After I passed the CISM exam late last year, ISACA offered to let me share my experience of how (and why) I chose to become a CISM, and what I did to accomplish my goal. I hope this article provides some useful ideas to help you go after your professional development goals, as well.
Why the exam mattered to me
GSWS is a small business that provides cybersecurity and compliance-related services to other small and mid-size organizations in the Southern California region of the U.S. Our clients include optometrists, dentists, CPAs, attorneys, etc. – I mention this because our work environment isn’t like that of a lot of other CISMs, who are employed by much larger organizations.
Our clients are woefully unprepared for the type of cyber risks they face on a daily basis. They are highly skilled within their respected trades, but they have no clue when it comes to understanding cybersecurity. They rely on us to provide this knowledge, experience and solutions. I needed a way to ensure my skills were of a high level and communicate our qualifications to clients and prospects in an easy-to-understand way.
I was familiar with www.cyberseek.org, but when revisiting the site, I saw how highly the CISM and CISA certifications were recognized. I had recently joined ISACA and passed the CSX-F exam, which gave me some degree of familiarity with how ISACA works. That’s when the CISM and CISA certifications became the obvious choices for me. I chose to go after the CISM first.
How I studied
In preparing for the exam, I used the following resources:
Depending on your budget, select what is best for you. I was fortunate to have access to all these resources.
Some additional recommendations to help you prepare for and pass the exam:
- Get involved in your local ISACA chapter. Your local chapter is a great resource for support from experienced peers who want to see you succeed.
- Understand the principal intent of the domains covered. Many times in dealing with a cybersecurity issue, we are faced with more than one option, so the goal is to select the best option. Questions on the exam are set up in the same manner.
- Don’t shoot for a perfect score. I suppose some of you can score an 800, but perfection is not necessary. The exam’s intent is to show that you have an understanding and competency – not perfection.
- Use the ISACA online Question Review Database. The database includes 1,000 questions, tracks your progress, allows customization of questions by domain, number of questions, more difficult questions, etc.
- Study when you are in different moods. Try studying and taking practice tests when you are fresh, tired, happy, sad, stressed, relaxed, etc. While it’s inevitable you will have more anxiety on test day, seeing questions with different mindsets ahead of time helped me mentally prepare for anything.
- Practice real test simulation exams. As it gets closer to your exam date, use the online Question Review Database to take some tests under conditions that mimic the actual exam – for example, four hours to answer 150 questions. That will build your mental calluses for the big exam.
I hope this helps. I’m scheduling for my CISA exam in April and studying for that now. My preparation for the CISA is identical to what I’ve described in this article. Good luck to you!