Provisionally passed CRISC on 5-Feb

E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
edited February 2022 in CRISC
Began studying in November with only the ISACA review manual and QAE database. 

Gave the manual one good read and reviewed the major points two more times. I continued going through all 599 questions in the database until I was consistently scoring a minimum of 80%. I took a break for a few weeks in January, but for the past two weeks I started hammering through the database again.

I completed the exam in two hours. I skipped a lot of questions in the beginnng of the exam because my technique is to always skip questions I cannot answer immediately. Whenever I take exams I like to keep count of the ones I feel I know for sure. If I feel confident the amount I have scored correctly is enough to pass then I do not stress hard when I go back over the questions I skipped. I flagged quite a few questions, but did not go back to review them because I don't think it is a good idea to change my answers. 

I might do CGEIT next, but undecided.
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
Tagged:
«1

Comments

  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    edited February 2022
    My QAE database stats as of last night before taking the exam this morning.



    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Congrats!

    Why do you want to pursue CGEIT ?
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    edited February 2022
    UnixGuy said:
    Congrats!

    Why do you want to pursue CGEIT ?
    Basically for sh*ts & giggles  B)

    I don't actually need it, but based on the outline there is overlap with my other credentials from ISACA, ISC2, and even ITIL. Seems like an easy win plus I have more than enough budget for it. I think I am just taking exams for fun at this point in combination with taking advantage of every dollar my employer is willing to spend. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    UnixGuy said:
    Congrats!

    Why do you want to pursue CGEIT ?
    Basically for sh*ts & giggles  B)



    my problem with ISACA is the renewal fees, exam fees, etc etc.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    UnixGuy said:
    Congrats!

    Why do you want to pursue CGEIT ?
    Basically for sh*ts & giggles  B)

    I don't actually need it, but based on the outline there is overlap with my other credentials from ISACA, ISC2, and even ITIL. Seems like an easy win plus I have more than enough budget for it. I think I am just taking exams for fun at this point in combination with taking advantage of every dollar my employer is willing to spend. 
    I wish my employer has a huge pocket for trainings as well.

    UnixGuy said:
    UnixGuy said:
    Congrats!

    Why do you want to pursue CGEIT ?
    Basically for sh*ts & giggles  B)



    my problem with ISACA is the renewal fees, exam fees, etc etc.
    My sentiments exactly. Thinking of dropping one of my ISACA certs as current employer is not paying for it.
    X year plan: (20XX) OSCP [ ], CCSP [ ]
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    Having employers that pay for trainings, exams, study materials, and annual maintenance fees is why I have been on this big certification run over the years. Earlier in my career I was an external contractor paying for these things out of pocket. I know the pain of money down the drain for failing exams multiple times. Once I obtained employment with organizations that would cover all expenses I have taken full advantage and plan to continue doing so until the well runs dry. 

    Having 10+ credentials that require fees to keep them active gets quite expensive so I will definitely let some go if I end up with a company that does not have the budget to cover the costs. But until then...
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I mean I can't complain, I claim them on tax, I just don't understand why ISACA need fees, it annoys me because I get zero value from them


    At least SANS update their material and they send you the updated material...ISACA? I only get marketing emails from them about "chapter meetings" that I will never ever attend (attended them twice, no thanks)
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    ISACA even has an application processing fee of $50 lol. I do like that SANS provides updated material which I guess is their justification for their high renewal fee, but I honestly do not need the new material. GIAC credentials are valid for four years so by that time I am already in a different role than at the time of taking the exam which is when I would have needed the material. 

    If I reach the point where I have to fund all of this myself, I think I would only maintain CISSP and CISM as they are the most consistently mentioned in the vacancies that catch my eye. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    edited February 2022
    Received an official scaled score of 621



    I score higher with each ISACA go-round. 536 for CISM (2017) and 572 for CISA (2018).
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • dinger68dinger68 Registered Users Posts: 19 ■■■□□□□□□□
    Congrats on the pass
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    My certification process is taking a while since I had my employer pay the application fee and apparently ISACA had so many requests to process at the same time. Received an email from ISACA yesterday stating that I do meet the qualifications and will be certified within ten business days. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    edited May 2022
    Yeah, ISACA is probably having a lot of request based on the end of the current CISM exam at the end of the month.  I am in this race with @JDMurray :) I just hope to pass.. and get a better score than him.. (Just teasing!)
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    I'm hoping just to pass. This is a lot of material to digest in such a short time... :s
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    Good luck gentlemen!
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    Last sprint before the exam.. :) Exam Monday morning :)
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    Officially certitied as of 12-May  o:)
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    Good luck gents! let us know how it goes.
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    edited May 2022
    Exam succeeded !  I felt somewhat confident, but as the exam started, it was not as sure. It was also one of the first time, I didnt get totally OCD on the exam preparation and mostly used my experience and the 3 UofT class as preparation.  I used the ISACA Q&A book and did half the question only. Many questions of this exam come from directly from the book, so it is definitely a good ressources. 
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Hey congratz! It's great to get past that cert. :)
    I decided to take more time and go for the CISM 2022 later this year. I noticed new Pluralsight content being released this month for the new CISM exam and the material looks more interesting. I'm al;so guessing that a lot of the CISM 2018 material was carried forward and topics like Cloud and Incident Response will be expanded.
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    From what I heard, the changes are very cosmetic. They shuffled some subject from domain to domain. Also they shifted the focus more on incident management and other operationnal concern rather than governance. 

    But in my case I am happy it is done. :)  Next one :) CISA, GCIH or OSCP. 
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    From what I heard, the changes are very cosmetic. They shuffled some subject from domain to domain. Also they shifted the focus more on incident management and other operationnal concern rather than governance. 

    But in my case I am happy it is done. :)  Next one :) CISA, GCIH or OSCP. 
    CISA would make the most sense in my
    opinion because of the material overlap across ISACA credentials.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    CISA, CISM, and CISSP is the "triple crown" of InfoSec and is certainly more respected than my intended choice of the CISSP-ISSMP after the CISM. I think this will be an easier sell to my employer than building a business case for a SOC manger having a GCIH.
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    edited May 2022
    IMO, a SOC manager having a GCIH make sense.   Well more sense than having CISSP-ISSMP. ISC2 are neglecting their advanced CISSP certification, I think. 
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    IMO, a SOC manager having a GCIH make sense.   Well more sense than having CISSP-ISSMP.
    I guess it depends on what your org think a "manager" is. I manage people and processes (strategic) and not the technical operations stuff (tactical) that the security analysts have their fingers stuck in.

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I don't know about CISA, we usually recommend it for people new to IT or completely new to audit, for experience folks I don't see how it can add any value
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    @UnixGuy - Would people that are new to IT meet the minimum requirements for ISACA credentials?
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    @UnixGuy - Would people that are new to IT meet the minimum requirements for ISACA credentials?

    Wow I just looked that up, 5 years experience for CISA? It's the cert that we recommend for consultants at the beginning of their audit career as far as content is concerned as it touches on the basics of auditing really.


    Looks like to be CISA certified you need 5 yrs of experience. Only scenario where I see CISA valuable is if someone wants to be a career auditors, but I'd question why would they do CISA to begin with if they already have 5 yrs of experience in audit...
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    edited May 2022
    UnixGuy said:
    Only scenario where I see CISA valuable is if someone wants to be a career auditors
    Yep, I completely agree with this. I don't want to do IT auditing so I don't need CISA, but if I had to come to some deep understanding about IT auditing I would look at the CISA material first.

    UnixGuy said:
    ...but I'd question why would they do CISA to begin with if they already have 5 yrs of experience in audit...
    That's similar to what project managers say about the PMP cert, which requires 25K hours of project management experience. (e.g., "Why would I want the PMP cert if I already have that kind of PM experience?") The reason is to have CISA on your resume to impress some future hiring manager or satisfy a job recruiter's checklist.  ;)

  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    @UnixGuy - Then you could question the value of any ISACA, ISC2, or other credentials with those type of requirements. I believe doing certain certs after years of experience is logical as the learning compliments (but not always mimics) what one has learned on the job. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    JDMurray said:
    IMO, a SOC manager having a GCIH make sense.   Well more sense than having CISSP-ISSMP.
    I guess it depends on what your org think a "manager" is. I manage people and processes (strategic) and not the technical operations stuff (tactical) that the security analysts have their fingers stuck in.

    I am in a smaller organisation.. so a manager is just like one step above most worker 
Sign In or Register to comment.