ISACA

Has anyone taken any of ISACA cert exams before? I signed up for the beta CCOA (Certified Cybersecurity Operations Analyst), which they were only offering 200 spots...They said I would know by mid Aug if I qualify to take it or not.

Find more posts tagged with

Comments

JDMurray

Ah, it would have been nice to know about that open beta--which is now closed.

shochan

Yeah I happened to find out late last Friday & was studying all wkend for SecX

UnixGuy

I took CISM and CRISC, and I was paying their annual 'renewal fees'. Last year I decided I don't wanna pay so they revoked my certs. I am no longer 'credentialed' (they use this word on their website). Lovely people

I didn't learn anything when I did the certs. I remember one of them I went to the exam without studying and the other I did their QA database questions bank (which you probably need to purchase to pass)

10/10 wouldn't recommend them for anything if the goal is learning. That's my personal opinion and experience, others don't agree and have different experiences

shochan

Thanks for your input...I have also decided not to renew my certs either...it's a cash grab IMO.

UnixGuy

shochan said:

Thanks for your input...I have also decided not to renew my certs either...it's a cash grab IMO.

I also went to an ISACA meeting by the ISACA local chapter in my city, they were voting for their inaugural committee thing, I think I lost a few brain cells in that meeting. They're known to host the most pointless 'industry events'.

JDMurray

UnixGuy said:

I also went to an ISACA meeting by the ISACA local chapter in my city, they were voting for their inaugural committee thing, I think I lost a few brain cells in that meeting. They're known to host the most pointless 'industry events'.

I went to a couple of my local ISACA events and had the same experience. Lots of bureaucratic middle-management and office workers. It was interesting to see the number of ISACA members who were also in the local ISC2 and ISSA chapters too. I also realized that the CISM has nothing to do with actually working as a manager unless your org uses COBIT. The CISSP is still the only cert that I think is work keeping renewed.

UnixGuy

JDMurray said:

UnixGuy said:

I also went to an ISACA meeting by the ISACA local chapter in my city, they were voting for their inaugural committee thing, I think I lost a few brain cells in that meeting. They're known to host the most pointless 'industry events'.

I went to a couple of my local ISACA events and had the same experience. Lots of bureaucratic middle-management and office workers. It was interesting to see the number of ISACA members who were also in the local ISC2 and ISSA chapters too. I also realized that the CISM has nothing to do with actually working as a manager unless your org uses COBIT. The CISSP is still the only cert that I think is work keeping renewed.

I used to pay to keep SANS GIAC certs because they used to send me 'updated SANS material'

but I decided not to renew anything at all. If I passed the exam once, this is it. I don't believe I need to keep paying those organisations for anything. I'll put it on CV and I'll say I passed the cert exam at a certain date.

Knowledge is freely available out there!

I haven't found paying those organisations and submitting proof of continuous learning useful for my career. Haven't been asked about my certs once.

The world has changed, all cyber security knowledge that used to be hard to obtain is now readily available, affordable, and the quality has gone up.

For eg SANS used to be the only high quality provider for blue team related training, now I can count at least 5 incredibly high quality online training providers that offer a much better training and practice platforms than SANS for a fraction of the price.

Ditto for pentesting, Offsec OSCP was the only thing worthwhile...not anymore

this is good! knowledge should be accessible and it shouldn't cost a thousands of dollars.

Organisations like ISACA serve no purpose at this point.. things will change, slowly but surely

spiderjericho

One of my ISACA certs was revoked last week. Didn’t even check to see which. I’ll probably go in and see if it’s a CEU thing.

But my attitude is ROI. To me CISSP, the CompTIA and my Cisco are the only ones I absolutely maintain. I do like to learn and love the certification journey but it can be a cottage industry in itself sometimes…fueled by head hunting search engines and promise of lucrative salaries.