Editor’s note: Nobody in the world has as many ISACA certification as Jorge Carrillo, PhD, LLM, who has attained a whopping 10 ISACA certifications: CISA, CISM, CRISC, CGEIT, CDPSE, CCOA, ITCA, CET, AAIA and AAISM. Carrillo, a privacy engineer at Privacy Tech who resides in Czechia, visited with the ISACA Now blog to reflect on how his wealth of certifications has impacted his career, the ways in which his motivations and study habits have evolved, and where he commemorates his extensive array of credentials. Learn more about ISACA certifications here.
ISACA Now: There are many thousands of ISACA-certified professionals in our community – how does it feel to know your 10 ISACA certifications are the most in the world?
While achieving a high number of certifications, including the 10 ISACA ones, was a personal challenge, the true reward isn’t the number itself, but the journey of continuous learning and the application of that knowledge across diverse regulatory landscapes. Having worked in places like the UK, Czechia, and globally, with various cultures and legal frameworks (GDPR, EU AI Act, PCI-DSS, SOX, NIS2), the certifications have helped me navigate the complexities of digital trust.
ISACA Now: Let’s go back to your first ISACA certification. When was it, what motivated you and when did you know you wanted to keep going?
My first formal certification journey started with CISA in early roles in IT audit during my time at Deloitte. My motivation was from two angles: I needed to ensure the “practical and actionable guidelines” and understand globally recognized best practice, and secondly, as a personal challenge, I wanted to validate my foundational knowledge. The moment I knew I wanted to keep going was when I started teaching. I realized that the depth and breadth provided by multiple certifications would enable me to offer more practical, real-world guidance to my students and ensure that I keep my knowledge up to date.
ISACA Now: Of all 10 ISACA certifications you have attained, what was the most challenging for you to prepare for?
I find it difficult to determine which one was the “toughest” certification; each certification has something unique. For instance, the CCOA demanded hands-on proficiency in practical skills, while AAISM was challenging due to the need to understand entirely new AI-specific risks, governance and strategy. Therefore, each program pushed me outside my existing expertise, which I enjoyed a lot.
ISACA Now: Have your study habits stayed pretty consistent over the years or have you evolved your approach?
My study habits have definitely evolved. Early on, especially during my PhD, it was a deep, solitary dive into a specific domain. However, as I transitioned into other roles my approach shifted from learning to pass to learning to teach and apply. Now, my studies are highly pragmatic and focused on real-world impact. My approach is now less about individual effort and more about cross-functional collaboration.
ISACA Now: How has the knowledge from across all of the digital trust disciplines combined to shape your expertise and your career path?
My career has evolved from IT auditing and risk to deep dives in privacy and AI. Therefore, any of the certifications that bridged these disciplines were a challenge all the time because it wasn't just about memorizing facts; it was about integrating knowledge from diverse areas. The combination of disciplines—governance, risk, compliance, privacy, AI, and security—is the foundation of my entire career. My work is literally defined by this integration.
ISACA Now: Is there a physical spot in your home where you commemorate all of your certification success?
My “commemoration spot” isn't a wall of certificates; it's the bookshelf filled with foundational texts, course materials and the notebooks I used for my studies. :-)
ISACA Now: Beyond the actual exam content, what insights or life lessons have you experienced through your certification studies?
The most profound life lesson is the power of persistence in the face of a self-imposed challenge. Attaining 10 certifications became a deeply personal goal and taught me that complex, long-term objectives are best conquered by breaking them down and maintaining momentum, which is a skill equally applicable to managing large, multidisciplinary European projects.
ISACA Now: What are your professional goals for the future?
My primary professional goals are centered on influencing the evolving landscape of digital trust.
ISACA Now: When you’re not working or preparing for a certification exam, what are you most likely to be doing?
When I step away from work and studying, I am relaxing and enjoying my family, walking the dog.
