Passed CRISC today

balancebalance MBA,CISSP-ISSMP,CISM,CISA,CRISC,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+Member Posts: 143 ■■■■□□□□□□

Knocked out the CRISC exam this morning.  I felt it was straight forward and did not try to confuse you in any way.  Just "Think like an auditor” Read the questions 2X then look at the answer choice and work your way up from "D” to "A” then make a selection. 

I read the CRISC official study guide cover to cover.  I also purchased the CRISC Q&A database although I did not find the database very helpful. .... just "OK"    One of the best resources I found was the official study guide. 


Submitted my application Yesterday Prior to the exam and paid the required fee.    

 

I felt the CRISC exam was much more difficult than the CISM and CISA. Although I do not know my scaled core yet to validate that via quant.


Comments

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,232 Mod
    Congrats! I did find the CRISC needed more studying or experience in Risk & Compliance compared to CISM

    Do you work in Risk & Compliance or have plans to do some audit? 


    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • balancebalance MBA,CISSP-ISSMP,CISM,CISA,CRISC,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 143 ■■■■□□□□□□
    I worked in IA for the DOD A&A kind of work.   Moved to Audit/Risk for a Financial Clearing house.   Currently I am teaching Information Assurance in Kuwait , but I would prefer to get back to being a practitioner at least on the side  to keep the skills sharp.  

    If I can't enjoy what I do at least I can stay employed .     I am going to work on CEGIT again.   I find risk very interesting and enjoy studying for these topics. 

    I have a long DOD background so we are always viewing things in terms of risk.... I guess it paid off. 

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,232 Mod
    Good stuff mate!! I do find myself enjoying risk recently. Not a bad area to be in and I predict growth in the future!
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • balancebalance MBA,CISSP-ISSMP,CISM,CISA,CRISC,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 143 ■■■■□□□□□□
    I am thinking the same. If I am honest.... this is all in an effort to make myself as attractive to the "Big 4 " as possible.  Although I did have one of their recruiters tell me directly "  Go to the middle east and contract ....you will make a killing"   at least they were honest ...
  • scascscasc Member Posts: 340 ■■■■■□□□□□
    Well done, great effort clearing CRISC - both you of :). I have a contact at IBM who knows a partner setting up something in Riyadh, will ask the question for you @balance

    Risk is something that is never going to go away and gives you direct access to the board/SM etc. I am keen to explore the  quantitative side of things (e.g. FAIR) myself. Also, looking at CGEIT but not sure at this stage. 
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GDSA, GCSA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,232 Mod
    @scasc I'm not sure about CGEIT. I don't believe it'll add much value in your case to be honest. I passed CRISC because it was a compliance (heh) requirement for some government work I'm doing. Otherwise, I wouldn't bother. Most people who work in GRC I know either have zero certs or they have some or a mix of CISA/CISM/CISSP

    I am interested in the SANS controls cert though, but will never pay for it :D
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • scascscasc Member Posts: 340 ■■■■■□□□□□
    edited October 19
    Thanks for the response mate. I think I have reached that point where I dont know what else to do as its not really needed or necessary. I think I will look at FAIR and then take it from there :). There is CRMA from IIA but not sure.

    Regarding GCCC from SANS. I thought it was a great course, really drilling into the controls and how to implement and audit. If you can get on this well worth it. Perhaps apply for work study.
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GDSA, GCSA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
  • balancebalance MBA,CISSP-ISSMP,CISM,CISA,CRISC,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 143 ■■■■□□□□□□
    If I am honest I want the CGEIT so I can say " I have all of the ISACA certs"  :) 
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,232 Mod
    @scasc all I do now is I just learn a topic, without passing/paying for an exam/cert. Past a certain point, I don't see value in more certs.

    For example, using some of the FAIR methods to quantify some risks (or even just learn them/read about them) is enough, I don't see passing an exam adding any value in this instance :) time is valuable.
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,232 Mod
    balance said:
    If I am honest I want the CGEIT so I can say " I have all of the ISACA certs"  :) 

    Make sure you factor in: the cost of the exam, the cost of the Q&A DB, the cost of them "assessing your application" after you pass the exam, the cost of annual fees to  "maintain the cert", the cost of CPEs. 

    It's a significant investment in terms of both money and time
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • balancebalance MBA,CISSP-ISSMP,CISM,CISA,CRISC,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 143 ■■■■□□□□□□
    IT is an investment . All in a point to make myself a more attractive candidate  I suppose .  It might pay off  or it might not.  
  • GoldmannGoldmann Member Posts: 7 ■■□□□□□□□□
    Congrats Buddy!

    I wrote mine 5 days earlier on the 13th and it was a beast. It was much harder than CISM. I almost gave up at question 72.

    I was surprised when all was said and done I got the PASSED notification. Delirium set in!

    Good luck to all prospective CRISC test-takers. Read each question at least 3 times and if you don't get anything from reading the question 3 times, at least get/understand exactly what the question is asking for. If upon review, you should want to change the answer to a flagged question, make sure its worth the change, your first answer is mostly the one. Questions on the DB will not be repeated verbatim. There will however be several questions on the exam testing the same concepts as in the DB; albeit worded weirdly differently; Ergo don't cram the DB.

  • balancebalance MBA,CISSP-ISSMP,CISM,CISA,CRISC,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 143 ■■■■□□□□□□
    Thanks   it really was enjoyable.  We will see how CISSP-ISSMP  goes next week. 
Sign In or Register to comment.