🌟 I’m thrilled to share that I’ve earned the CISM (Certified Information Security Manager) from ISACA. You can view my achievement on Credly.
🌍 This journey has been both challenging and rewarding, filled with extensive study and deep dives into security governance, incident management, risk management and information security programs.
🚀 I’m proud to have achieved this important milestone in my career. I look forward to leveraging these skills and expertise to drive impactful security initiatives and contribute to the community.
💡 Achieving the Certified Information Security Manager (CISM) certification is about much more than adding a line to your resume. It transforms how you approach, communicate, and prioritize security solutions with a business-centric mindset. After completing CISSP from ISC2, it’s clear that CISM has been one of the most impactful certifications, giving me a structured approach with business priorities always top of mind.
🏢 The exam itself wasn’t necessarily tougher than CISSP. The approach is different, though. But the CISM exam can be very tricky as not all questions have a strictly correct answer. Most of the questions are subjective. Often, it’s a case of choosing the most correct answer or the least wrong answer. Thinking like a manager or understanding the business context/requirements will help you choose the correct answer.
“Success is not the destination; it’s the incredible journey of pushing your limits, embracing challenges, and celebrating every small achievement all the way.”
đź’Ľ No certification can replace actual work experience and knowledge obtained from getting your hands dirty. At the same time, certification prep can help in expanding your knowledge.
👉 What do I notice every time I take a certification :
– The quality of my work has improved
– I am more engaged with my work
– I am faster at performing my job
– I have decreased errors in my work
The CISM Mindset:
- Think like an Information Security Manager
- Human life is always the most important
- Everything we do supports the mission of the business
- Metrics allow control objectives to be met
- IS Governance = Board of directors
- IS Program = Board of directors or equivalent gov body
- Dialogue is a KEY
- Involve stakeholder in collaborative dialogue, understand their needs, face-to-face
- Security addendum = terms and conditions – NOT additions
- It’s generally accepted that CISO reports to COO (not to CEO)
- A problem statement describes the problem in business terms
- A problem statement has 2 parts
- the description of possible events
- the optic that the organization is negligent
- Always to align with the business
- Always choose a collaborative approach
About CISM materials:
I especially thank Thor Pedersen. All materials he provides on Udemy are truly amazing :
- CISM Video Boot Camp 2024 (Domain 1-2-3-4)
- All domains 150 Question CISM 2024 (Serie #1, #2, #3, #4) ==> 4x 150 = 600 questions
My others ressources and materials:
- All-in-One (AIO) CISM Bundle Second Edition by Peter Gregory including
- AIO CISM Exam Guide (including end-of-chapter questions)
- AIO CISM Practice Exams (300 questions
- Free access to CISM TotalTester : Online practice tests (325 questions)
- Free CISM Quick Review Guide (40 pages)
- ISACA online QAE (Question, Answer and Explanations) : around 1200 questions
🙏 Good luck to everyone who is revising for the CISM exam or to those who will attempt the CISM exam soon. It isn’t impossible.
