The CISM is highly sought after by Cyber Security recruiters.

There are currently over 42,000 open CISM jobs in the US.

There are more open CISM jobs than there are certified people in the US, and I assume most of the certified people are already employed.

Cyber security is growing, FAST.

Right now there are over 4.5 million job in Cyber security and the number of jobs are expected to grow 11-12% annually.
That is close to 500,000 new jobs every year.

Source: ziprecruiter

We teach you the 4 things you need to pass your CISM exam!

Your instructor:

Picture of Thor Pedersen <br>CISSP, CISM, CC, PMP, CDPSE, CEH, 2x CCNP, Sec+, 3x CCNA ...

Thor Pedersen

Best selling CISSP, CISM, CC, and PMP trainer with over 570,000 enrollments worldwide.
20+ years experience working with most aspects of IT, information security, project management, and IT training.

Frequently asked CISM questions:

I can’t promise you anything, but there is a huge demand for CISM certified professionals, there are currently over 31,000 open CISM jobs in the US alone and we are seeing the same picture across the world. 
The average CISM salary in the US is over $94,000 per year.

This is the approach I use for all my studying and it seems to work for the majority of my students.

For the CISM get 1-2 good video courses, 1-2 good books, and do 1,000-1,500 practice questions before the exam.

• Watch each video class once, watch it without taking notes, and watch the videos at 0.75x-1x speed. If instructor talks very slowly; speed the videos up to 1.25x – 1.5x speed.
• Read the primary book once, read everything, highlight what you think is important or what the book tells you is important.
• Re-watch each video class, take notes, and watch the videos at 1x – 1.25 speed. If instructor talks very slowly; speed the videos up to 1.5x – 2x speed.
• Re-read the primary book or read the secondary book if you have it, read everything, highlight what you know is important.
• Start on practice tests; it is normal for students who pass the CISM to have completed 1,000 – 1,500 unique practice questions.

I think the official CISM QAE questions are critical to passing the exam, they teach you exactly how ISACA asks the questions on the exam. They are retired exam questions.

You need to understand ALL the concepts, be able to explain them, and be able to logic your way through convoluted exam questions.

You need to spend a good deal of time learning to deconstruct questions; what are they really asking here?

Do not worry if you spend 3-5 minutes on a question to begin with, just learn to deconstruct the question.

Deconstruct questions and answers:
• Read the question; spot the keywords (PKI, Integrity, HIPAA) and indicators (FIRST, MOST, BEST), then deconstruct the question; what are they really asking here.
• Once you have deconstructed the question, read the answer options.
• Deconstruct the answer options too if needed.

Normal questions have 2 distractors and 2 possible right answers.

There can also be 4 wrong answers (you then pick the LEAST wrong answer), or 4 right answers (you then pick the MOST right answer).

Do not use the same questions more than once. You will get higher scores, but it will be inaccurate scores; you have seen the questions before.

After each practice test, review the questions you got wrong, read the question explanation. Then re-read the book and re-watch the video topics you answered wrong on the test.

Re-study the topic until you understand WHY the right answer is the right answer, and why you answered it wrong.

Keep doing practice tests until you hit 75-80%+ on all domains on multiple test engines.

All this is included in our CISM course:

32+ hours of 2022 CISM videos (over 180 lectures covering all 4 CISM domains)
150 Thor Teaches CISM practice questions
CISM study guides from the lectures (200 pages)
The ThorBot (A CISM study Chatbot)
A 2,500 word Glossary
2,500 Flashcards
A CISM study plan
CISM Mnemonics PDF
300+ CISM links


We have made a CISM study guides for you using our slides, you get over 200 pages of CISM study guides with this course.
You also get our CISM Mnemonics PDF.


You have access to our courses for either Lifetime or 12 months, you can watch the videos and do the practice questions as many times as you want.

To get your CISM certification you must have at least 5 years of professional experience in the information security field.

Domain 1—Information Security Governance (17%)
Domain 2—Information Security Risk Management (20%)
Domain 3—Information Security Program (33%)
Domain 4—Incident Management (30%)

Substitutions and waivers may be obtained for a maximum of 2-years as follows:

Two Years: CISA or CISSP certification in good standing or a post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

One Year:One full year of information systems management experience or general security management experience. 
Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)

There are 4 domains in the CISM by ISACA

Domain 1—Information Security Governance (17%)

Domain 2—Information Security Risk Management (20%)

Domain 3—Information Security Program  (33%)

Domain 4—Incident Management (30%)

You can earn CPEs in many ways, the most common are taking other certifications or do more online or live training.

You earn 1 CPE per hour spent on the activity.

Here are a few of the examples:
ISACA Professional Education Activities and Meetings
Non-ISACA Professional Education Activities and Meetings
Self-study Courses
Vendor Sales/Marketing Presentations
Teaching / Lecturing / Presenting
Publication of Articles, Monographs and Books
Exam Question Development and Review
Passing Related Professional Examinations
Working on ISACA Boards/Committees