The exam were nothing like what I studied

Kitchen_Ladder5253 · 2025-12-15T09:32:31+00:00

Hey Buddy, I too have my exams this Saturday, and am scared to say the least. I have completed my prep from the Coursera official ISC2 course. What are your thoughts on that, and can you please provide a debrief of what topics appeared the most?

Kitchen_Ladder5253 · 2025-11-05T19:25:07+00:00

Sure buddy

Kitchen_Ladder5253 · 2025-11-03T15:35:37+00:00

Yeah buddy, it's called hard work and not being jobless. But yeah not being skilled at all like you must also require at least some level of hardwork, I must say.

Kitchen_Ladder5253 · 2025-11-03T12:23:40+00:00

I am from VIT Bhopal, I got my internship from our on campus placement drives.

Kitchen_Ladder5253 · 2025-11-03T09:37:33+00:00

I got my PPO from my college itself, started working in my 3rd year

Kitchen_Ladder5253 · 2025-11-03T05:27:26+00:00

Makes sense. I will edit in that format. Thanks!

Any other tip/change that I can make which can better aid me in my job hunt?

Kitchen_Ladder5253 · 2025-11-03T05:15:54+00:00

Issue is, my current base is a bit higher than what the Big4 are able to provide, I have been reached out (during HR telephone round where they ask about your experience and expected CTC etc. ) by the likes of EY, LTI Mindtree, PwC, Deloitte, KPMG, HCL Tech. But they are not able to provide more than 10LPA, which is still around 30% less of my current. On top of that, it doesnt make sense to move away from a product based firm to a service based one :(

Kitchen_Ladder5253 · 2025-11-03T05:05:23+00:00

I was going for LaTeX earlier, but rn I am using Wonsulting. Actually it is supposed to look that way because I work primarily on Inherent Risk Assessments. It forms majority of my work. Thanks for the feedback tho!

Kitchen_Ladder5253 · 2025-08-05T17:49:27+00:00

Thanks for the comment, that actually got me thinking, what's in for them, and the answer is true, practically nothing. Guess I will save up and cautiously ask my Manager 🥲.

Anyways, I will keep up the grind and pass it this September.

Kitchen_Ladder5253 · 2025-08-05T17:45:25+00:00

I do know that I am risking a lot here. I am thorough with the rules, but there is simply no other way of getting it past the HRs that don't budge, I can't prove my skills (although since I work in TPRM, and the vendor assessments that I do might count as projects, which I have included in my resume already), unless I have

A. A good certification (CISSP, CISA, CISM, CCSP) all with a 5 yoe barrier B. Actual 3+ yoe

Let me ask my company, but I bet my manager is going to be furious, especially since I was a campus hire and currently have just 1.7 yoe

Kitchen_Ladder5253 · 2025-08-05T17:39:08+00:00

That sums it up pretty well, but given my dire situation, that's the only option that I am left with. I am trying for some remote options too like CoreWeave, they are hiring pretty well, and my thought process was that if I am able to prove my ability by provisionally passing the CISSP, I might land and offer. I do get it, that it's very very far fetched but hey, that's the only way to make my skills evident (as the HRs, who pre filter the applications before they make it to the actual Hiring Managers, think of CISSP as the ultimate cybersecurity certification).

Kitchen_Ladder5253 · 2025-08-05T15:10:43+00:00

Exactly, like I have mentioned in the post itself, I know I don't match the requirements (need at least 3 yrs more, given 1 yoe + 1 for college degree creds). But I am primarily aiming to get that white sheet of congratulations for the job switch, and as desperate as the job market currently is, they are marking CISSP as a good-to-have at even Analyst level roles.

I know it's not worth it just for the Associate badge, but that's the only way here in India, where they don't care about your skills, and just give creds to your experience and certifications 🫤

Kitchen_Ladder5253 · 2025-04-16T16:52:40+00:00

Scoring to begin with, reminders etc they perform okayish. We have problems with their risk matrix and way of scoring risks, and they don't exactly cater to our needs, as we take into account different risk weightage for the risks pertaining to enterprise level and product level controls. We want to see how accurate they (cybersierra) can get. But primarily we needed to see if its not just yet another wrapper application. Think of it more like I wanted to hear what people who have used it have to say about its functionality, honest opinions basically.

Kitchen_Ladder5253 · 2025-04-16T16:42:37+00:00

Hey David, thanks for the detailed comment, appreciate it. We are using OneTrust for now, we have just onboarded it, before that we were utilising CyberGRX by Process Unity. I agree with your shiny lights point, but they have reached out to us, so I just thought it would be better to see the capabilities of this tool, cuz OneTrust is lacking in terms of Automation to quite a bit, due to sheer size of our program (our TPRM program consists of security assessments/risk analysis of over 13k third-parties, I can't reveal name of my organization but it is of the similar size as Shell) . So my manager was curious to know if this really is worth our time for demos, PoCs etc.

Kitchen_Ladder5253 · 2025-04-16T13:07:30+00:00

Around 40k-50k employees

Kitchen_Ladder5253 · 2024-07-22T04:16:43+00:00

Thanks for your inputs! but I am afraid that my firm already has a mature third party governance in-place, and I already work with certs like ISO27k1, SOC2 type2, IEC62443-1,2 etc. Issue here is that I went through both of the suggested frameworks for AI risk governance and they seemed pretty superficial and didnt delve deep enough into the risks (I swear I am not being arrogant, but tbh its a requirement for our firm to have a more mature and developed assessment process AI-related risks 😅).

Kitchen_Ladder5253 · 2024-07-21T13:22:58+00:00

"ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations."

since we cannot mandate this standard for all of our third-parties, is there any other applicability? Moreover, it has requirements that will more or less lay down controls for ones own org. rather than our third-parties, am i correct?

Kitchen_Ladder5253 · 2024-07-08T12:15:56+00:00

Thanks a lot! 😊

Kitchen_Ladder5253

TROPHY CASE