows? 
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    DZA_ said:
    @CyberCop123 - You're so close man, I would say you're exam fatigued / burnt out from all the studying! Take a break, relax, decompress a bit and if you want rewrite the exam at a later time. On a side note, I thought they wouldn't write an exam in the same exam windows? 

    Thanks DZA, I don't think I'm burned out, rather it was just a case that I didn't prepare at all and stupidly thought I could just pass without studying.  Stupid me.  Not sure you what you mean about the same exam window?  

    Cert_God said:
    Sorry to hear that I would recommend the official CISM book and Q&A database, but please do your research and decide what material is going to be best for you. To many people on this forum will tell you to just do it as it costs them nothing and forget there is a person on the other side shelling out hard worked for cash on the exams. 

    Thanks Cert_God (cool name btw).  I've got the Q&A database and done around 125 questions I think so far.  I'm learning a lot from it.  Can see where my weak areas are now.  

    I'm going to continue these questions for the next 1-2 weeks and possibly try the exam again.  



    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    I've done 253 questions so far and I'm just not getting it to be honest.  Still really struggling as the questions fall into two categories:

    1) Easy, the answer is obvious
    2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with

    I'm wondering if I'm just wasting my time with this....
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    @CyberCop123 - Sorry, I thought had responded to your previous post. I believe when I had taken my CRISC exam and failed, I couldn't rewrite the certification in the same testing window (E.g. 1 February-24 May 2019 Testing Window) and had to wait for another one to come up. ISACA has their exam windows for every quarter for the most part but there is a period where you can't schedule exams. 
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I've done 253 questions so far and I'm just not getting it to be honest.  Still really struggling as the questions fall into two categories:

    1) Easy, the answer is obvious
    2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with

    I'm wondering if I'm just wasting my time with this....
    Is there a particular domain that you're struggling? Which domain has the lowest score? Perhaps read up on that and do the tests again focusing on that domain?
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • kaijukaiju Member Posts: 453 ■■■■■■■□□□
    I've done 253 questions so far and I'm just not getting it to be honest.  Still really struggling as the questions fall into two categories:

    1) Easy, the answer is obvious
    2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with

    I'm wondering if I'm just wasting my time with this....
    I found logic didn't work with some of the CISM questions. So I thoroughly researched every question that I got wrong while studying. 

    Get a copy of the Official Review guide and read it a couple times. Once slow and methodically followed by at least one review.

    Do the QA&E in blocks of 10~50 questions. If you have an issue with a certain question revert back to the Official Guide for that specific issue.  Once you are at 90%~ move on to the next block of 10 ~50 questions.


    Work smarter NOT harder! Semper Gumby!
Sign In or Register to comment.