Passed CISM first attempt

SirkassadSirkassad Member Posts: 42 ■■■□□□□□□□
Just returned from the test center.  Test took two hours and was more difficult than I thought it would be; however three years ago I passed the CISSP and I remember coming out of that test completely exhausted, but that's when the test wasn't the 150 question adaptive format. I wasn't as exhausted coming out of the CISM exam, but just as happy!
What surprised me the most was the CISM test I took just now did not have very many 'gimme' questions.  In other words, you earn every point you get in the test.  I would say the CISSP is more conceptual than the CISM.  The CISM is very practical IMO, real-world scenario stuff.  To be honest if I wanted to hire an ISM and I had two candidates and one was a CISSP and the other was a CISM I might lean more towards the CISM, depending on experience of course.

Started studying the beginning of the year and I used the AIO guide, the ISACA manual, and the Q&A DB.  

As a final thought, I really enjoyed studying for the CISM, more than studying for the CISSP.  I think that helped a lot.  The test will be harder for those who have little interest in Info Sec management and are looking for the certification.  The ISACA book is quite dry  (I nodded off more than once while reading it) but it is a definite resource when preparing.




  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,767 Admin

    You are one of the few people here who were able to stomach the CISM Review Manual to study for the exam. Did you also use the QA&E manual or database or the McGraw-Hill CISM book? 
  • SirkassadSirkassad Member Posts: 42 ■■■□□□□□□□
    In addition to the ISACA manual I used the ISACA Q&A DB (so expensive) and the McGraw-Hill AIO by Gregory.  My advice to those preparing is NOT to take any practice tests before thoroughly reading the book(s).  If I were coaching someone I would tell them to read domain 1 in the AIO Gregory book, then read the same domain in the official ISACA, then re-read them again, taking notes and making flashcards the second time around, then if they feel good review your notes and then take the domain 1 practice exam on the ISACA Q&A DB.  If they score under 80%.  Stop and go back to step 1, rinse and repeat.  Do not keep taking practice tests, your results will be skewed and you risk getting a false sense of preparedness.  The Q&A DB is how you gauge your readiness, it isn't meant to be your primary learning method.  What you begin to realize quickly is the CISM world is not the real world, it's ISACA's view of how an organization should behave with respect to information security.  
  • LordQarlynLordQarlyn Member Posts: 648 ■■■■■□□□□□
    Hey congrats! And thanks for the tips. This is one of my goal exams.
  • DZA_DZA_ Untitled. Member Posts: 438 ■■■■■■□□□□
    Congratulations! IMO, I think CISSP focuses on concepts vs CISM which is very corporate enterprise oriented (robust processes) which is applicable in most cases. I do find it interesting that you would hire a CISM over a CISSP. Enjoy your win!
  • ccnpninjaccnpninja Senior Member EuropeMember Posts: 1,010 ■■■□□□□□□□
    من طلب عزائم الأمور ، هان عليه بذل النفس فيها - محمد إبن ابي عامر
Sign In or Register to comment.