From Cyber newbie to passing CISM
![Image [2].png](https://images.squarespace-cdn.com/content/v1/5f8d7158fb75357c804b8262/1603110350950-Z9FKOPOUKTHT02G19KJ4/Image+%5B2%5D.png)
1, What is CISM?
One of the Top 5 IT certs in 2020, per Forbes. Indeed. Globalknowledge.
Along with CISSP, the gold-standard for CISOs and Security leaders
One of the most challenging exams - a 4hr marathon of tricky questions where you need to perform under the constant watch of a remote proctor (online)
2, Story
2019 I found myself venturing in a treacherous market. Although I had good wins early and acquired major accounts, the goalposts were constantly being moved due to the fast-changing rules and new entrants offering services at a loss. At times, not only the business wasn't getting paid on time, but I also had to chase up fees as clients moved away to a different provider or sold their license to another business. Got exposed to an E-comm project and some friends encouraged me to maybe get a job and explore the Tech world. I did not study IT but decided to give a crack. If it's the future, I will do it. Back to school.Phillimon Zongo further pointed me to Cybersecurity "it is the best timing to join", and generously brought a copy of “The Five Anchors of Cyber Resilience” for me to get an understanding of the industry, which I devoured soon as hands were laid.
Lesson:
Face the reality and have the courage to adjust and move forward. As Steve Jobs says, Don't be trapped by dogma, your background, or limiting beliefs.
Play the Blue Ocean - where you invest your effort is more important than the amount you put in.
3, Job
Looking at the Job description “xx years of experience in Cyber/SaaS”, people had doubts. Yet Kunal the recruiter saw the gold in me, and Jimmy the hiring manager appreciated the entrepreneurial experience, grit, and the attitude of doing whatever it takes to get things done.
But it wasn't straightforward - after 4 interviews, an extra round of presentation was added in to see how quickly I can actually pick up the products. I dug deep even into investor reports and did well.
Bede the ANZ MD commented “the effort certainly came through - I have never seen someone who can know this much without working here for one day“ .
A text message came in the afternoon confirming me as the preferred candidate over others with more experiences. A good package was offered, which I took and outperformed KPI consistently, from day 1.
Right at the start, Phil guided me with a goal, "one year will pass in no time. CISM gives you a good understanding of Cyber and credibility." The plan was to spend the first 6 months focusing on Tenable/Vuln management and 6 months studying towards CISM.
That was Aug 2019.
Lesson:
Embrace the opportunity to demo you have what it takes to get the job done, even if it means an extra round of presentation.
If meant to be, it will be. Work for someone who believes in you and make them look good.Set goals early and chip away daily. Time sneaks away like a Ninja.
4, One-yr Process
![Image [8].png](https://images.squarespace-cdn.com/content/v1/5f8d7158fb75357c804b8262/1603110120278-W0XQXHDA6PL1RVOYSW1U/Image+%5B8%5D.png)
Life seems to suggest, the best way of doing anything is doing it well. Go deep, grasp the whole system and scale. Let it pay you dividends in the long term. Being proactive also means you are in control.
"RDP, CI/CD, Container."
From time to time you'd come across a number of tech terms and acronyms. Don't be put off by the names. Keep in mind they were created to serve humans. The essence is easy to understand and always good to use examples. For eg, Container, just a more "compact" virtual machine run by a computer to deliver a function. Like a clean phone installed with just "Chrome" dedicated to web browsing. Or a tiny house with the same living function but a smaller footprint.
On the job, constantly collect Questions. Prioritise based on the 80/20 rule. And get them answered gradually with researching and asking smarter colleagues.
If a customer is open to a chat, I would go beyond just the products and learn about other challenges and what moves them on/off the job.
Outside work, put aside 1-2 hr for studying. Use a course like Thorteaches, read the manual, and do the official Questions until you know clearly why CISM was created and you are whom CISM is designed to represent. Take notes in your own words and with examples.
Lesson :
Key thinking - Tech in essence are easy to understand. Start from the human needs they serve ("why") and use relatable examples.
Collect new terms and quickly build a baseline with 80/20 rule. 20% of the knowledge will produce you 80% of the result.
Understand the CISM manual and practice questions until you can reason each of the answers. Can you feel sure you will pass before the exam? 100%.
In a world increasingly marked by cyber warfares and rigid rules, there is warmth in human endeavour and support.
#ColdCyberWarmHuman
