CISA
Certified Information Systems Auditor
What is the CISA?
CISA â âCertified Information Security Auditorâ is a qualification from ISACA that is a world-renowned standard of achievement for those who audit, control, monitor and assess an organisationâs information technology and business systems.
What IT careers can this qualify you for?
The CISA certification goes a long way to help you enter the field of IT auditing. This certification qualifies you for many lucrative jobs in the cybersecurity field. You can get many security auditing jobs and much more! The salary can range from ÂŁ40k to over ÂŁ150k (These figures are in the UK, the US is even more!!). Having the CISA qualification gives you a basic overview of the skills you will need to be in this field.
The CISA certification will give you the skills to conduct or pass an audit.
How will this blog help me?
This blog up is designed to help you pass the CISA exam in around 6 months with little to no auditing experience. If I can do it I know you can too.
Is it technical? Can anyone pass?
Surprisingly, CISA is not a technical exam, you do not need to know how to code or have technical skills. If you are not technically minded then this career might be for you. Also, most technical people eventually transition into GRC roles, as they are high up the company ladder and often are managerial\executive type of roles. So naturally, if you want to hit the top of the corporate ladder you will need to understand what auditing is and how it affects your company service/product.
My background⊠(not extensive)
Newbie here, I have just over 1 yearâs experience in IT. I have been tinkering with and using computers all my life. However, I only started in an auditing role in early 2021. I was asked to study for the CISA exam and I managed to pass the exam in 6 months.
When I started studying for the exam I had zero knowledge of compliance, I didnât even know regulations existed! I honestly thought you could build software and code at home and sell it to a hospital (or other business) with no checks. How silly I was. However now, I understand that there are regulations you have to be compliant with for the hospital to even consider you! You need to have a disaster recovery plan, you need to have a business continuity plan and much more!
Can you Imagine a patient's data loss right before surgery? This could impact human surgery or treatment, maybe even kill someone!
What is the exam like? (Spoiler â multiple choice)
The CISA exam consists of 150 multiple-choice questions which you have 4 hours to complete. You have 4 choices with each question. The CISA exam is written by ISACA. EVERY EXAM IS DIFFERENT. The questions do not test your knowledge of the content but give you scenarios to test how you would apply the concepts learned. It can be tricky but with a good study schedule, you can easily pass. Approaching the CISA exam with no experience is probably the best thing to do (in my opinion) because the exam is very different to real-world audits, often you can learn bad habits from experience that will affect your answers.
How do you even study?
One of the first steps is to obtain the official and latest ISACA study material! Do not do what I did⊠I messed up at this step, I bought the WILEY study guide 4th edition which was for the 2016 version of the exam. I didnât realise they had updated it exam to a 2019 version⊠After learning the outdated book and doing all the WILEY question banks I felt confident. I booked my exam and 3 days before my exam I was doing some last-minute prep and I realised that there was a newer 2019 version of the exam! My study book and the materials I was using were outdated. I delayed my exam by 6 weeks and bought the latest study materials and started from the beginning.
Around 80% of the content from the 2016 version was the same as the 2019 version, so I only had to fill the gaps in my knowledge. I proceeded to study and finish the newer book which took me about 3 weeks. I then spent the last 3 weeks doing all the questions I could get my hands on. I bought the newer question bank and did all 1000 questions. I would do 200 at a time and revise weak areas until I fine-tuned my knowledge and felt ready for the real exam. I sat the exam feeling even more confident because I had studied the correct materials and finally passed!
Did you read the book? Take notes? How!?! I hate books.
Me too. Normally, I am a hands-on learner. I prefer being taught or shown. I find it very difficult to sit down and absorb knowledge from books. However, I found a very good amazing method. To be honest with you, I had not formally studied anything in over 7 years. So I had to learn how to learn all over again. My method is very efficient and I am going to share my secret with you.
Secret study technique⊠Shhh
There are 5 steps to take and it is important you read the book using this technique so you absorb all the knowledge you can. You can use this method for any book in whatever field. The first thing you do is commit to doing a certain amount of pages, maybe even a whole chapter. I personally used this method per chapter â so for example for the first chapter, you do the following:
Flip through each page beginning to end, look at each page but DONâT READ ANYTHING. Just look at the pictures and diagrams, and look at how the text is layered, look at the titles without reading them. Once you get to the end go back to the beginning of the chapter.
2. Secondly, go through the chapter and this time flip through each page and only read the titles and headings. DO NOT READ ANYTHING ELSE! Only bold titles and bold subheadings.
3. Thirdly, go to the end of the chapter and read the whole summary and the questions for that chapter. Do not look at the answers only the questions.
4. Now go through the chapter again this time reading the titles, subheadings, and the first and last sentence of each paragraph. Only the first and last! This should give you a summary of each topic. As often the first sentence introduces the topic and the last summarises it.
5. Finally, go through the whole chapter taking notes and thoroughly trying to understand and learn the concepts.
If you just did step 5 which is what most people do, you will struggle.
Why this works
Flipping through the chapter gives you a mental map of where everything is, reading the titles and subheadings puts things into place, and you have a basic idea of what is coming up, whatâs next and what topics are in that chapter.
Reading the summary and questions gives you a strong idea of what the important concepts are for that chapter. Knowing what questions are asked will allow you to focus on whatâs important and negates the useless information in the chapter. Also, the summary gives you an overview of the chapter which is important. Reading the first and last sentence introduces all the ideas and concepts in the chapter, this will give you an insight into the concepts and you will already have some information before approaching that concept or learning area.
Finally, the last step is important, you need to do this well, but all the previous steps build up to this and now you have a very good idea of what is important to focus on and what you need to do to answer the questions correctly.
Using this method definitely works, I strongly advise you to use this method. Mapping out the chapter mentally, understanding what the important parts are and knowing what types of questions will be asked will definitely help you pass.
ISACA âofficiallyâ recommends you have 3-5 years of auditing experience before taking the CISA exam, using my secret study method you will not need that.
I hope this blog has helped you and good luck with your CISA exam.
Last updated