CISM application

I have already described my experience of taking the CISM exam .

But ISACA is a serious organization, and they believe that the monkey can also pass the exam. You need to confirm your experience .
In principle, the approach is commendable. Just a bit unusual for post-union spaces.

So, a little story about how I applied to CISM.

')
After passing the exam, an invitation came to confirm your experience. In the end there was a pugalka-postscript that someone who doesn’t do this until July will pay $ 50. Well, the desire to complete the case without enough of it, but still decided not to delay.

The task is to confirm in a cunning way that you have at least 5 years of experience in various areas of information security. It turned out nesmekoy work.

So, detailed instructions are given here: Requirements to Become a Certified Information Security Manager

The first step is to describe the main work, where you have gained invaluable experience in information security. Moreover, this experience should be very versatile - starting with the construction of a security strategy and ending with an elementary operating system (watch for incidents there, analyze risks).

The second step , optional, if you do not have enough direct experience. It is necessary to describe those works that are not directly related to information security, but according to the ISACA rules can be taken into account and added to the main experience. For example, related certification, study profile. In my case, it was an MBA with a thesis dedicated to building a global ISMS in an international company. They promised to take it into account for 2 years, I hope that it will work :) Otherwise, I may not have enough of the required 5 years of experience, depending on how these guys add up the numbers.

Further, the third step - you need to enlist the support of people who can confirm your experience.
Usually, these are managers or independent specialists who can confirm a) your spectrum of experience, your activities in information security b) the number of years / months you spent on all of this.

I had to explain a lot to my two "guarantors" from where-why. One of them (resident of Finland), just sent a signed scan by mail. The second was no longer working in my company, I had to get involved, drive up to his office ...

The final step is to put all the materials together and put a letter to ISACA. It turned out a rather lengthy letter - here there are scans of my diploma with a transcript, and the application form itself, and scanned leaves with signatures of verifiers.

Sent, now waiting.

By experience, at ISACA nothing happens fast, except for promotional paper. Said that for 8 weeks is checked.

PS I also thought of using this picture, inspired :)