Dave Pearcy, a senior cyber security consultant at Savanti, recently took his ISACA Certified Information Security Manager (CISM) exam and passed
In Dave's own words:
While this might look like a massive attempt to promote myself (it is by the way), I thought it might be useful for others working in the cyber security industry, thinking of studying for some professional qualifications, to see my learning journey.
Which Qualification?
Obvious, I know, but the first and most important part of taking a qualification is deciding what qualification to take. Maybe you have an interest in a particular subject, maybe there's a requirement within your organisation, or perhaps there is an opportunity for free learning.
Whilst free learning is always welcome, I have taken several professional qualifications in the past and the most effective are ones I have had an interest in because these give you a fighting chance of getting a benefit. Whether that's a qualification or just useful learning.
If the organisation you are working for is asking you to take courses that you are not interested in (away from regulatory requirements) then I would question if this is the right organisation.
Savanti and FSP both encourage education, and it is fundamental when working in the cyber security industry that you keep re-educating and keep abreast of the latest security trends and technology advances.
Why did I choose CISM?
CISM offers a professional qualification that enhances current knowledge. The courses were free on Udemy, a learning platform that all Savanti employees have access to.
Savanti paid for my exam and membership but it benefits both of us. I have a new qualification and they have a better-informed employee with qualified skills. We both get to show off.
I don’t like studying or reading
Choosing the coursework is the easy part! Learning is where it can quite easily fall apart.
I don't like reading, sorry all you bookworms out there, it almost feels like admitting to social leprosy, but I don’t enjoy reading books.
My general approach to studying is to wait until the last minute and cram it all in. This is the method I used at school and for my PRINCE2, CISSP and MoR exams.
I do like to ‘learn on the job’
I am more likely to learn something if I’m doing it.
I like a good quiz
I love Trivial Pursuits and a good pub quiz. If you think of the exam as a big quiz then it makes it less scary.
My Approach
The first thing about approaching the coursework is understanding yourself. How do you like to learn? Because of my points above, I knew there was no point in investing in lots of books to read, no point in setting heavy study schedules that I wouldn't keep to.
Find the right course by checking what scope is covered in the exam. I found one that was:
Watching the course videos was a smallish chunk of my worktime and Savanti supported this.
Do's
Don'ts
The key to passing the exam is to understand the question formats, the more you practise these, the more you will have confidence for the exam. When you're hitting a regular 75% pass rate, you are ready for your big day!
My prep for the exam was simply to keep doing lots of questions. When watching football I’d be doing questions on my app, when on a train, doing some more questions. Keep doing the questions and reviewing wrong answers.
Exam day tips
Exams are different for different people. I like to stay chilled and treat them like the quizzes I do. Once finished I go through the questions again looking for silly mistakes, but not deliberating over decisions too much. You are just as likely to change a right answer to a wrong answer rather than improve your score,
ISACA seem to have some sort of witchcraft formula to work out if you have passed or failed as you usually find out straight away.
They think it’s all over…
Pass or fail, there is some relief to finishing the exam. Take some time to relax and perhaps don’t think about the questions for a while.
If you have failed don’t worry too much about it. These things aren’t easy on purpose. My advice is don’t give up! Hopefully your organisation will pay your exam fee again. It’s not a reflection on your job or the work you do, it's about how you learn and react to exam conditions.
If you pass it’s still not over because there is always the next one. Rinse and Repeat!
We'd be happy to support you on your journey, please get in touch info@savanti.co.uk or visit the chat function on our website: www.savanti.co.uk.