@CyberCop123; You already have the OSCP and CISSP, which are already impressive achievements. I assume the reason you want to do this is for your own personal achievement rather than your employer requiring you to do it. If I had to pay out of pocket for this, I wouldn't do it but it's your money.
Bachelor of Science: Computer Science | Hawaii Pacific University
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
Just after I failed this I managed to get put on two SANS courses which were only two months apart.
I did the SANS FOR572 (Network Forensics and Threat Hunting, and SANS FOR610 (Reverse Engineering of Malware)
I passed both and just haven't had much time to look again at CISM. I am unlikely to go back to do it to be honest. I'm more likely to look at doing the OSCE at some point in the next 1-2 years, need a break first!
Why does someone who does so well in the areas covered by the OSCP, GNFA, and GREM cert need the CISM too? Those are completely different InfoSec career paths. Were you looking to give up the technical track and go into InfoSec team management soon?
Why does someone who does so well in the areas covered by the OSCP, GNFA, and GREM cert need the CISM too? Those are completely different InfoSec career paths. Were you looking to give up the technical track and go into InfoSec team management soon?
At the time I didn't have the GNFA or GREM. I only had the OSCP and CISSP - however your point is still very valid. I didn't need the CISM but I got a bit greedy!
I love studying for IT certifications and the thought of an easy win with the CISM was too tempting. It back fired though. I only failed by 1%.
I'm not looking to go into Information Security, I much prefer the technical side. With that in mind I am pretty sure I won't be doing the CISM (unless something changes in the future)
It was a good attempt even if you were a bit haphazard in your preparation. However, had you passed, your only pay-off would have been knowing that you passed the exam. If you had passed the CISM exam you still would not have been awarded the CISM certification. ISACA, like the (ISC)2, has a professional work experience requirement for their certifications. You wouldn't have received the CISM cert, or been allowed to put "CISM" on your resume until you acquired the requisite years of InfoSec management experience and were vetted. Presently, you are given six years to acquire this experience.
Why does someone who does so well in the areas covered by the OSCP, GNFA, and GREM cert need the CISM too? Those are completely different InfoSec career paths. Were you looking to give up the technical track and go into InfoSec team management soon?
At the time I didn't have the GNFA or GREM. I only had the OSCP and CISSP - however your point is still very valid. I didn't need the CISM but I got a bit greedy!
I love studying for IT certifications and the thought of an easy win with the CISM was too tempting. It back fired though. I only failed by 1%.
I'm not looking to go into Information Security, I much prefer the technical side. With that in mind I am pretty sure I won't be doing the CISM (unless something changes in the future)
I want to know what study material did you use for CISSP?
@CyberCop123 Most find the CISM exam is easier than the CISSP. As @kaiju has stated, if you go through the book a 2 (or 3) times, you will get the subject matter.
I dont think the CISSP is that similar to CISM in fact, I did the certs back to back and after chewing through the practice exam questions, I found that there is a fair bit of correlation with other standards such as SABSA and ITIL. These are completely not in the CISSP exam.
Comments
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
Just after I failed this I managed to get put on two SANS courses which were only two months apart.
I did the SANS FOR572 (Network Forensics and Threat Hunting, and SANS FOR610 (Reverse Engineering of Malware)
I passed both and just haven't had much time to look again at CISM. I am unlikely to go back to do it to be honest. I'm more likely to look at doing the OSCE at some point in the next 1-2 years, need a break first!
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
At the time I didn't have the GNFA or GREM. I only had the OSCP and CISSP - however your point is still very valid. I didn't need the CISM but I got a bit greedy!
I love studying for IT certifications and the thought of an easy win with the CISM was too tempting. It back fired though. I only failed by 1%.
I'm not looking to go into Information Security, I much prefer the technical side. With that in mind I am pretty sure I won't be doing the CISM (unless something changes in the future)
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Sorry about the non-pass, it stinks.
Most find the CISM exam is easier than the CISSP. As @kaiju has stated, if you go through the book a 2 (or 3) times, you will get the subject matter.