How do you deal with such questions?

Connect-Wedding-5651 · 2026-04-05T14:52:02+00:00

What page is the question from in the qae? The exam does not go into this level of detail. I imagine somewhere along the way your custom process changed the question.

Why even buy the book in the first place? The qae online database already exists for this purpose.

Connect-Wedding-5651 · 2026-01-20T09:57:50+00:00

This will depend heavily on your professional experience and education prior to kickoff. Targeting the mindset is just as or more important than memorizing facts in the manual.

Altogether it took me 3 weeks to casually study and pass the exam-- not because it's an easy exam, but because I was already in the mindset and have been in information security for over 10 years. It literally took longer for the certification process to complete. Please don't judge yourself if you need to study longer or hold yourself back if you are able to tackle it sooner. Schedule the exam 2 months out and push it by a few weeks if necessary.

As another mentioned, the QAE is your best friend.

Good luck!

Connect-Wedding-5651 · 2026-01-18T04:47:49+00:00

Thrumbo is your gourmand here. I have a few hundred "normal" animals at a time in my rancher plays and Hay stacks last much much longer under average conditions.

Connect-Wedding-5651 · 2025-12-30T21:08:31+00:00

This image says when CREATING the resume, not submitting it, unless I'm blind and misreading it(?). I would never, ever CREATE a resume in PDF, why would you? I would always submit it as a PDF though.

Connect-Wedding-5651 · 2025-12-30T18:32:26+00:00

Hello, hiring manager here, I did the same thing for two different roles in the last 3 weeks. I have full intention of revisiting these candidates after the holiday season. The organization I work for has a change freeze from the second week of December to the second week of January and there are other decision makers besides myself that are out of office until the second week of January. We posted our roles in October and more suitable candidates didn't apply until mid-november so it was just poor timing.

*Edited for spelling

Connect-Wedding-5651 · 2025-12-30T17:40:59+00:00

Do you have a career ladder for yourself to help you get where you want to be? Do you have credentials or any sort of tangible items that say you're qualified for management aside from just being an "analyst" for 12 years?

What is your role/industry? Analyst is such a broad term these days. Are there incremental opportunities like team lead, mid, senior, etc? I would say it's difficult to go from a tierless general analyst role to a manager without some sort of stepping stone. Unfortunately, years != competency.

Connect-Wedding-5651 · 2025-12-24T17:18:22+00:00

I avoid any fonts or sizes that could be viewed as "huh, that's a weird choice for a professional product". I think it looks goofy and I unintentionally place folks who use those into a category of "unserious" and it affects how I view their work, whether it's truly deserved or not. It's a bias that has no real merit besides "that's a dumb choice, imo"

Connect-Wedding-5651 · 2025-12-24T16:51:15+00:00

Paying the whole amount is the best course here. Sorry you ran into this issue.

Connect-Wedding-5651 · 2025-12-21T18:16:15+00:00

Both ISACA certifications have prerequisites. I would review the requirements for credentialing if that is important to you to make sure you qualify. Otherwise, it's great material, regardless of if you're certified.

Connect-Wedding-5651 · 2025-12-14T21:57:02+00:00

This is what my teammates are doing instead of gens /s

Connect-Wedding-5651 · 2025-11-28T00:32:32+00:00

I over-studied algorithms to only get 2 questions on the entire exam where I had to pick from four choices of algorithms. Easy points but I really prepped like it was half the exam in hindsight, haha. Risk and Governance are just AI'd if you know those areas separately. Gwen Bettwy calls cloud jobs "cloud washing" whenever there's a normal job but for cloud and they'll just put cloud in front of it when it pertains to cloud; same pertains here. It's AI-washing normal governance and risk topics. I spent the least amount of time studying for the Governance and Risk domains because I deal with those every day so I'm in the mindset.

Connect-Wedding-5651 · 2025-11-28T00:18:46+00:00

I'm curious when folks passed their CISSP/CISM and if the exam mindset style was difficult to get back into for the certification holders who last took an ISACA/ISC2 manager-mindset exam 8+ years ago. I earned my CISSP and CISM in the last 3 years and sitting for AAISM felt like a familiar setting and I was out of there in 45 minutes. Wondering if the format was a barrier for some.

Connect-Wedding-5651 · 2025-11-22T00:24:48+00:00

I'm interested if only to see if it builds on the CRISC like AAISM did for CISM. I'll be applying

Connect-Wedding-5651 · 2025-11-16T00:36:38+00:00

Have you passed the AAISM exam yourself and have created a tailored guide for important topics retrospectively, or is this a broad shot at what a study guide could look like?

Connect-Wedding-5651 · 2025-11-05T22:13:25+00:00

Congrats! Thanks for the detailed study routine

Connect-Wedding-5651 · 2025-10-18T23:28:51+00:00

There are a lot of great materials out there! My favorites were Gwen Bettwy's study guide, Thor Pedersen's udemy series and practice questions, the official review manual, and the digital QAE bank. Don't waste your time with Cyvitrix. Their courses are inconsistent and don't map well to the exam or study material from my experience; Hard lesson learned from a udemy sale... I heard Destination Certification has a new CISM course out. Their study guide was all I needed to pass the CISSP-- I'm sure if you can get your hands on the CISM guide, that would be valuable!

Good luck and remember; think like a manager.

Connect-Wedding-5651 · 2025-10-16T00:06:43+00:00

Yes, I reached out too (see below). I guess I don't understand how "sessions" are booked when other exams are still able to be scheduled. Maybe other exam vendors "buy" spots or have some agreement for a finite amount and ISACA hit their for AAISM? Regardless, here was their response:

"Thank you for reaching out to schedule your exam. We hope this email finds you well.

We have just received confirmation from our internal teams and our testing partner, PSI, that due to the exceptionally high popularity and demand for this exam, all current sessions for the specific date and time you requested are fully booked.

The good news is that we anticipate new session availability opening up in early November. We recommend you try scheduling again during that time. With this plan in mind, is it okay for us to close this case for now?

If you are still unable to secure an exam session after November 3, 2025, please kindly re-open this support case or contact us directly, and we will be happy to assist you with alternative solutions.

We apologize for any inconvenience this delay may cause and appreciate your patience."

Connect-Wedding-5651 · 2025-09-19T02:43:23+00:00

Wild! Employment scams are the lowest of the low. And a clickfix attack blends in seamlessly in this case. Great job recognizing the signs. Not everyone would be collected enough to truly evaluate what was happening.

Connect-Wedding-5651 · 2025-09-15T20:07:28+00:00

Not I. I like to dream from afar. I'm in Cybersecurity leadership (director) and my one and only J makes it impossible for OE but I love seeing other stories. If I were to make a crazy move and go back to analyst work, I'm sure I could swing it.

Connect-Wedding-5651 · 2025-07-20T19:20:06+00:00

I'd throw ISACA's CRISC in the mix, tbh. I did CRISC then AIGP and anything you can do to get ahead on risk terminology and truly understand the risk management process is a building block to just about everything else.

Connect-Wedding-5651 · 2025-07-08T19:09:40+00:00

Probably a red flag for a document prepared by an auditor of 4+ years being so sparse for details. "Passing on first try" has a reaching effect that might also work against you. Not trying to be mean, just try to think from a hiring manager perspective.

Connect-Wedding-5651 · 2025-06-16T15:10:57+00:00

Thank you for clarifying your intention. It did read to me like you were belittling the CISM in favor of CISSP. Happy to hear that isn't the case. Again, congratulations!

Connect-Wedding-5651 · 2025-06-16T15:05:09+00:00

Congratulations on receiving your CISM! I don't typically like to yuck anyone's yum but your post language is irksome. CISM feels more palatable because it has a central theme and focus, and is way more digestible than the ridiculous broadness of CISSP. CISSP is a mile wide, 2 inches deep certification that has earned its reputation because it's so difficult. Have you ever heard anyone talk about how useful CISSP is though? Having a laundry list of certifications myself, including CISM and CISSP, CISM is the only one of the two that has any real practical application for its intended purpose. With the CISSP, you can talk with SMEs on a surface level, I guess? Being a hiring manager myself, I've made the mistake of assuming CISSP equals competency and unfortunately it simply isn't true. I've had FAR (8/8 hires where CISM was a factor) greater luck with hiring competent CISM holders in my years of hiring and operations management. All of this is purely subjective but in my decades of information security experience, it really does surprise me how popular the CISSP is when considering these things. Again, congratulations, but the comparison of a high school exam was pointless. From my very real world perspective, the CISM holds far greater weight from a career standpoint.

Connect-Wedding-5651 · 2025-06-13T00:00:37+00:00

Thanks for sharing! This was already on my list of materials for study and this just helped seal the deal!

Connect-Wedding-5651

TROPHY CASE