20th February 2024, Australia.
I am passionate about information security and constantly strive to update my knowledge and skills. Last year's Christmas break, I decided to take two ISACA certifications - CISM (Certified Information Security Manager) and CRISC (Certified in Risk and Information Systems Control). These certifications are highly respected in the industry and provide valuable information on information security management and risk management that security professionals can apply to their work.
To achieve these certifications, I adopted a laser-focused approach rather than planning and preparing for months. I booked the CISM exam for January 4th and the CRISC exam a week later on January 10th. I don't recommend this approach to everyone, but it worked for me because I have a M.Sc. degree in Cyber-Forensics and Information Security and ten years of experience in various security domains. There is no right or wrong approach to preparing for an exam; the best way is the one that you feel comfortable with. However, I believe that setting an end date by booking the exam can make the target a very real one to pursue.
Studying for both exams was challenging, especially while balancing work and home responsibilities especially caring for my 3.5-year-old son with my wife. However, with focused effort and families support, I managed to clear both exams. For CISM, I read the official ISACA Official CISM Review Manual and the Certified Information Security Manager Exam Prep Guide by Hemang Doshi. I also had access to the CISM Questions and Answers (QAE) Database, which was exhaustive and simulated questions like the ones in the exam. For CRISC, I read the CRISC Exam Study Guide by Hemang Doshi and attempted the questions at the end of each chapter.
I felt nervous when attempting both exams because the financial cost was several hundred dollars. However, I tried to remain calm and focused on reading and answering the questions to the best of my knowledge. When taking the exam, I recommend staying focused and rereading the questions. If your attention wavers, acknowledge it and return it to the exam. I found the CRISC exam more challenging than the CISM exam, but I took a small break before the end and then returned to the flagged questions. Although the exams were stressful, I was relieved to see the "Passed" message at the end of both.
I received the official results for my CISM and CRISC certification exams the following week. My total scaled score for CISM was 592, and for CRISC, it was 594. After that, I filled out the certification application form and listed my current and previous managers as references to verify my experience. Thanks to their prompt responses, my application was quickly confirmed, and I received verification badges via email. ISACA will send me physical certificates and certification pins in a few months. With these new credentials, along with my previously earned Certified Information Systems Auditor (CISA) certification, I can proudly showcase my expertise in the field. It's a great way to start 2024.