Bruce Passed ISACA CGEIT Exam on 26th November


After studying for 35 hours within 12 days (from 2018/11/15 to 2018/11/26), I cleared the ISACA CGEIT (Certified in the Governance of Enterprise IT) exam today. Because of distractions, I spent only 35 hours in a period of 12 days.

I used the following study materials:

For experienced managers, MBAs or entrepreneurs, I believe it won’t take you too much time to study these two.

This exam is one of my favorites. Even though it is not as well-known as CISA or CISSP, it really helps. I highly recommend CISSPs sit for this exam if management position is one of your career choices.

I’ve achieved my annual goals as the following:

  • Milestone #1: PMI + CISSP
    • 2018/04/09 ACP
    • 2018/04/27 PBA
    • 2018/06/19 CISSP
    • 2018/07/10 RMP
  • Milestone #2: ISACA
    • 2018/07/24 CISM
    • 2018/08/13 CRISC
    • 2018/08/28 CISA
  • Milestone #3: ISC2
    • 2018/09/07 CCSP (originally scheduled on 2018/09/14)
    • 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
    • 2018/09/25 CISSP-ISSEP (bonus)
  • Milestone #4: EC-Council
    • 2018/10/09 CEH (originally scheduled on 2018/10/15)
    • 2018/10/12 ECSA (originally scheduled on 2018/10/29)
  • Bonus Exams:
    • 2018/10/21, PSM I
    • 2018/10/23, ISO 27001 LA
    • 2018/10/27, PSPO I
    • 2018/10/28, PSD
  • Final Optimization
    • 2018/11/06 CISSP-ISSMP
    • 2018/11/14 CISSP-ISSAP
    • 2018/11/26 CGEIT


Bruce Passed ISACA CISA Exam on 28th August


CISA Cleared!

After another 50-hour study in 2 weeks (from 2018/08/14 to 2018/08/28), I cleared the ISACA CISA exam today. The following is what I used to prepare for this exam:

Milestone Achieved!

It’s about time to declare I’ve achieved my second milestone for 2018.

  • Milestone #2: ISACA
    • 2018/08/28 CISA
    • 2018/08/13 CRISC
    • 2018/07/24 CISM
  • Milestone #1: PMI + CISSP
    • 2018/07/10 RMP
    • 2018/06/19 CISSP
    • 2018/04/27 PBA
    • 2018/04/09 ACP

Long Way to Go!

I am still on my way to build my profession on information security and the coming milestones are as follows:

  • Milestone #3: ISC2
    • 2018/09/14 CSSLP
    • 2018/09/28 CCSP
  • Milestone #4: EC-Council
    • 2018/10/15 CEH
    • 2018/10/29 ECSA


Bruce Passed ISACA CRISC Exam on 13th August


To pass the CRISC exam, I spent around 50 hours in 3 weeks (from 2018/07/24 to 2018/08/13) studying the following materials:

Candidates have 4 hours to complete the 150-question exam; It takes me 3 hours to nail it, 2 hours for answering questions and 1 hour for review.

The risk management discipline is still evolving and it takes time to get yourself acquainted with the terminologies used in CRISC. There are even some conflicts or inconsistencies between risk management methodologies.

Just follow the official CRISC review manual and questions from ISACA. It would be the most efficient way to pass this exam.

Bruce Passed ISACA CISM Exam on 24th July


After passing CISSP and PMI-RMP on 06/19 and 07/10 respectively, Bruce provisionally passed ISACA CISM exam today (07/24). The exam is completed in 100 minutes.

It takes around 40 study hours to nail it. The preparation materials are listed as follows:

  1. CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition
  2. YouTube Videos: Isaca CISM Real Exam 1~6
  3. Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Ed.
  4. NIST Special Publication 800-61 Revision 2 (Computer Security Incident Handling Guide)
  5. CISA Review Manual, 26th Edition
  6. CRISC Review Manual, 6th Edition
  7. CGEIT Review Manual, 7th Edition
  8. Organizational Project Management Maturity Model (OPM3) Knowledge Foundation
  9. The Standard for Portfolio Management
  10. The Standard for Program Management

I really love the exams from ISACA. They are management-centric, or more specifically, they are for CIOs, CISOs, or Information Security Managers. Exam candidates should have solid foundation about Governance, Strategic Management, Risk Management, and know some technical stuff at conceptual level.

Frankly, CISM is not so challenging for business people, while technical guys would have to spend some time in studying the business stuff. This exam is all about concepts and principles. Don’t just memorize without understanding how the business world works. Some questions are tricky and you have to distinguish the minute differences between the answer options.

Some final words:

  1. Business always wins
  2. Align with the organizational objectives and strategy
  3. Don’t forget risks
  4. Know the current situation before taking any actions
  5. Know the Roles and Responsibilities