How Is the Exam?
A quick way to say goodbye to a lot of money is to do the exam.
The cost aside, it is a four-hour long exam during which you are not allowed any breaks. I did mine using the online proctored method due to COVID-19 but doing it online, you cannot take bathroom breaks or have a glass of water. You also cannot look away to rest your eyes as the proctors give you a warning to look at the screen.
The questions are all multiple choice with only a single correct answer. Most questions are worded reasonably OK-ish but there are questions which have been poorly written. I found the right answer to be generally obvious in most questions but there were a few that made you think really hard. The key for passing the exam is to keep reminding yourself that you are not a security engineer. You are a business person in charge of managing risk or educating the business on risks associated with activities/processes/etc and let the business decide how to handle the risk.
I believe I finished my exam in just a little over two hours. There is certainly no need to panic and rush through questions. You also have the option of marking a question and reviewing it at a later stage.
Overall, I give this exam a difficulty rating of five out of 10.
Passed the Exam?
Great! But you are not certified yet. You need to pay another $50USD, download some forms and prove that you have on the job experience in the four domains of CISM. This process took 7 weeks for me! Granted, the first 3 weeks were wasted as I had ticked the wrong check-box, but instead of being made aware in the first few days, it took ISACA 3 weeks to let me know. There were also certain standards based on which they accept signed PDF documents, and that process took a little time too. Overall, seven weeks before I had an email saying welcome to the club 🙂