ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Why (and How) I Passed ISACA’s CISM Exam

Why (and How) I Passed ISACA’s CISM Exam

David Tuckman, CISM, CSX-F, HCP, President & Owner of Golden State Web Solutions (GSWS)
| Posted at 3:03 PM by ISACA News | Category: Certification | Permalink | Email this Post | Comments (10)

David TuckmanAfter I passed the CISM exam late last year, ISACA offered to let me share my experience of how (and why) I chose to become a CISM, and what I did to accomplish my goal. I hope this article provides some useful ideas to help you go after your professional development goals, as well.

Why the exam mattered to me
GSWS is a small business that provides cybersecurity and compliance-related services to other small and mid-size organizations in the Southern California region of the U.S. Our clients include optometrists, dentists, CPAs, attorneys, etc. – I mention this because our work environment isn’t like that of a lot of other CISMs, who are employed by much larger organizations.

Our clients are woefully unprepared for the type of cyber risks they face on a daily basis. They are highly skilled within their respected trades, but they have no clue when it comes to understanding cybersecurity. They rely on us to provide this knowledge, experience and solutions. I needed a way to ensure my skills were of a high level and communicate our qualifications to clients and prospects in an easy-to-understand way.

I was familiar with, but when revisiting the site, I saw how highly the CISM and CISA certifications were recognized. I had recently joined ISACA and passed the CSX-F exam, which gave me some degree of familiarity with how ISACA works. That’s when the CISM and CISA certifications became the obvious choices for me. I chose to go after the CISM first.

How I studied
In preparing for the exam, I used the following resources:

Depending on your budget, select what is best for you. I was fortunate to have access to all these resources.

Some additional recommendations to help you prepare for and pass the exam:

  • Get involved in your local ISACA chapter. Your local chapter is a great resource for support from experienced peers who want to see you succeed.
  • Understand the principal intent of the domains covered. Many times in dealing with a cybersecurity issue, we are faced with more than one option, so the goal is to select the best option. Questions on the exam are set up in the same manner.
  • Don’t shoot for a perfect score. I suppose some of you can score an 800, but perfection is not necessary. The exam’s intent is to show that you have an understanding and competency – not perfection.
  • Use the ISACA online Question Review Database. The database includes 1,000 questions, tracks your progress, allows customization of questions by domain, number of questions, more difficult questions, etc.
  • Study when you are in different moods. Try studying and taking practice tests when you are fresh, tired, happy, sad, stressed, relaxed, etc. While it’s inevitable you will have more anxiety on test day, seeing questions with different mindsets ahead of time helped me mentally prepare for anything.
  • Practice real test simulation exams. As it gets closer to your exam date, use the online Question Review Database to take some tests under conditions that mimic the actual exam – for example, four hours to answer 150 questions. That will build your mental calluses for the big exam.

I hope this helps. I’m scheduling for my CISA exam in April and studying for that now. My preparation for the CISA is identical to what I’ve described in this article. Good luck to you!


Re: Why (and How) I Passed ISACA’s CISM Exam

Congratulations David on passing your CISM. Good luck on your attempt at the CISA exam.

I want to highly recommend the ISACA's online CISA & CISM Review Question Database. The question database completely drills you and prepare you for the exam setting.
Shemrick9585 at 2/4/2018 11:41 AM


Let me congratulate you in the good work and also mention you are a motivation and example to me as am preparing for my Exam

Tebogo664 at 2/5/2018 1:40 AM


I congratulate you and wish you more success.
MOSES824 at 2/6/2018 2:17 AM


I congratulate you and wish you more success.
MOSES824 at 2/6/2018 2:17 AM


Many more successes in future and thank you for sharing this inspiring story! Anthony
Anthony718 at 2/6/2018 3:12 AM


Congratulation and thank you for the encouragement. I have also passed the CISM in December 2017 and now I'm preparing for CISA.
Paul379 at 2/6/2018 4:58 AM


Good to know that you passed your exams at first attempt and can now best serve your clients with value that ISACA confers on its certification holders.

Your success is a big encouragement to all exam takers.

Wishing you the best in future endeavours.
AYOKUNLE469 at 2/7/2018 12:55 AM

Congratulations !!!!!

Congratulations and thank you for encouragement.
Vidhan Kasture
Vidhan190 at 2/7/2018 4:23 AM


I agree with David post here.

I passed CISA in Dec 2017 and CISM last week. Both passed at first attempt.

 For CISM apart from ISACA prep material and question bank, I read a couple of times all chapters of CISM Certified Information Security Manager All-in-One Exam Guide
by Peter H. Gregory

These exams question challenge and test your maturity. If you have Operations/Security experience, its easy. You need focus, patience to pass these exams. The content/domains are not the complexe. Since I had CISSP, i had a good foundation to clear these.

I thoroughly enjoyed preparing and taking the tests.
Abdul454 at 4/24/2018 10:48 AM

Thank you for sharing

I just got back from testing center and followed your recommendations for CISM and preliminary response is passed. Looking forward to seeing my results and applying for the certification.

Next stop CISA for me and will follow the same study regime for it.
Essa158 at 7/2/2019 5:24 PM
You must be logged in and a member to post a comment to this blog.