Hello everyone, I'm Jay, and in this article, I will share my experience and insights on how I successfully passed the CISM (Certified Information Security Manager) exam. Having recently obtained my official results, I'm excited to guide you through my journey. Before we begin, let me clarify that this article is specifically tailored for those who have already completed the CISSP certification and are considering further certifications or exploring the field of information security management.

After obtaining my CISSP certification from (ISC)² in October, I embarked on the path to achieving the CISM credential. For the next six weeks leading up to the CISM exam, I dedicated consistent preparation time of two to three hours daily. If you're interested in learning more about my CISSP journey, I have written an article detailing my experience, which you can find in the link below.

When I completed the CISSP, I contemplated what to pursue next. I reached out to Thor Peterson, a renowned instructor, and purchased ISACA's Question, Answers, and Explanations (QAE) database. Thor suggested that with my CISSP background, focusing on the QAE database would be sufficient preparation for the CISM exam, potentially requiring two to four weeks of study. Intrigued by this approach, I became an ISACA member, acquired the QAE database, and began my focused CISM preparation.

Initially, I scheduled my exam for November 13th, but unforeseen circumstances disrupted my preparation, making it impossible for me to meet the deadline. Rescheduling the exam multiple times, I finally settled on December 23rd, three days before Christmas. As the exam date approached, I realized I had only completed less than 20% of the extensive QAE database, equating to approximately 1300 practice questions. It was a daunting realization, but I didn't want to postpone again, as I hoped to enjoy the holiday season without the burden of exam preparation.

Despite my time constraints, I decided to take a calculated risk and proceed with the exam. Unfortunately, when I attempted to reschedule within the 48-hour window, I discovered that I had missed the opportunity. Left with no other choice, I embraced the challenge ahead and intensified my preparation efforts during the final two days. Incredibly, I managed to answer around 900 to 1000 practice questions, making the most of the ISACA QAE database.

The advantage of relying solely on the ISACA QAE database became evident. The questions in the database closely mirrored the ones presented in the exam, not identical but similar in style and structure. If you possess a background in information security and have management-level experience, the QAE database should serve as an adequate resource for your CISM preparation. While having completed the CISSP may enhance your readiness, it is not a prerequisite.

I believe my extensive experience in information security, combined with my CISSP background, played a significant role in my success. The CISM exam is known for its challenging nature, especially when compared to the CISSP. However, depending on your own experience, knowledge, and personal aptitude, the ISACA QAE database might provide sufficient preparation.

Stay tuned for the next part of this article, where I will share my exam day experience and provide valuable insights into how I managed the CISM exam. Remember, careful planning and utilizing appropriate resources are key factors in achieving success in any certification journey.

Insights into the CISM Exam and Conclusion

Completing the CISM exam turned out to be a relatively straightforward experience. Unlike the CISSP, the CISM exam was not as challenging or complex. With 150 questions to be answered within four hours, it required careful consideration, but it lacked the level of difficulty I had anticipated. The questions mainly focused on selecting the best or most appropriate answer, without excessive trickery or ambiguity. The preparation I had done, including answering around 900 to 1000 practice questions from the ISACA QAE database, proved instrumental in my success.

On the exam day itself, I completed a practice test before starting the official exam. In the practice test, I achieved a score of approximately 85%, which provided me with confidence going into the real exam. During the CISM exam, I scored around 80-85% in the domains, slightly lower than my practice test results. However, it was still a solid performance that showcased the effectiveness of the ISACA QAE database.

The exam was conducted remotely, and the entire experience was seamless. I made sure to prepare a clean and organized workspace, ensuring that the proctoring process would go smoothly. The remote proctoring required presenting two forms of identification, and I was granted a total of three breaks during the exam. While I did experience a sense of boredom during the exam, I used the breaks to step away from my desk, grab a cup of coffee, and recharge.

Regarding additional resources, I had purchased courses from Thor Peterson and other materials, but due to time constraints, I couldn't go through them. Instead, my focus solely remained on the ISACA QAE database, which ultimately proved to be sufficient for my preparation.

After completing the exam, a message appeared on the screen indicating that I had passed. The official results arrived ten days later, confirming my success. Subsequently, I began preparing my application for verification, a necessary step in obtaining the official CISM certification. Additionally, I continued accumulating Continuing Professional Education (CPE) credits, both for the CISSP and CISM certifications, as part of my ongoing professional development.

In conclusion, the CISM exam is not as grueling as the CISSP, but it still requires diligent preparation and a solid understanding of information security management. Depending on your background, experience, and whether you have completed the CISSP certification, the ISACA QAE database can serve as a valuable resource to prepare for the CISM exam. Remember, careful planning, utilizing appropriate resources, and leveraging your experience are crucial factors in achieving success in any certification journey.

Thank you for reading this article. If you have any questions or feedback, please leave them in the comments below. I wish you the best of luck in your upcoming exam, and please do share your exam experience with me. Have a wonderful day!


Leave a comment