TL;DR: Can’t recommend it until ISACA gets its shit together.

Took the exam last month and barely made it, honestly don’t think it was worth the 600 bucks for a certificate (note: not a certifica*tion*) considering the issues. I bought the study guide, Q&A bank, and the exam, which is everything basically.

# The Good

Being new to cloud, the study guide was a decent read. Learned some DevSecOps concepts, CSA stuff, and some good questions that auditors could pose to clients. Everything else was wasn’t that new to me as I am also CISSP, CISA etc.

# The Bad

Everything else honestly. The whole experience just left a bad taste in my mouth.

* The Q&A database didn’t show up in my account for weeks. I logged a ticket, and when that got ignored for a few days, I spoke with a CS person via the live chat, and they escalated my case which then got resolved in a couple of days.
* Study guide just felt like one big advertisement for ISACA and CSA offerings (i.e., COBIT, CCM, CAIQ, STAR program etc.). Which I totally get, since it is a collaboration to begin with. Still, it felt a little over the top.
* There were spelling and formatting errors in the study guide, and one of the knowledge check answers even gave the wrong justification explanation.
* The *actual exam questions* had freaking spelling and grammatical issues! It even made a couple of questions unnecessarily harder because I had no idea if it was asking for something past tense or present tense.
* Speaking of which, **the exam was hard**. Like CISSP-level of hard. *Which shouldn’t be the case*, because CISSP is so much broader and technical. I flagged about 6-7 questions, and for the rest I was pretty sure I got most of them right. That should have got me about at least 85%, or so I thought. Imagine my surprised when I barely passed (70% is the passing). So this was really weird. There might be some funky scoring mechanism in the background that I am not aware of. Or maybe I’m just dumb.
* Some exam questions made absolutely no sense. Without giving anything away, imagine if you, an auditor, were asked about a tool that you can use to ensure that a CSP will adhere to clauses in a contract. What? That’s not even relevant to an auditor. The auditor’s job would be to come in and assess if the CSP had met it’s obligations over say the last 12 months. The responsibility or even decision to use a tool to ensure adherence or compliance belongs to the business, **not the auditor**.
* The remote proctoring… that was pretty silly. I think they basically want you to sit in a card board box and just not move at all. You can’t have any objects on your desk even if they are out of reach, you can’t have anything on your walls with any sort of text, you can’t drink water, you can’t use foam earplugs, you can’t mouth the exam questions (I actually need to read things out loud some times, and reading it silently just doesn’t do it for me), you can’t put your hand on your mouth. I would have rather gone to a testing site if that option was available. Not all houses have a special exam-conducive corner with Internet connection at the same time…

# After the exam

I got an email to say that I passed, and guess what? They even screwed that email up. It was supposed to show my “scaled scores by content area”, which was a giant blank. The email was also very obviously a template email recycled from other certifications, as it informed me that I had to now apply for my certification by the usual way (their website) and pay a $50 application fee. No, no you don’t. Again, this is a certificate, not a certification. I got my digital badge within a day without doing any of that.

Never again.

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.