ISACA CISM: Why you should do it and how to pass the certification exam!

ISACA CISM: Why you should do it and how to pass the certification exam!

The current state of cybersecurity is quite simple: each day presents a new set of threats/vulnerabilities. Business have discovered – the hard way – the costs of not investing in an experienced InfoSec Team, and certifications such as ISACA’s CISM, Certified Information Security Professional.

This new perspective has been gradually changing the information security market, and papers like ISACA’s State of Cybersecurity: Implications for 2015 show that cybersecurity in general has been getting more support from upper management (really?) and bigger budgets (R U SERIOUS?). Paradoxically, there is a huge cybersecurity skill crisis, experienced professionals are short on the market.


ISACA – 2014

I agree that experience is something you only get on the field, but there are countless options in terms of professional certifications that should make you stand out in the infosec crowd. Personally, I always invested my time and resources on vendor free certifications, mostly from internationally recognized institutions like, ISC², EXIN e APMG. The results have been much better than I expected.


Source: ISACA

ISACA’s CISM, Certified Information Security Professional is one such case and one of most in demand certifications of 2016. Still unsure? Ok, look at this quick list of open positions that mention information security certifications:



If you already have some years of experience with information security and began thinking it is time for a managerial role, this certification is one of the best ways you could improve your resume. The exam itself may still looks a bit scary, but let me be clear: With adequate preparation and some dedication, anyone can achieve a great result on the first try.

I attended the CISM examination last June (2015), and here I share the methods and some practical tips I used for my preparation. Again, the results were excellent!

Read more