Just passed CISSP ... should I now do CISM whilst it's fresh in my head? - EXAM BOOKED!!!
CyberCop123
Member Posts: 338 ■■■■□□□□□□
Was not considering this at all, however I saw someone on another site post something like:
I advise anyone that has passed CISSP to spend 2-3 weeks doing CISM questions and then do that exam too as it will be very very little work.
Would you agree with this?
The same person also recommended doing CCSP too
Thanks
Cybercop
I advise anyone that has passed CISSP to spend 2-3 weeks doing CISM questions and then do that exam too as it will be very very little work.
Would you agree with this?
The same person also recommended doing CCSP too
Thanks
Cybercop
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Comments
-
E Double U Member Posts: 2,238 ■■■■■■■■■■I do agree.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
COBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□Ditto, that's a not a bad way to approach CISM and CCSP, since the exam prep information from CISSP is still fresh in your mind. Go for it. Good Luck!!CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□Darn, I just went to register just to check the pricing and saw it is $760 USD (£606 GBP). For some reason I thought it was much less than this, not sure why, guess I saw something somewhere that made me think that.
Not sure I can afford it yet. I was going to register for 3-4 weeks time to do the examMy Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
COBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□Haha! I know those ISACA exams are as expensive as ISC2 exams.CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
-
PJ_Sneakers Member Posts: 884 ■■■■■■□□□□CyberCop123 said:Darn, I just went to register just to check the pricing and saw it is $760 USD (£606 GBP). For some reason I thought it was much less than this, not sure why, guess I saw something somewhere that made me think that.
Not sure I can afford it yet. I was going to register for 3-4 weeks time to do the exam -
lucky0977 Member Posts: 218 ■■■■□□□□□□You might as well before you start forgetting things. I did mine two years after finishing the CISSP and took about two weeks to go through the Q&A database before taking the CISM.
Bachelor of Science: Computer Science | Hawaii Pacific University
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+ -
DZA_ Member Posts: 467 ■■■■■■■□□□It all depends on your return on your investment for writing the CISM exam, there is a TON of overlap between the two exams and some say that CISSP has a lot of more value compared to its little brother CISM. I went through the CISM Manual and QAE database over the course of the winter break and wrote my exam in March based on work commitments and I passed. It just turns your mindset from a ISC2 Security Manager to a ISACA Security Manager. This also depends on your financial situation whether you think its justifiable to write both exams under the same topic.
Cheers
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□Thanks guys
If I do this then I will get the 12 month access to Q&A and that's it . I don't believe I need the manual as well.
I'll make a decision tomorrow but I'm leaning towards doing it as it doesn't seem much extra work for a quality certificationMy Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
UnixGuy Mod Posts: 4,570 ModI passed CISM without any prep. and I don't hold CISSP. so it's definitely possible!
-
PJ_Sneakers Member Posts: 884 ■■■■■■□□□□UnixGuy said:I passed CISM without any prep. and I don't hold CISSP. so it's definitely possible!
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□Tempted to just book the exam and give it a go asap now.My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
UnixGuy Mod Posts: 4,570 ModCyberCop123 said:Tempted to just book the exam and give it a go asap now.
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□UnixGuy said:CyberCop123 said:Tempted to just book the exam and give it a go asap now.
Deal?
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
UnixGuy Mod Posts: 4,570 ModCyberCop123 said:UnixGuy said:CyberCop123 said:Tempted to just book the exam and give it a go asap now.
Deal?
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□Oh god oh god oh god...... I have booked and scheduled the exam for this Friday - just two days time!
Bit nervous now as I know this exam is more about management and a bit more governance, so more specifically focusing on one area.
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
PJ_Sneakers Member Posts: 884 ■■■■■■□□□□Oh snap you done did it now!!!!! HAHAHAHA
You'll probably be fine. Watch this video:
https://www.youtube.com/watch?v=p_74Kk3b8hQ
-
UnixGuy Mod Posts: 4,570 ModBring it on! Read the questions carefully and enjoy it! It's not a difficult exam! Good luck!
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□FAILED
Will post more later
Just left exam centre
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
CyberCop123 Member Posts: 338 ■■■■□□□□□□
FAILED
As previous post indicated, I failed the exam. The whole thing started badly. The test was supposed to start at 9am, and I got there at 830. The exam person booked me in, checked my ID and showed me to computer. I started the test, and 3 questions in all screens displayed an error message like "LOST CONNECTION" or something.
Nearly an hour to fix the issue, and during this time the man running the test centre kept just saying "either wait or reschedule" - really unhelpful and I ended up having an argument with him about it.
Anyway, I eventually got underway about an hour after originally starting and was really struggling to concentrate and focus. I'm not sure why, I think I was just tired and wasn't feeling in the mood.
The exam was MUCH MUCH harder than I expected. Mainly as with the CISSP there is tons of different subjects so if you're weak in one area it moves on quite quickly.
My stupidity in not preparing at all and thinking I could just pass meant that I struggled with many of the concepts. The constant focus on things like Business Impact Assessment, GAP analysis, Benchmarking was just a killer for me as I had no clue on any of that.
Additionally, it is very very accurate to say that one of my biggest issues and failings was not understanding the angle of the questions/answers and what ISACA are looking for.
As an example, many questions were similar to this:
There has been a major issue noticed with the web server. What is your FIRST priority
(A). Report it to the IT manager
(B). Conduct a risk assessment and consider taking it offline immediately
(C). Notify senior management
(D). Notify the business owner
... Not a clue. Almost all of them seemed fairly plausible. I kept thinking:- Is my priority to escalate this upwards, tell the big bosses about it?
- Or should I, as Information Security Manager own this issue and deal with it?
- Or maybe I should just prioritise this big security incident and take action now
- Maybe I should get this offline now if it's such a big issue?
- The IT manager needs to know though, I should tell them first
It went on and on.
My biggest failing was not doing the Q&A Database questions. Had I done that I think I'd have been more aware of what type of answers they need. E.g. I would have noticed that I should be escalating upwards most of the time... or whatever it is.
Conclusion
Feel pretty down now. After passing the CISSP and the relief that I didn't have to pay to re-take, I have stupidly failed the CISM because I didn't prepare and rushed into it. Even more stupid is the fact that I never ever was interested in it, I just saw a post on Reddit a few days ago in which someone recommended doing it soon after.
I am pretty sure I am going to get the database questions and re-take this in 3-4 weeks time, in early January. I feel like I need to pass now as I've started this process and also want to have the certification on my CV.
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
UnixGuy Mod Posts: 4,570 ModOh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it!
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□UnixGuy said:Oh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it!
I've done some research and most say to just avoid the manual and focus on the Q&A database. I've paid for that today and so I will start using it tomorrow and next week.
I think that 70% of the reason I failed was because I didn't understand what angle I should have been taking with the question, e.g. often there were 4 "right" answers but there was only one that was correct in the context of a CISM manager. 30% of the reason I failed was just a lack of knowledge.
I'm going to re-sit in a months time. Fingers crossed!My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
UnixGuy Mod Posts: 4,570 ModCyberCop123 said:UnixGuy said:Oh man sorry to hear that!!! Don't feel down, you probably needed to study or do some practice tests for it!
I've done some research and most say to just avoid the manual and focus on the Q&A database. I've paid for that today and so I will start using it tomorrow and next week.
I think that 70% of the reason I failed was because I didn't understand what angle I should have been taking with the question, e.g. often there were 4 "right" answers but there was only one that was correct in the context of a CISM manager. 30% of the reason I failed was just a lack of knowledge.
I'm going to re-sit in a months time. Fingers crossed!
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□Got my results through after I failed the CISM exam...
The pass mark is 450
I got 437
Very annoyed by that, probably just a 1-2 questions off passing. Arghhh...
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
DZA_ Member Posts: 467 ■■■■■■■□□□@CyberCop123 - You're so close man, I would say you're exam fatigued / burnt out from all the studying! Take a break, relax, decompress a bit and if you want rewrite the exam at a later time. On a side note, I thought they wouldn't write an exam in the same exam windows?
-
CyberCop123 Member Posts: 338 ■■■■□□□□□□DZA_ said:@CyberCop123 - You're so close man, I would say you're exam fatigued / burnt out from all the studying! Take a break, relax, decompress a bit and if you want rewrite the exam at a later time. On a side note, I thought they wouldn't write an exam in the same exam windows?
Thanks DZA, I don't think I'm burned out, rather it was just a case that I didn't prepare at all and stupidly thought I could just pass without studying. Stupid me. Not sure you what you mean about the same exam window?Cert_God said:Sorry to hear that I would recommend the official CISM book and Q&A database, but please do your research and decide what material is going to be best for you. To many people on this forum will tell you to just do it as it costs them nothing and forget there is a person on the other side shelling out hard worked for cash on the exams.
Thanks Cert_God (cool name btw). I've got the Q&A database and done around 125 questions I think so far. I'm learning a lot from it. Can see where my weak areas are now.
I'm going to continue these questions for the next 1-2 weeks and possibly try the exam again.
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
CyberCop123 Member Posts: 338 ■■■■□□□□□□I've done 253 questions so far and I'm just not getting it to be honest. Still really struggling as the questions fall into two categories:
1) Easy, the answer is obvious
2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with
I'm wondering if I'm just wasting my time with this....
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
DZA_ Member Posts: 467 ■■■■■■■□□□@CyberCop123 - Sorry, I thought had responded to your previous post. I believe when I had taken my CRISC exam and failed, I couldn't rewrite the certification in the same testing window (E.g. 1 February-24 May 2019 Testing Window) and had to wait for another one to come up. ISACA has their exam windows for every quarter for the most part but there is a period where you can't schedule exams.
-
UnixGuy Mod Posts: 4,570 ModCyberCop123 said:I've done 253 questions so far and I'm just not getting it to be honest. Still really struggling as the questions fall into two categories:
1) Easy, the answer is obvious
2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with
I'm wondering if I'm just wasting my time with this....
-
kaiju Member Posts: 453 ■■■■■■■□□□CyberCop123 said:I've done 253 questions so far and I'm just not getting it to be honest. Still really struggling as the questions fall into two categories:
1) Easy, the answer is obvious
2) The answer is impossible to locate and when I choose, it's something different for a reason I don't quite agree with
I'm wondering if I'm just wasting my time with this....I found logic didn't work with some of the CISM questions. So I thoroughly researched every question that I got wrong while studying.Get a copy of the Official Review guide and read it a couple times. Once slow and methodically followed by at least one review.Do the QA&E in blocks of 10~50 questions. If you have an issue with a certain question revert back to the Official Guide for that specific issue. Once you are at 90%~ move on to the next block of 10 ~50 questions.
Work smarter NOT harder! Semper Gumby!