Passed CRISC today

balance

Knocked out the CRISC exam this morning.  I felt it was straight forward and did not try to confuse you in any way.  Just "Think like an auditor” Read the questions 2X then look at the answer choice and work your way up from "D” to "A” then make a selection. 

I read the CRISC official study guide cover to cover.  I also purchased the CRISC Q&A database although I did not find the database very helpful. .... just "OK"    One of the best resources I found was the official study guide. 

Submitted my application Yesterday Prior to the exam and paid the required fee.    

 

I felt the CRISC exam was much more difficult than the CISM and CISA. Although I do not know my scaled core yet to validate that via quant.

UnixGuy

Congrats! I did find the CRISC needed more studying or experience in Risk & Compliance compared to CISM

Do you work in Risk & Compliance or have plans to do some audit? 

balance

I worked in IA for the DOD A&A kind of work.   Moved to Audit/Risk for a Financial Clearing house.   Currently I am teaching Information Assurance in Kuwait , but I would prefer to get back to being a practitioner at least on the side  to keep the skills sharp.  

If I can't enjoy what I do at least I can stay employed .     I am going to work on CEGIT again.   I find risk very interesting and enjoy studying for these topics. 

I have a long DOD background so we are always viewing things in terms of risk.... I guess it paid off. 

UnixGuy

Good stuff mate!! I do find myself enjoying risk recently. Not a bad area to be in and I predict growth in the future!

balance

I am thinking the same. If I am honest.... this is all in an effort to make myself as attractive to the "Big 4 " as possible.  Although I did have one of their recruiters tell me directly "  Go to the middle east and contract ....you will make a killing"   at least they were honest ...

scasc

Well done, great effort clearing CRISC - both you of . I have a contact at IBM who knows a partner setting up something in Riyadh, will ask the question for you @balance. 

Risk is something that is never going to go away and gives you direct access to the board/SM etc. I am keen to explore the  quantitative side of things (e.g. FAIR) myself. Also, looking at CGEIT but not sure at this stage. 

UnixGuy

@scasc I'm not sure about CGEIT. I don't believe it'll add much value in your case to be honest. I passed CRISC because it was a compliance (heh) requirement for some government work I'm doing. Otherwise, I wouldn't bother. Most people who work in GRC I know either have zero certs or they have some or a mix of CISA/CISM/CISSP

I am interested in the SANS controls cert though, but will never pay for it

scasc

Thanks for the response mate. I think I have reached that point where I dont know what else to do as its not really needed or necessary. I think I will look at FAIR and then take it from there . There is CRMA from IIA but not sure.

Regarding GCCC from SANS. I thought it was a great course, really drilling into the controls and how to implement and audit. If you can get on this well worth it. Perhaps apply for work study.

balance

If I am honest I want the CGEIT so I can say " I have all of the ISACA certs"   

UnixGuy

@scasc all I do now is I just learn a topic, without passing/paying for an exam/cert. Past a certain point, I don't see value in more certs.

For example, using some of the FAIR methods to quantify some risks (or even just learn them/read about them) is enough, I don't see passing an exam adding any value in this instance time is valuable.

UnixGuy

balance said:

If I am honest I want the CGEIT so I can say " I have all of the ISACA certs"   

Make sure you factor in: the cost of the exam, the cost of the Q&A DB, the cost of them "assessing your application" after you pass the exam, the cost of annual fees to  "maintain the cert", the cost of CPEs. 

It's a significant investment in terms of both money and time

balance

IT is an investment . All in a point to make myself a more attractive candidate  I suppose .  It might pay off  or it might not.  

Goldmann

Congrats Buddy!

I wrote mine 5 days earlier on the 13th and it was a beast. It was much harder than CISM. I almost gave up at question 72.

I was surprised when all was said and done I got the PASSED notification. Delirium set in!

Good luck to all prospective CRISC test-takers. Read each question at least 3 times and if you don't get anything from reading the question 3 times, at least get/understand exactly what the question is asking for. If upon review, you should want to change the answer to a flagged question, make sure its worth the change, your first answer is mostly the one. Questions on the DB will not be repeated verbatim. There will however be several questions on the exam testing the same concepts as in the DB; albeit worded weirdly differently; Ergo don't cram the DB.

balance

Thanks   it really was enjoyable.  We will see how CISSP-ISSMP  goes next week. 

Stirlitz

Passed the exam a week ago. Overall, it seemed easier than CISM for me (it took 2 weeks to prepare). The main thing, as it was rightly said above, is to read the question more carefully. And also some questions blew up the brain. I really wanted to look their creator in the eyes

Goldmann

balance said:

Thanks   it really was enjoyable.  We will see how CISSP-ISSMP  goes next week. 

How was the CISSP-ISSMP? Have you written it yet? I am working on it and need some guidance. I hear its similar to CISM and that I can use the CISM QAE DB and materials to ace it.
Kindly share.

Goldmann

Stirlitz said:

Passed the exam a week ago. Overall, it seemed easier than CISM for me (it took 2 weeks to prepare). The main thing, as it was rightly said above, is to read the question more carefully. And also some questions blew up the brain. I really wanted to look their creator in the eyes

 Congrats Buddy! That's what's up!

balance

I think you can use the CISM Q&A to help with CISSP-ISSMP.  

Goldmann

balance said:

I think you can use the CISM Q&A to help with CISSP-ISSMP.  

I see! Thanks for this.