THE CISA CERTIFICATION EXAM
THE CISA CERTIFICATION EXAM

A Personal Take

After four hours of intensive brain activity, I was done with the CISA certification exam. I said a quick prayer then clicked "Submit". An "Are you sure?" window popped up. Another quick prayer, then "Yes". One more "Are you sure?" window later (!), and I had successfully submitted. Then came the worst part - I had to engage in a ten-minute survey for ISACA (the testing body) while not yet sure whether I had passed the exam. In retrospect, I’d say that those ten minutes were pure torture as all I could think of was how my firm had paid top dollar for the CISA training and exam, sent us on a month's exam vacation to study, and how my training manager would chew me to bits if I failed.

I passed, so none of that happened (lol).


The CISA Exam

The Certified Information Systems Auditor (CISA) exam is one of the most popular infosec/audit certifications offered by ISACA. Yes, the "auditor" keyword means holders would do a lot of review-type "non-technical" work, however, reasonable information security knowledge is required to perform this role. The CISA curriculum itself is incredibly long and requires several man-hours to go over (the less said about the official manual, the better). Aspirants must then find a way to surmount this task. And I did just that.

A little context. This writer has spent a few years in the cybersecurity and technology audit industry. Specifically, most of the work I've done in my professional experience has revolved around helping clients manage technology risks. This experience most definitely gave me a better platform with which to understand the CISA concepts and pass the exam. Still, with the nature of the CISA exam questions, I was subjected to 4 hours of "Is-it-this-or-is-it-that" (CISA is all multiple choice questions).

Considering how challenging the CISA exam is generally perceived to be, this article would outline some of the (personal) steps I took to pass the exam. They may come in handy, so read along.


Passing the CISA Exam

Against general consensus, I would not particularly tag the CISA examination "difficult". However, from the onset, I'd say every CISA aspirant faces two major challenges:

1) The CISA manual is tedious, so good luck trying to read it like a normal textbook. You'd either get completely lost or fall asleep in no time.

2) You absolutely have to read (or reference) the CISA manual to have surefire confidence of passing the exam.

You see the challenge now? The official CISA manual is considered unreadable, yet you must study it to give yourself reasonable assurance (pun intended) of passing. So how did I go about this?

  • I found an excellent summary of the CISA curriculum: The website cisaexamstudy.com breaks down the CISA concepts into small chunks which are easier to digest (key points, if you will). I made extensive study notes from the website explanations.
  • I used the ISACA Question & Answer software/manual elaborately: Over a period of 4 weeks, I logged (approximately) 35 hours on the ISACA testing software. This allowed me to test my knowledge of the CISA concepts and have a feel of the CISA exam format.
  • I consulted the CISA manual: From my results in the practice questions, I isolated my areas of weakness and consulted the CISA manual to understand them in silos. This meant that I didn't have to endure reading the manual end to end.
  • I studied with colleagues: Studying with (and asking questions of) colleagues allowed me to appreciate the CISA concepts from different viewpoints (which turned out to be better than mine at times).
  • I returned to the CISA manual: After weeks of practice and studies (having got a very good grasp of all CISA concepts), I decided to read the CISA manual. The difference? Considering that I had already understood the main concepts, this was merely a revision and the CISA manual was easier to understand.


General CISA Exam Tips:

  • Read the manual. No matter what you do, find a way to read the manual.
  • Do not depend solely on the Q&A software/manual: Yes, they give a feel of the expected questions and the rationale for answering them, but those questions rarely ever come out in the exam. In my test, for example, only 3 (out of 150 exam questions) remotely resembled any of the over 1000 sample exam questions in the Q/A software/manual.
  • If you can, register with a CISA training agency: Don’t under-estimate how much organised training could contribute to your exam success.
  • Give yourself enough study time before the exam date: Because of the size of the CISA curriculum, you may want to allow yourself enough room to understand all the relevant concepts before entering for the exam.
  • If you can, have a study group with which you can discuss exam concepts.
  • Work on your exam endurance: The CISA exam lasts 4 hours, and you'd most probably be tired midway into the exam. You're better served if you consistently practice 150-200 questions in a timed exam setting to prepare yourself for what you would face. Personally, I finished all 150 questions in 90 minutes, took a short break, did a preliminary review for another 90 minutes, and a final review for 50 minutes.
  • Read the manual: You get the point already.

Finally (and against general consensus), this writer does not believe that the CISA exam is particularly difficult. Once an aspirant is able cross all T's and dot all I's, CISA is unveiled as any other normal certification: An easy-to-pass exam.

Good luck as you prepare!



by Okereke Onyekachi Fortune.

Click here for a guide to cyber security certifications.




PS

Passing the CISA exam was a community effort (for me at least). This writer would, therefore, like to appreciate a few people that contributed to the success.

In no particular order:

Rejoice: Taught me the very first things I knew in information systems (IS) audit. I was a recent graduate, and she the team lead on my very first IS audit project.

Wale: Worked with Wale after my project with Rejoice. Learnt a lot from him as well.

Ahmed & Laolu: "In-charge" and team lead (respectively) on my first cybersecurity implementation project. Working with them made introduction to cybersecurity interesting.

My Management: The training manager forced us to remain on our toes, my engagement manager ensured that I took out enough time to study and pass, and my Partner(s) provided an enabling environment to grow professionally. Gracias.

Richard & Emmanuel: Studying for the CISA exam with Richard and Emmanuel saw me go from consistently failing practice questions to consistently passing practice questions. Squad!

Bolaji: I've spent several man-hours performing web and mobile application reviews with Bolaji. Knowledge from those sessions obviously came in handy. He's also our first guest writer! Read his debut article here.

Temi & Olumide: My go-to cyber guys. Almost always have answers to my questions.

Richael: She really does give the best advice, and I needed lots of them while prepping for CISA.

Segun: "Kachi read the manual oh", Segun would always advise. I did, and it worked. Thanks.

AJ Silicon: Training agency I registered with. Their pre-exam review sessions were especially worth it.

My Family: No-brainer. I love and appreciate them.

Me: Congratulations Kachi.

God: As we say in this part of the world, "It's just God oh".