I was recently blessed to have attained the highest CISM exam score in the world for the June 2016 sitting, and to be recognized at the 2017 North America CACS conference as a result.
It was an awesome experience to be honored on stage in a theater with 1,500 peers in the audience – something I hadn’t expected when I started out to attain the certification. Truth be told, I would have been happy to have received regional recognition.
How did I end up there? Well, I have to take you back to 2015, when I first started thinking about taking the exam. I “retired” in 2013 from full-time corporate work and hung out my consultant shingle. I focused on attaining the CISSP certification, as I thought this was needed to consult in the field. That experience, after years of not taking high stakes tests, was a jolt to my system. It brought me back to flash cards, material consumption goal-setting, test time management, etc. It was a grueling exam, but it wasn’t too long before I identified the need to focus on information security governance, risk management, and program development and management.
So, I decided to seek out a second infosec certification to help me focus. After some research, and learning that CISM is consistently listed as one of the top information security certifications and is listed as a DoD Directive 8570.1 Information Assurance Management Tier III-approved baseline certification, I made my decision.
Prepping for the exam
I searched the Internet for everything that I could find on CISM. Having been a grandfathered CISA early in my career, I was quite familiar with ISACA (and the EDP Auditors Association before that), and I was impressed with how much the organization had grown since my active involvement in the Philadelphia Chapter in the 1980s. I found and highly recommend reading Brian K. Johnson’s ISACA blog post, “Top Scorer Asks: Are You Ready for the CISM Exam?,” which I found very helpful.
One of the things that I did to assess my readiness was to take a weekend study course led by a chapter member who had scored highly at a previous setting. That two-day experience convinced me that I wasn’t ready to take the exam and that I needed to pick up the pace in my study schedule. It also made me realize that I would benefit greatly from purchasing a subscription to the CISM Questions, Answers and Explanations (QAE) database. I would drill almost daily, with my weekend study course leader’s words in mind, that I should not feel like I’m ready until I consistently scored at least 80% or higher.
When it came close to the day of the exam, I focused on little things, like reserving a room in the hotel where the exam was being offered, so that I didn’t have to worry about traffic the day of the exam, staying hydrated, eating a healthy breakfast, pacing myself during the exam so that I had enough time left over to go back and re-examine my answers, etc. And standard test-taking techniques apply, such as eliminating the obviously wrong answers first.
The questions themselves were, of course, not the same ones as in the study materials, or in the QAE database, but those materials helped me formulate the same logic approach to derive the intended answer. Remember, the exam is offered around the world, so everyone has to have a common understanding.
Don’t rely totally on your personal work experiences, but on the approach that the ISACA materials espouse, and you’ll be successful.
Editor’s note: For more information on pursuing CISM and other ISACA certification exams, view the ISACA Exam Candidate Information Guide.