learnings from failure, a journey to ISACA CISM

my first attempt at the Certified Information Security Manager (CISM) exam went exactly as my trainer said it would...

failed by 3 points

my second attempt went spectacularly bad, way worse than before...

confidence deflated

see when my manager suggested ISACA CISM in our first 1:1 i eagerly enrolled in NTUC LearningHub after looking for the best CISM trainer :)

i promptly took the exam a week after the 5 day course... BIG mistake 1

armed with being trained by the best and reviewing answers on ExamTopics, i'd expected it to be an easy multiple-choice exam just like many others i'd taken in the past

overconfidently i retook the exam a month after failure... BIG mistake 2

ISACA fortunately had a built in OVERCONFIDENCE Breaker :), i wasn't able to retake the exam until 6 months passed...

after all i'd led partners thru some of the most ground breaking cybersecurity moments fighting ransomware since 2017, together with my CyberCrime Watch community work and 5 years of CISO engagements in Public Sector & Enterprise Commercial, i was too sure of myself

but that's just confidence, not reality... Learning 1

what got me here, did not get me there

working full time in a cybersecurity role gave me opportunities to practice overcoming my imposter syndrome (yes don't doubt)... i volunteered to lead a vTeam at Microsoft working on co-creating a whitepaper on personal data protection supporting customers & partners helping them comply with regulations coming into effect. To my surprise the CISM concepts came alive... i was able to apply policies, standards, procedures, guidelines and relearning from exposure to folks way more trained and experienced than i

the current cybersecurity landscape is changing, yet the CISM concepts still apply... Learning 2

i realized CISM isn't some theory that cannot be put into practice... on the job to CISOs it matters and managing risks, it's critical that it mattered to the people entrusted with organizational security

hope to encourage others, having failed?twice... here's what not to do

1. Don't schedule the exam first then study with a due date locked in your mind, i focused too much on this deadline. Just study till ready then book the exam stress free.
2. Don't just review your weak domains, i did that twice and failed. Instead focus study based on weightage of domain tested.

Only after my 2nd failure did i join ISACA Engage and here's what helped me

1. my study group hosted by my NTUC LearningHub CISM cohort, participated in Q&As. One of my study?buddies gave emotional support and sent questions i could answer correctly, it's a confidence boost money can't buy
2. i signed up for the community "CISM Exam prep" digest & appreciate reading members QOTD answers?to questions posted by Donald & Oliver
3. first thing every morning i do a set of CISM QAE practice test still fresh after a quick shower i do another set and stop?
4. ISACA community folks who suggested Prabh Nair's Youtube, OMG Thank You i?kid you not, his scratches i can't read but his clarity is amazing
5. even my wife recognizes when Kelly Handerhan speaks, i'm watching Cybrary Live! #CISM Part1-4, i pause it often to review what i see and the many examples explained?
6. i used what i learned from ISACA's?policy, standards, procedures & guidelines. Repeating often the definition & examples with cybersecurity practitioners helped open my eyes seeing what i learn come to life

as far as i'm concerned i am at the start of a long journey and at every turn i meet people so much more advanced in this field yet i know i can rely on so many of my ISACA members, you who have gone ahead, Thank You!