How long did you study for ISACA Cert?

Let hear is CISA/CISM..etc holders.

How long did you study for and whats your background in the subject?

Find more posts tagged with

Comments

I studied for about three weeks but I should of studied more; I should of studied at least for 5 weeks.
I had my CISSP and Security+ and ITIL v3 foundation certificate and 14+ years of IT experience.

idr0p

Removed Unnecessary Quote

Awesome thanks for the info I think i am going to start studying end of oct. for the dec 11th test.

badrottie

For the CISM? I barely studied, as there is a lot of overlap with the CISSP.

In case you are wondering what my study plan was for the CISSP, I did not go through the gruelling process of reading the AIO or OIG cover-to-cover either. I just read a few topics that I have not directly worked with in order to fill in a few knowledge gaps. (Honestly, if you know the material from having had to work with it extensively, studying is ancillary. As with all things, your milage may vary.)

10+ years information security experience, spread across all 10 CISSP CBK domains.

idr0p

Nice, thanks for the input badrottie

badrottie

idr0p wrote: »

Nice, thanks for the input badrottie

idr0p,

Please bear in mind what worked for me may not apply to you. We all bring our own experience and knowledge into the exam. I have had to work extensively doing risk analysis, information security program development/architecture/governance/management, incident response, DR/BCP, etc. As it turns out, those are the job practice areas that the CISM focuses on.

So, when I say that I have barely studied for the exam, it does not mean that I have not had not studied those topics previously in my career. In fact, I had to do a deep-dive in all of them. Otherwise, I would have been studying like anyone else to bridge a gap in knowledge/experience.

Gnothi Seauton ("Know thyself").

shaqazoolu

I studied for about 8 weekends for the CISM. I had been performing risk assessments as a consultant for about 8 months prior. The guy that proofed my work and trained me had the CISM already, so the study material was pretty much right in stride with what I was already doing. I would suggest at least 3 months of serious prep time if you have never touched those topics professionally.

tpatt100

I really need to figure out a study schedule for the Dec CISA exam. I think I am just going to spend four weeks on it.

Inbahrain2011

i went to a one week class, then studied for 3 weeks after the class leading up to the exam. I thought the test was harder than the class made it seem. How mch you need to study honestly depends on how well you get the material. If you get it you may not need to study as hard, if not, lock yourself in the basement and start studying.

NeriKutta

For CISA June 2011 exam, I just answered the practice questions for about 5 weeks. Went through each question 3-4 times and read the answer explanations for those that were not quite obvious. As far as general terms (like private keys, public keys, secutity certificates, etc.) that I encounted in the questions, I looked them up on Google/Wikipedia. Not once did I open the study guide (the big fat book).

As far as experience, I have over 15 years in CAAT and application development.

Hope this helps. Best wishes!!

colemic

Similar to NeriKutta here - I mainly used the practice questions (altthough for a lot longer than 5 weeks. I scraped by. I haven't convinced myself that CISM is worth the effort in December, with WGU eating up time as well...

contentpros

For the CISM barely any study time. Like Badrottie I have 15+ years of infosec experience. I read the official review guide once skipping the first section of each chapter and did a review course (3 Saturdays) with my local ISACA chapter. As a bonus the review course earned me 24 CPE's that everyone including SANS seems to accept and the course was around $100.

JDMurray

contentpros wrote: »

... and did a review course (3 Saturdays) with my local ISACA chapter. As a bonus the review course earned me 24 CPE's that everyone including SANS seems to accept and the course was around $100.

That is a great deal! I must remember to check if my local ISACA chapter has a course like that if I ever do their certs.

Dani1982

Hello,

I just found this forum today. I am a financial auditor and I'm considering taking the CISA in September. Just got the review material for the ISACA website. Would you consider 4 months enough time for someone that is not really familiar with IT auditing? I have some knowledge but I've not been practicing. Also regarding certification, It is not quite clear to me from the ISACA website whether my financial audit experience would be enough to demonstrate qualification once I pass the exam. Any insights? I have 6 years of experience (2 as an external auditor and 4 as an internal auditor) and a master in accounting. I would have the opportunity to be in both the IT and financial audit teams in my current job if I pass the exam.

Thank you for your help,

badrottie

Removed Unnecessary Quote

Your background in accounting, both internal and external, will help considerably. That being said, the CISA is definitely more focused on IT aspects of auditing, so 4 months of dedicated study may be sufficient to understand the material.

I would recommend purchasing a copy of the CISA question database and testing yourself to measure yourself, however.

Cheers!

Dani1982

Removed Unnecessary Quote

Thank you for your response that helps:)... I purchase CISA question database.

badrottie

Dani,

I forgot to mention that the experience requirements for the CISA are a minimum of 5 years of professional information systems auditing, control or security work experience. You can substitute or waive up to a maximum of 3 years of such experience depending upon your education and work experience. Please see the ISACA website for more information: How to Become CISA Certified

As you are a financial auditor, you would most likely need a minimum of 2 years of IS related experience before you could qualify.
That being said, there is nothing to stop you from taking the CISA, and once you pass it, obtain the necessary work experience requirements to become certified.

If you have any questions, ISACA is the authoritative source and I would recommend contacting them.

Cheers.

Dani1982

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

Thank you for your response. I was given the opportunity to be in both the Financial and IT audit teams in my current job so hopefully I will meet all requirements ASAP.

Ama

GoodBishop

CISA - 8 hours
CISM - 24 hours
CGEIT - 16 hours
CRISC - 16 hours

For the CISA, I took a Friday for PTO and studied all day, then took the test on Saturday. Passed by one question. I had just finished doing 160 hours for the CISSP, so I was on the ball back then. Note - this is not recommended for normal people. Normal people should study more than 8 hours to pass the CISA.

CISM took me a bit more - I wanted to refresh my memories and have some extra insurance, but it wasn't bad. Very similar to the CISSP - I scored the highest on this exam out of the four exams.

CRISC I took next after working in a IT audit position for a year and a half. The most amount of time it took was going through the review manual. It was a very dry read. I crushed this exam as well.

CGEIT was the final one - I took it after working in that IT audit position for another half a year. By this point, I didn't have any worries that I would pass. I did take the time to do 16 hours of study and crank through the ISACA review manual again.

aprilyichenwang

badrottie wrote: »

Removed Unnecessary Quote

Your background in accounting, both internal and external, will help considerably. That being said, the CISA is definitely more focused on IT aspects of auditing, so 4 months of dedicated study may be sufficient to understand the material.

I would recommend purchasing a copy of the CISA question database and testing yourself to measure yourself, however.

Cheers!

That's very encouraging. I am thinking about a career change from audit to IT audit. Hopefully by passing the CISA exam, I can get into the door BIG Four IT Audit entry level position. What do you guys think? Right now, I am working in a small CPA firm doing audit. I have my CPA, no IT Background.

LarryDaMan

I work as a systems auditor and have worked with financial systems in the past. I passed with about 2 or 3 days of studying. I watched the CISA CBT Nuggets videos at about 1.7x speed and took 600-700 practice questions from the ISACA CISA database. I intended to read the review manual but was very busy at work and home and since I was doing well on the practice questions, I skipped the manual altogether. Risky, but I was lucky enough to pass in the top 5 percent.

Experience should be taken into account in how much you study and perhaps how well you are doing on the practice questions.

wearingmyrolex

Gents, can you help me with this question please?
Dear All,

I'm not hard of learning

I'm CISSP plus a number of other things, a CCIE candidate, yet for the life of me I cannot work out how to use the CISM Review Manual..

I've tried reading it like a book. It's dry and pretty awful. I've left it this late to prep for my December 14th 2013 seat as I've had other commitments.

I'm just not sure how the Section 1 and Section 2 work? Logic tells me to read and digest Section 2 only. I have no idea how/why I would need to digest the task statements to the knowledge statements and if we will actually be tested on that portion?

Silly question, but I'm stuck. I WILL pay it forward in the future if one of you clever people helps me. I plan on reading 12 pages per day and testing using the official 900 q-set; covering the materials twice.

Help!

packetlog

Hi Rolex,
Luminox fan here.

Agreed that ISACA Review manuals are a bit dry. I am doing CISA this year, so I have only CISA Review Manual. I read Section One: Overview as a preview to what is to come (it is appropriately titled, in my opinion). I skip the TS -> KS mappings. However, I read KS Reference Guide and note the Key Concepts and I know that there is gold in them somewhere and I should dig in those surroundings. With this high-level 30,000-foot overview, I then dive into Section Two: Content.

So, use Section One as a pedagogical aid to digest Section Two and you will be fine. Don't get hung up!!

Best regards and good luck to your endeavor,
pkt

wearingmyrolex

Hi Pkt,
thanks for your reply. I'm a few days in now and I still can't stand to have to read this awful review manual.. but I'm persisting. I realize if I force myself to read just 5 pages per day, TWICE, I can complete the manual in 30-odd days and still get a lot of 900q engine time.

I know understand why so many people leave this to the last minute, it's because it's awful..

Good luck on the CISA! I hope to take that next year, another driver to pass 1st time on the CISM

I'll be sure to review the KS ref guide as you suggested. There has to be something there, as you say, otherwise the nice people at ISACA wouldn't have included it.. surely...