Provisionally passed CRISC on 5-Feb

My QAE database stats as of last night before taking the exam this morning.

Image: https://us.v-cdn.net/6030959/uploads/editor/44/jq4g67idzu18.jpg

Congrats!

Why do you want to pursue CGEIT ?

UnixGuy said:

Congrats!

Why do you want to pursue CGEIT ?

Basically for sh*ts & giggles

I don't actually need it, but based on the outline there is overlap with my other credentials from ISACA, ISC2, and even ITIL. Seems like an easy win plus I have more than enough budget for it. I think I am just taking exams for fun at this point in combination with taking advantage of every dollar my employer is willing to spend.

E Double U said:

UnixGuy said:

Congrats!

Why do you want to pursue CGEIT ?

Basically for sh*ts & giggles

my problem with ISACA is the renewal fees, exam fees, etc etc.

Info_Sec_Wannabe

E Double U said:

UnixGuy said:

Congrats!

Why do you want to pursue CGEIT ?

Basically for sh*ts & giggles

I don't actually need it, but based on the outline there is overlap with my other credentials from ISACA, ISC2, and even ITIL. Seems like an easy win plus I have more than enough budget for it. I think I am just taking exams for fun at this point in combination with taking advantage of every dollar my employer is willing to spend.

I wish my employer has a huge pocket for trainings as well.

UnixGuy said:

E Double U said:

UnixGuy said:

Congrats!

Why do you want to pursue CGEIT ?

Basically for sh*ts & giggles

my problem with ISACA is the renewal fees, exam fees, etc etc.

My sentiments exactly. Thinking of dropping one of my ISACA certs as current employer is not paying for it.

Having employers that pay for trainings, exams, study materials, and annual maintenance fees is why I have been on this big certification run over the years. Earlier in my career I was an external contractor paying for these things out of pocket. I know the pain of money down the drain for failing exams multiple times. Once I obtained employment with organizations that would cover all expenses I have taken full advantage and plan to continue doing so until the well runs dry.

Having 10+ credentials that require fees to keep them active gets quite expensive so I will definitely let some go if I end up with a company that does not have the budget to cover the costs. But until then...

I mean I can't complain, I claim them on tax, I just don't understand why ISACA need fees, it annoys me because I get zero value from them

At least SANS update their material and they send you the updated material...ISACA? I only get marketing emails from them about "chapter meetings" that I will never ever attend (attended them twice, no thanks)

ISACA even has an application processing fee of $50 lol. I do like that SANS provides updated material which I guess is their justification for their high renewal fee, but I honestly do not need the new material. GIAC credentials are valid for four years so by that time I am already in a different role than at the time of taking the exam which is when I would have needed the material.

If I reach the point where I have to fund all of this myself, I think I would only maintain CISSP and CISM as they are the most consistently mentioned in the vacancies that catch my eye.

Received an official scaled score of 621

Image: https://us.v-cdn.net/6030959/uploads/editor/0c/ykod298x7uip.jpg

I score higher with each ISACA go-round. 536 for CISM (2017) and 572 for CISA (2018).

dinger68

Congrats on the pass

My certification process is taking a while since I had my employer pay the application fee and apparently ISACA had so many requests to process at the same time. Received an email from ISACA yesterday stating that I do meet the qualifications and will be certified within ten business days.

Yeah, ISACA is probably having a lot of request based on the end of the current CISM exam at the end of the month. I am in this race with @JDMurray

I just hope to pass.. and get a better score than him.. (Just teasing!)

I'm hoping just to pass. This is a lot of material to digest in such a short time...

Good luck gentlemen!

Last sprint before the exam..

Exam Monday morning

Officially certitied as of 12-May

DZA_

Good luck gents! let us know how it goes.

Exam succeeded ! I felt somewhat confident, but as the exam started, it was not as sure. It was also one of the first time, I didnt get totally OCD on the exam preparation and mostly used my experience and the 3 UofT class as preparation. I used the ISACA Q&A book and did half the question only. Many questions of this exam come from directly from the book, so it is definitely a good ressources.

Hey congratz! It's great to get past that cert.

I decided to take more time and go for the CISM 2022 later this year. I noticed new Pluralsight content being released this month for the new CISM exam and the material looks more interesting. I'm al;so guessing that a lot of the CISM 2018 material was carried forward and topics like Cloud and Incident Response will be expanded.

From what I heard, the changes are very cosmetic. They shuffled some subject from domain to domain. Also they shifted the focus more on incident management and other operationnal concern rather than governance.

But in my case I am happy it is done.

Next one

CISA, GCIH or OSCP.

SteveLavoie said:

From what I heard, the changes are very cosmetic. They shuffled some subject from domain to domain. Also they shifted the focus more on incident management and other operationnal concern rather than governance.

But in my case I am happy it is done. Next one CISA, GCIH or OSCP.

CISA would make the most sense in my
opinion because of the material overlap across ISACA credentials.

CISA, CISM, and CISSP is the "triple crown" of InfoSec and is certainly more respected than my intended choice of the CISSP-ISSMP after the CISM. I think this will be an easier sell to my employer than building a business case for a SOC manger having a GCIH.

IMO, a SOC manager having a GCIH make sense. Well more sense than having CISSP-ISSMP. ISC2 are neglecting their advanced CISSP certification, I think.

SteveLavoie said:

IMO, a SOC manager having a GCIH make sense. Well more sense than having CISSP-ISSMP.

I guess it depends on what your org think a "manager" is. I manage people and processes (strategic) and not the technical operations stuff (tactical) that the security analysts have their fingers stuck in.

I don't know about CISA, we usually recommend it for people new to IT or completely new to audit, for experience folks I don't see how it can add any value

@UnixGuy - Would people that are new to IT meet the minimum requirements for ISACA credentials?

E Double U said:

@UnixGuy - Would people that are new to IT meet the minimum requirements for ISACA credentials?

Wow I just looked that up, 5 years experience for CISA? It's the cert that we recommend for consultants at the beginning of their audit career as far as content is concerned as it touches on the basics of auditing really.

Looks like to be CISA certified you need 5 yrs of experience. Only scenario where I see CISA valuable is if someone wants to be a career auditors, but I'd question why would they do CISA to begin with if they already have 5 yrs of experience in audit...

UnixGuy said:
Only scenario where I see CISA valuable is if someone wants to be a career auditors

Yep, I completely agree with this. I don't want to do IT auditing so I don't need CISA, but if I had to come to some deep understanding about IT auditing I would look at the CISA material first.

UnixGuy said:
...but I'd question why would they do CISA to begin with if they already have 5 yrs of experience in audit...

That's similar to what project managers say about the PMP cert, which requires 25K hours of project management experience. (e.g., "Why would I want the PMP cert if I already have that kind of PM experience?") The reason is to have CISA on your resume to impress some future hiring manager or satisfy a job recruiter's checklist.

@UnixGuy - Then you could question the value of any ISACA, ISC2, or other credentials with those type of requirements. I believe doing certain certs after years of experience is logical as the learning compliments (but not always mimics) what one has learned on the job.