I failed today on first attempt did not go thorough ISACA official content , only online content /dumps and mike Chappell book, you video is informative , now i know where i went wrong
I was in the Infosec CISM bootcamp last week and that question you posted was in the practice exam. Thank you for addressing the "ISACA mindset"!!! Having been in IT for 3 decades+, it is really hard to view things from a business perspective.
I'm so glad I found your video. I am studying for the CISM after getting the CISSP last year and really appreciated your explanation of the differences between the two. As I work for a relatively ruthless company myself, I'll make sure to answer the questions with them in mind. 😋 Thanks for the other video recommendations as well. I had not found his video series before now, but Hemang Doshi also has a book that I bought so I now know it is worth using.
Congrats! :-) I took the PRINCE2 Foundation exam at home last year and it worked out well. I tried with the CompTIA Sec+ at home, but the system didn't work. I tried again a couple of weeks later and passed at a quiet training center near here. I have 20 years of web dev experience, so even if I don't have a ton of cybersecurity experience, I plan to go for the CISM late this year. Thanks for the tips!
Thanks for sharing your information on CISM especially since I’m about to attempt the exam. I’m not sure if this is your latest video on it but to clarify what you was going over at around the seven minute mark in terms of ISACA is more about loyalty Can be summarized as you have to have a business mindset approach to Cybersecurity while maintaining understanding of cyber security fundamentals. One has to stand back understand what does a company want and work with the company in order to stay within their scope of work but keeping your team informed so they can help you come to a right decision. ISC2 on the other hand focuses more on IT team and the cyber security team when it comes to delivery of services and information. It is more of a bottom up approach.
I disagree with you on the question when you are comparing the two different mindsets. In this approach, policy development is central. Using an ISC2 mindset, the formulation of a policy is intricately connected to considerations of law, compliance, and regulation. meaning, such a policy inherently includes and reflects the law.
Let's get a ranking video of difficulty for your certifications that you have! I take my PMP at the end of this month. I currently have Sec+, CEH, and ITIL4
8:00 Just think about it - how should people know whats the law? Especially in an international company - which country's law should the employee follow? How would employee know about the applicable law? That's why companies' management systems are based on *policies.* These policies are derived from Risk Assessments. Legal Risk Assessment drives implementation of legal requirements into company's policies and processes.. Employees just need to lookup the company policy - an internal resource, without wondering what are the legal requirements in particular country. That's the policy owner's responsibility to ensure that the policy complies with applicable legal requirements.
Another viewpoint would be that a company policy could easily go above and beyond what the law asks. If you only followed the law, you might be missing half of what your company wants you to do to protect its customers or business interests.
Aloha Cameron! Congratulations! Well done. My question is regarding the ISACA Question and Answer database. I purchased it last month and it has been great. My question and I believe you answered it at minute 8 - do the questions from the database match the actual exam questions. Are the exam questions a straightforward - one sentance question or does the exam come at you with a 2-3 paragraph scenario type question? Thank you!!
Thanks for this video. I'm considering this certification and since I am not from an IT background (business development, software development, operations), I was a little concerned. I am working as a cyber-security operations management so I wanted this certification to help me.
I’m planning to begin studying this week. How many hours/weeks should I be investing until being ready to write the exam? Based off your experience, of course.
Thank you for your video and sharing your experience. I took the CISM exam yesterday and I passed! no results yet so it will be a long 10 business days. I would like to ask you for a recommendation on what certification should I aim for now. Thanks!
Thanks for the information. man that Udemy one for CISA from Hemang is just terrible! Sounds and presentation are worse! Not sure why you recommend ed it
I don't deny your reasoning and I believe that gaming the law may happen though I've never witnessed it personally, but I chose "according to policy" for the opposite reason. Some laws only scratch the surface of what is ethical, because in most cases technology is years ahead of what law makers have decided to write into law about the technology. Oftentimes law makers don't even understand the technology well enough to conceive of a law about a piece of tech, because they may only have a background in politics or law. So companies will often go above and beyond to prove that they acted as ethically as possible when they are brought to court one day.
Another "for instance" here is that the law only requires that person or business retain tax records going back 7 years. Well a business may not necessarily want to destroy their accounting records regarding tax at the 7 year mark, because they want to keep track of their company growth 25 years down the line.
I see what you're saying. I guess it depends on which law and what data. For example, GDPR requires companies to delete personal data if that data belongs to an EU resident and they want it removed. This would be an example of data needing to be handled according to law, but a company (like Facebook) may choose to ignore the law because they still want to use the data anyway. In that case, they'll likely the accept the risk of fines and reputational damage, and instead continue to use the data according to their own policy.
I like your channel it's very helpful and has a lot of knowledge. And i do hope you will achieve all your goals truly. I would like to ask you a question tho. I am 33 years old i just came to the USA 4 months ago. And i plan to work in IT. I don't unfortunately have tracked experience but i do know may way around tech. And i do hear a lot about ageism in tech. Is it too late for me to take the comptia trificate route and land an entry level job in helpdesk or suchlike to start my career ? Thanks in advance for your enlightenment ✌🏻 ☮️
It's never too late to change careers. You might make less than your previous job since you're starting over in a new career, but that's about it. I haven't personally experienced a lot of agism working in tech. When I first started, my co-workers were between 18 to 56, and most had little to no IT experience either. I think agism comes more into play when people talk about USING the latest tech (like TikTok, ChatGPT, etc). Even then, I wouldn't worry about it. You're more likely to be judged on your personality and willingness to learn something new vs how old you are. Good luck!
Thanks. You can waive 2 years if you have the CISSP, CISA, or a masters degree in IT. If you don't have those, you can waive one year for a bachelors in IT, a year of IT management experience, or a security certification (like the CompTIA security+).
Most people use Sophia because it's cheaper, but also because there might be few classes that are easier to do at Sophia than WGU. Unlike WGU and SDC, Sophia exams are not proctored either.
You have to fill out an application (it's $50). Similar to the CISSP, you'll just need to put your work experience and who ISACA can contact to confirm that the information is accurate. It can take a couple of weeks for them to verify everything. When I submitted the application though, it was approved within 8 hours.
Congrats man but the QAE is a waste of money for all those out there thinking about it. Youre better off actually studying then drilling questions. Its 300$... if it was $50 maybe but 300$ no way. I took my CISM right after CISSP with no study.
I’m about to begin study for the CISM and I thoroughly enjoyed this video. I was just about to buy Hemang’s course on udemy before deciding to further research study guidance but you’ve confirmed it. Thanks so much for your thoughts and guidance. Hope you passed the CISA 😊
I've started watching Hemang Doshi's CISM course based on your recommendation and it's by far the best resource I've found to date. Thank you
I failed today on first attempt did not go thorough ISACA official content , only online content /dumps and mike Chappell book, you video is informative , now i know where i went wrong
I was in the Infosec CISM bootcamp last week and that question you posted was in the practice exam. Thank you for addressing the "ISACA mindset"!!! Having been in IT for 3 decades+, it is really hard to view things from a business perspective.
You're welcome and good luck on the CISM!
How did I miss your channel Cameron, you are a great mentor, Thanks a lot man. Wish you the best
This is one of the better videos like this (I.e., cert overview) I’ve seen.
I'm so glad I found your video. I am studying for the CISM after getting the CISSP last year and really appreciated your explanation of the differences between the two. As I work for a relatively ruthless company myself, I'll make sure to answer the questions with them in mind. 😋 Thanks for the other video recommendations as well. I had not found his video series before now, but Hemang Doshi also has a book that I bought so I now know it is worth using.
Congrats! :-) I took the PRINCE2 Foundation exam at home last year and it worked out well. I tried with the CompTIA Sec+ at home, but the system didn't work. I tried again a couple of weeks later and passed at a quiet training center near here. I have 20 years of web dev experience, so even if I don't have a ton of cybersecurity experience, I plan to go for the CISM late this year. Thanks for the tips!
Thanks for sharing your information on CISM especially since I’m about to attempt the exam. I’m not sure if this is your latest video on it but to clarify what you was going over at around the seven minute mark in terms of ISACA is more about loyalty Can be summarized as you have to have a business mindset approach to Cybersecurity while maintaining understanding of cyber security fundamentals. One has to stand back understand what does a company want and work with the company in order to stay within their scope of work but keeping your team informed so they can help you come to a right decision.
ISC2 on the other hand focuses more on IT team and the cyber security team when it comes to delivery of services and information. It is more of a bottom up approach.
Cameron, congratulations! That is a wonderful acheivement.
Thanks!
Watching your journey has been inspiring. Can you make a vid on your process of finding employment pls?
Thank you for this video. This will be my next Cert in 2024
Congrats e thanks for sharing! I'll take this exam in, probably, 3 months. So, the tips at the video are gold. :)
Congratulations!!
Thanks!
I disagree with you on the question when you are comparing the two different mindsets. In this approach, policy development is central. Using an ISC2 mindset, the formulation of a policy is intricately connected to considerations of law, compliance, and regulation. meaning, such a policy inherently includes and reflects the law.
I agree. You wouldn’t want a single security individual interpreting the law. Those legal considerations would be reflected in the policies.
Hey🎉 Congratulations on passing the CISM 🎊 ! Since finding your channel, I’ve been heavily considering doing the BSCIA degree @ WGU as well!
Thanks!
Let's get a ranking video of difficulty for your certifications that you have! I take my PMP at the end of this month. I currently have Sec+, CEH, and ITIL4
That's a great idea. Thanks for the suggestion and good luck on your PMP!
Congrats!!!
Congratulations 👍
8:00 Just think about it - how should people know whats the law? Especially in an international company - which country's law should the employee follow? How would employee know about the applicable law? That's why companies' management systems are based on *policies.* These policies are derived from Risk Assessments. Legal Risk Assessment drives implementation of legal requirements into company's policies and processes.. Employees just need to lookup the company policy - an internal resource, without wondering what are the legal requirements in particular country. That's the policy owner's responsibility to ensure that the policy complies with applicable legal requirements.
Another viewpoint would be that a company policy could easily go above and beyond what the law asks. If you only followed the law, you might be missing half of what your company wants you to do to protect its customers or business interests.
Congratulations!
Thanks!
Congrats!
Thanks!
Congrats i just got done finishing all my sophia learning classes for my computer science degree at 16
Nice!
Aloha Cameron! Congratulations! Well done. My question is regarding the ISACA Question and Answer database. I purchased it last month and it has been great. My question and I believe you answered it at minute 8 - do the questions from the database match the actual exam questions. Are the exam questions a straightforward - one sentance question or does the exam come at you with a 2-3 paragraph scenario type question? Thank you!!
Thanks! Most questions are scenario based and are at least 2-3 sentences long.
Did you ever find out if the questions from the practice exam are the same on the exam?
Thanks for this video. I'm considering this certification and since I am not from an IT background (business development, software development, operations), I was a little concerned. I am working as a cyber-security operations management so I wanted this certification to help me.
Thanks for the video!
Hi Cameron, can I ask you how many questions did you get correct and how many questions you didn't answer? Thanks a lot
I’m planning to begin studying this week. How many hours/weeks should I be investing until being ready to write the exam? Based off your experience, of course.
Hello, excuse me, is necessary to read all Manual Preparation 16va edition? or the Q&A book is a best option? tkm in advance.
Thank you for your video and sharing your experience. I took the CISM exam yesterday and I passed! no results yet so it will be a long 10 business days. I would like to ask you for a recommendation on what certification should I aim for now. Thanks!
I’m planning to begin studying this week. How many weeks did you prepare for and how many hours a day?
What are the questions like compared to CompTIA? Any PBQ? I have Security+ and CYSA+
Thanks for the information. man that Udemy one for CISA from Hemang is just terrible! Sounds and presentation are worse! Not sure why you recommend ed it
Spitting facts subbed
I don't deny your reasoning and I believe that gaming the law may happen though I've never witnessed it personally, but I chose "according to policy" for the opposite reason. Some laws only scratch the surface of what is ethical, because in most cases technology is years ahead of what law makers have decided to write into law about the technology. Oftentimes law makers don't even understand the technology well enough to conceive of a law about a piece of tech, because they may only have a background in politics or law. So companies will often go above and beyond to prove that they acted as ethically as possible when they are brought to court one day.
Another "for instance" here is that the law only requires that person or business retain tax records going back 7 years. Well a business may not necessarily want to destroy their accounting records regarding tax at the 7 year mark, because they want to keep track of their company growth 25 years down the line.
I see what you're saying. I guess it depends on which law and what data. For example, GDPR requires companies to delete personal data if that data belongs to an EU resident and they want it removed. This would be an example of data needing to be handled according to law, but a company (like Facebook) may choose to ignore the law because they still want to use the data anyway. In that case, they'll likely the accept the risk of fines and reputational damage, and instead continue to use the data according to their own policy.
Overall, I think it's just a bad question lol. That's also how I immediately knew it had to be an ISACA question.
I like your channel it's very helpful and has a lot of knowledge. And i do hope you will achieve all your goals truly. I would like to ask you a question tho. I am 33 years old i just came to the USA 4 months ago. And i plan to work in IT. I don't unfortunately have tracked experience but i do know may way around tech. And i do hear a lot about ageism in tech. Is it too late for me to take the comptia trificate route and land an entry level job in helpdesk or suchlike to start my career ? Thanks in advance for your enlightenment
✌🏻 ☮️
It's never too late to change careers. You might make less than your previous job since you're starting over in a new career, but that's about it. I haven't personally experienced a lot of agism working in tech. When I first started, my co-workers were between 18 to 56, and most had little to no IT experience either. I think agism comes more into play when people talk about USING the latest tech (like TikTok, ChatGPT, etc). Even then, I wouldn't worry about it. You're more likely to be judged on your personality and willingness to learn something new vs how old you are. Good luck!
congrats, do you know if there is any way to waive the work experience requirement?
Thanks. You can waive 2 years if you have the CISSP, CISA, or a masters degree in IT. If you don't have those, you can waive one year for a bachelors in IT, a year of IT management experience, or a security certification (like the CompTIA security+).
Is there any benefit in doing Sophia first ? They say it’s cheaper but I’m not really paying for the tuition the Air Force is. Should I still do it
Most people use Sophia because it's cheaper, but also because there might be few classes that are easier to do at Sophia than WGU. Unlike WGU and SDC, Sophia exams are not proctored either.
I would definitely do Sophia first.. it's worth it and such a huge time saver when you can get a large chunk of classes out of the way!
What books did you used for the CISM
Mike chapple
How long did it take you to study for the exam?
I passed. I didn't know about the maintenance fee annually.
Congrats on passing your CISM exam!
What are your thoughts on the Review Course ISACA offers?
I didn’t know Herman Dosh is also an authority in CISM. I used him to clear my CISA. Let me quickly run away from Thor
Is there a way to contact you personally i missed it by 3 points
LOL, ISACA are auditors. They go more to GRC and Compliance think Cobit and ISC2 is more on the security side
How endorsement process goes ?
You have to fill out an application (it's $50). Similar to the CISSP, you'll just need to put your work experience and who ISACA can contact to confirm that the information is accurate. It can take a couple of weeks for them to verify everything. When I submitted the application though, it was approved within 8 hours.
Congrats man but the QAE is a waste of money for all those out there thinking about it. Youre better off actually studying then drilling questions. Its 300$... if it was $50 maybe but 300$ no way. I took my CISM right after CISSP with no study.
The book version is around 150$, and you can get a library to purchase it.
Fair, but I could say the same thing about spending $575/$760 to take the CISM without studying for it.
I’m about to begin study for the CISM and I thoroughly enjoyed this video. I was just about to buy Hemang’s course on udemy before deciding to further research study guidance but you’ve confirmed it. Thanks so much for your thoughts and guidance. Hope you passed the CISA 😊
Venga ahora cada 3 años a volver a certificarse, a seguir engordando el negocio.
Congrats!
Thanks!