Just passed CISSP ... should I now do CISM whilst it's fresh in my head? - EXAM BOOKED!!!

CyberCop123

Was not considering this at all, however I saw someone on another site post something like:

I advise anyone that has passed CISSP to spend 2-3 weeks doing CISM questions and then do that exam too as it will be very very little work.

Would you agree with this?  
The same person also recommended doing CCSP too 

Thanks
Cybercop 

E Double U

I do agree.

COBOL_DOS_ERA

Ditto, that's a not a bad way to approach CISM and CCSP, since the exam prep information from CISSP is still fresh in your mind. Go for it. Good Luck!!

CyberCop123

Darn, I just went to register just to check the pricing and saw it is $760 USD (£606 GBP).  For some reason I thought it was much less than this, not sure why, guess I saw something somewhere that made me think that.

Not sure I can afford it yet.  I was going to register for 3-4 weeks time to do the exam 

COBOL_DOS_ERA

Haha! I know those ISACA exams are as expensive as ISC2 exams.

PJ_Sneakers

CyberCop123 said:

Darn, I just went to register just to check the pricing and saw it is $760 USD (£606 GBP).  For some reason I thought it was much less than this, not sure why, guess I saw something somewhere that made me think that.

Not sure I can afford it yet.  I was going to register for 3-4 weeks time to do the exam 

It's cheaper if you are an ISACA member, and oftentimes during the year they will do an additional $50 exam discount for members.

lucky0977

You might as well before you start forgetting things. I did mine two years after finishing the CISSP and took about two weeks to go through the Q&A database before taking the CISM.

DZA_

It all depends on your return on your investment for writing the CISM exam, there is a TON of overlap between the two exams and some say that CISSP has a lot of more value compared to its little brother CISM. I went through the CISM Manual and QAE database over the course of the winter break and wrote my exam in March based on work commitments and I passed. It just turns your mindset from a ISC2 Security Manager to a ISACA Security Manager. This also depends on your financial situation whether you think its justifiable to write both exams under the same topic. 

Cheers

CyberCop123

Thanks guys

If I do this then I will get the 12 month access to Q&A and that's it . I don't believe I need the manual as well.

I'll make a decision tomorrow but I'm leaning towards doing it as it doesn't seem much extra work for a quality certification

UnixGuy

I passed CISM without any prep. and I don't hold CISSP. so it's definitely possible! 

PJ_Sneakers

UnixGuy said:

I passed CISM without any prep. and I don't hold CISSP. so it's definitely possible! 

I also hold CISM without CISSP. Somehow I don't think CISM-to-CISSP will be as easy as CISSP-to-CISM.

CyberCop123

Tempted to just book the exam and give it a go asap now. 

UnixGuy

CyberCop123 said:

Tempted to just book the exam and give it a go asap now. 

Do it...I'll bet money you'll pass. 

CyberCop123

UnixGuy said:

CyberCop123 said:

Tempted to just book the exam and give it a go asap now. 

Do it...I'll bet money you'll pass. 

Ok, if I don't pass you have to pay me $760

Deal?

  

UnixGuy

CyberCop123 said:

UnixGuy said:

CyberCop123 said:

Tempted to just book the exam and give it a go asap now. 

Do it...I'll bet money you'll pass. 

Ok, if I don't pass you have to pay me $760

Deal?

  

Deal...if you pass transfer me 770$ USD

CyberCop123

Oh god oh god oh god...... I have booked and scheduled the exam for this Friday - just two days time!





Bit nervous now as I know this exam is more about management and a bit more governance, so more specifically focusing on one area. 

PJ_Sneakers

Oh snap you done did it now!!!!! HAHAHAHA

You'll probably be fine. Watch this video:
https://www.youtube.com/watch?v=p_74Kk3b8hQ

UnixGuy

Bring it on! Read the questions carefully and enjoy it! It's not a difficult exam! Good luck! 

CyberCop123

FAILED

Will post more later 

Just left exam centre

CyberCop123

FAILED

As previous post indicated, I failed the exam.  The whole thing started badly.  The test was supposed to start at 9am, and I got there at 830.  The exam person booked me in, checked my ID and showed me to computer.  I started the test, and 3 questions in all screens displayed an error message like "LOST CONNECTION" or something.

Nearly an hour to fix the issue, and during this time the man running the test centre kept just saying "either wait or reschedule" - really unhelpful and I ended up having an argument with him about it.  

Anyway, I eventually got underway about an hour after originally starting and was really struggling to concentrate and focus.  I'm not sure why, I think I was just tired and wasn't feeling in the mood.  

The exam was MUCH MUCH harder than I expected.  Mainly as with the CISSP there is tons of different subjects so if you're weak in one area it moves on quite quickly.  

My stupidity in not preparing at all and thinking I could just pass meant that I struggled with many of the concepts.  The constant focus on things like Business Impact Assessment, GAP analysis, Benchmarking was just a killer for me as I had no clue on any of that.  

Additionally, it is very very accurate to say that one of my biggest issues and failings was not understanding the angle of the questions/answers and what ISACA are looking for.  

As an example, many questions were similar to this:

There has been a major issue noticed with the web server.  What is your FIRST priority

(A). Report it to the IT manager
(B). Conduct a risk assessment and consider taking it offline immediately
(C). Notify senior management
(D). Notify the business owner

... Not a clue.  Almost all of them seemed fairly plausible.  I kept thinking:

• Is my priority to escalate this upwards, tell the big bosses about it?
• Or should I, as Information Security Manager own this issue and deal with it?
• Or maybe I should just prioritise this big security incident and take action now
• Maybe I should get this offline now if it's such a big issue?
• The IT manager needs to know though, I should tell them first

It went on and on.

My biggest failing was not doing the Q&A Database questions.  Had I done that I think I'd have been more aware of what type of answers they need.  E.g. I would have noticed that I should be escalating upwards most of the time... or whatever it is.

Conclusion

Feel pretty down now.  After passing the CISSP and the relief that I didn't have to pay to re-take, I have stupidly failed the CISM because I didn't prepare and rushed into it.  Even more stupid is the fact that I never ever was interested in it, I just saw a post on Reddit a few days ago in which someone recommended doing it soon after.  

I am pretty sure I am going to get the database questions and re-take this in 3-4 weeks time, in early January.  I feel like I need to pass now as I've started this process and also want to have the certification on my CV.  

UnixGuy

Oh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it! 

CyberCop123

UnixGuy said:

Oh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it! 

Thanks, yea I've accepted it now.  Stupidly naive, but lesson learnt.  

I've done some research and most say to just avoid the manual and focus on the Q&A database.  I've paid for that today and so I will start using it tomorrow and next week.  

I think that 70% of the reason I failed was because I didn't understand what angle I should have been taking with the question, e.g. often there were 4 "right" answers but there was only one that was correct in the context of a CISM manager.  30% of the reason I failed was just a lack of knowledge.  

I'm going to re-sit in a months time.  Fingers crossed! 

UnixGuy

CyberCop123 said:

UnixGuy said:

Oh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it! 

Thanks, yea I've accepted it now.  Stupidly naive, but lesson learnt.  

I've done some research and most say to just avoid the manual and focus on the Q&A database.  I've paid for that today and so I will start using it tomorrow and next week.  

I think that 70% of the reason I failed was because I didn't understand what angle I should have been taking with the question, e.g. often there were 4 "right" answers but there was only one that was correct in the context of a CISM manager.  30% of the reason I failed was just a lack of knowledge.  

I'm going to re-sit in a months time.  Fingers crossed! 

I think so too, it's about thinking from a risk-management perspective. I know you have the knowledge, perhaps those Q&A will get you the pass score. Chin up, you had a fantastic year with lots of achievements to celebrate.  you haven't lost anything with CISM exam, money comes back. Enjoy the holidays!

CyberCop123

Got my results through after I failed the CISM exam...

The pass mark is 450
I got 437

Very annoyed by that, probably just a 1-2 questions off passing.  Arghhh...

UnixGuy

Dam you nearly had it!!!!

DZA_

@CyberCop123 - You're so close man, I would say you're exam fatigued / burnt out from all the studying! Take a break, relax, decompress a bit and if you want rewrite the exam at a later time. On a side note, I thought they wouldn't write an exam in the same exam windows? 

CyberCop123

DZA_ said:

@CyberCop123 - You're so close man, I would say you're exam fatigued / burnt out from all the studying! Take a break, relax, decompress a bit and if you want rewrite the exam at a later time. On a side note, I thought they wouldn't write an exam in the same exam windows? 

Thanks DZA, I don't think I'm burned out, rather it was just a case that I didn't prepare at all and stupidly thought I could just pass without studying.  Stupid me.  Not sure you what you mean about the same exam window?  

Cert_God said:

Sorry to hear that I would recommend the official CISM book and Q&A database, but please do your research and decide what material is going to be best for you. To many people on this forum will tell you to just do it as it costs them nothing and forget there is a person on the other side shelling out hard worked for cash on the exams. 

Thanks Cert_God (cool name btw).  I've got the Q&A database and done around 125 questions I think so far.  I'm learning a lot from it.  Can see where my weak areas are now.  

I'm going to continue these questions for the next 1-2 weeks and possibly try the exam again.  

CyberCop123

I've done 253 questions so far and I'm just not getting it to be honest.  Still really struggling as the questions fall into two categories:

1) Easy, the answer is obvious
2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with

I'm wondering if I'm just wasting my time with this....

DZA_

@CyberCop123 - Sorry, I thought had responded to your previous post. I believe when I had taken my CRISC exam and failed, I couldn't rewrite the certification in the same testing window (E.g. 1 February-24 May 2019 Testing Window) and had to wait for another one to come up. ISACA has their exam windows for every quarter for the most part but there is a period where you can't schedule exams. 

UnixGuy

CyberCop123 said:

I've done 253 questions so far and I'm just not getting it to be honest.  Still really struggling as the questions fall into two categories:

1) Easy, the answer is obvious
2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with

I'm wondering if I'm just wasting my time with this....

Is there a particular domain that you're struggling? Which domain has the lowest score? Perhaps read up on that and do the tests again focusing on that domain?

kaiju

CyberCop123 said:

I've done 253 questions so far and I'm just not getting it to be honest.  Still really struggling as the questions fall into two categories:

1) Easy, the answer is obvious
2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with

I'm wondering if I'm just wasting my time with this....

I found logic didn't work with some of the CISM questions. So I thoroughly researched every question that I got wrong while studying. 

Get a copy of the Official Review guide and read it a couple times. Once slow and methodically followed by at least one review.

Do the QA&E in blocks of 10~50 questions. If you have an issue with a certain question revert back to the Official Guide for that specific issue.  Once you are at 90%~ move on to the next block of 10 ~50 questions.