🌟 I’m thrilled to share that I’ve earned the CISM (Certified Information Security Manager) from ISACA. You can view my achievement on Credly.
🌍 This journey has been both challenging and rewarding, filled with extensive study and deep dives into security governance, incident management, risk management and information security programs.
🚀 I’m proud to have achieved this important milestone in my career. I look forward to leveraging these skills and expertise to drive impactful security initiatives and contribute to the community.
💡 Achieving the Certified Information Security Manager (CISM) certification is about much more than adding a line to your resume. It transforms how you approach, communicate, and prioritize security solutions with a business-centric mindset. After completing CISSP from ISC2, it’s clear that CISM has been one of the most impactful certifications, giving me a structured approach with business priorities always top of mind.
🏢 The exam itself wasn’t necessarily tougher than CISSP. The approach is different, though. But the CISM exam can be very tricky as not all questions have a strictly correct answer. Most of the questions are subjective. Often, it’s a case of choosing the most correct answer or the least wrong answer. Thinking like a manager or understanding the business context/requirements will help you choose the correct answer.
“Success is not the destination; it’s the incredible journey of pushing your limits, embracing challenges, and celebrating every small achievement all the way.”
💼 No certification can replace actual work experience and knowledge obtained from getting your hands dirty. At the same time, certification prep can help in expanding your knowledge.
👉 What do I notice every time I take a certification :
– The quality of my work has improved
– I am more engaged with my work
– I am faster at performing my job
– I have decreased errors in my work
The CISM Mindset:
- Think like an Information Security Manager
- Human life is always the most important
- Everything we do supports the mission of the business
- Metrics allow control objectives to be met
- IS Governance = Board of directors
- IS Program = Board of directors or equivalent gov body
- Dialogue is a KEY
- Involve stakeholder in collaborative dialogue, understand their needs, face-to-face
- Security addendum = terms and conditions – NOT additions
- It’s generally accepted that CISO reports to COO (not to CEO)
- A problem statement describes the problem in business terms
- A problem statement has 2 parts
- the description of possible events
- the optic that the organization is negligent
- Always to align with the business
- Always choose a collaborative approach
About CISM materials:
I especially thank Thor Pedersen. All materials he provides on Udemy are truly amazing :
- CISM Video Boot Camp 2024 (Domain 1-2-3-4)
- All domains 150 Question CISM 2024 (Serie #1, #2, #3, #4) ==> 4x 150 = 600 questions
My others ressources and materials:
- All-in-One (AIO) CISM Bundle Second Edition by Peter Gregory including
- AIO CISM Exam Guide (including end-of-chapter questions)
- AIO CISM Practice Exams (300 questions
- Free access to CISM TotalTester : Online practice tests (325 questions)
- Free CISM Quick Review Guide (40 pages)
- ISACA online QAE (Question, Answer and Explanations) : around 1200 questions
🙏 Good luck to everyone who is revising for the CISM exam or to those who will attempt the CISM exam soon. It isn’t impossible.
