{"id":359,"date":"2025-09-25T01:23:30","date_gmt":"2025-09-25T00:23:30","guid":{"rendered":"https:\/\/siyaz.tech\/?p=359"},"modified":"2025-10-17T01:25:39","modified_gmt":"2025-10-17T00:25:39","slug":"from-cisacismcrisc-to-cgeit-cciso-my-glorious-exhausting-sarcastic-rise-to-cybersecurity-nobility-from-cisa-to-cciso-my-cybersecurity-certification-odyssey","status":"publish","type":"post","link":"https:\/\/siyaz.tech\/index.php\/2025\/09\/25\/from-cisacismcrisc-to-cgeit-cciso-my-glorious-exhausting-sarcastic-rise-to-cybersecurity-nobility-from-cisa-to-cciso-my-cybersecurity-certification-odyssey\/","title":{"rendered":"From CISA,CISM,CRISC to CGEIT & CCISO: My Glorious, Exhausting, Sarcastic Rise to Cybersecurity Nobility.From CISA to CCISO: My Cybersecurity Certification Odyssey<\/title>"},"content":{"rendered":"\n<p><title>From CISA to CCISO: My Cybersecurity Certification Odyssey<\/title><\/p>\n\n\n\n<style>\n body {<br \/>\n font-family: sans-serif;<br \/>\n line-height: 1.6;<br \/>\n margin: 0;<br \/>\n padding: 0;<br \/>\n background: #f4f4f4;<br \/>\n }<br \/>\n .story-section {<br \/>\n max-width: 800px;<br \/>\n margin: 40px auto;<br \/>\n background: white;<br \/>\n padding: 40px;<br \/>\n border-radius: 12px;<br \/>\n box-shadow: 0 2px 10px rgba(0,0,0,0.1);<br \/>\n }<br \/>\n h1, h2, h3 {<br \/>\n color: #333;<br \/>\n }<br \/>\n .quote {<br \/>\n font-style: italic;<br \/>\n margin: 20px 0;<br \/>\n padding-left: 20px;<br \/>\n border-left: 3px solid #666;<br \/>\n color: #555;<br \/>\n }<br \/>\n .infographic {<br \/>\n background: #eef6ff;<br \/>\n padding: 20px;<br \/>\n border-radius: 10px;<br \/>\n margin: 20px 0;<br \/>\n }<br \/>\n .infographic h3 {<br \/>\n margin-top: 0;<br \/>\n }<br \/>\n .table {<br \/>\n width: 100%;<br \/>\n border-collapse: collapse;<br \/>\n margin-top: 10px;<br \/>\n }<br \/>\n .table th, .table td {<br \/>\n border: 1px solid #ccc;<br \/>\n padding: 8px;<br \/>\n text-align: left;<br \/>\n }<br \/>\n .table th {<br \/>\n background: #ddd;<br \/>\n }<br \/>\n .faq {<br \/>\n margin-top: 20px;<br \/>\n }<br \/>\n .faq h3 {<br \/>\n margin-bottom: 10px;<br \/>\n }<br \/>\n .faq p {<br \/>\n margin-bottom: 20px;<br \/>\n }<br \/>\n .meme-text {<br \/>\n background-color: #222;<br \/>\n color: #f8f8f8;<br \/>\n padding: 15px;<br \/>\n border-radius: 10px;<br \/>\n margin: 20px 0;<br \/>\n font-family: monospace;<br \/>\n }<br \/>\n <\/style>\n\n\n\n<p><br>\n<\/p>\n\n\n\n<div class=\"story-section\">\n\n<p>It all started with one innocent decision: “Maybe I\u2019ll get a certification.” Then came another. And another. Before I knew it, I was buried under acronyms “CISA, CISM, CRISC, CGEIT, CCISO” and even deeper under books, practice exams, and self-doubt.<\/p>\n<p>What began as a quest for career progression morphed into a full-blown personality change. I became the person who checks firewall logs for fun, annotates audit reports with color-coded tabs, and talks about COBIT like it’s the new Marvel franchise. Somewhere along the way, I became\u2026 certified. In every way possible. Possibly too much.<\/p>\n<p><\/p><\/div>\n\n\n\n<div class=\"story-section\">\n<h2>Act 1: The Acronym Avalanche<\/h2>\n<p>First came <strong>CISA<\/strong>, then <strong>CISM<\/strong>, and <strong>CRISC<\/strong> shortly after. At that point, my resume looked like a ransom note made out of certification titles.<\/p>\n<div class=\"infographic\">\n<h3>Cybersecurity Certification Journey<\/h3>\n<table class=\"table\">\n<tbody><tr>\n<th>Certification<\/th>\n<th>Focus<\/th>\n<th>Sanity Level<\/th>\n<\/tr>\n<tr>\n<td>CISA<\/td>\n<td>Audit & Assurance<\/td>\n<td>Mildly Shaken<\/td>\n<\/tr>\n<tr>\n<td>CISM<\/td>\n<td>Security Program Management<\/td>\n<td>Sleep-Deprived<\/td>\n<\/tr>\n<tr>\n<td>CRISC<\/td>\n<td>Risk Management<\/td>\n<td>Philosophically Broken<\/td>\n<\/tr>\n<tr>\n<td>CCISO<\/td>\n<td>Exec Strategy & Governance<\/td>\n<td>Who Am I Anymore?<\/td>\n<\/tr>\n<tr>\n<td>CGEIT<\/td>\n<td>IT Governance & Leadership<\/td>\n<td>Numb but Enlightened<\/td>\n<\/tr>\n<\/tbody><\/table><\/div>\n<p>Each of these certs brought its own flavor of stress. CISA made me suspicious of every control gap in my life, CISM turned me into a walking risk assessment, and CRISC… well, CRISC gave me trust issues with heat maps.<\/p>\n<p>During CISA prep, I found myself questioning whether my morning coffee ritual had a control objective. By the time I got to CISM, I was giving strategic advice to random people at cafes: \u201cYou should really align your caffeine intake with your productivity objectives.\u201d CRISC was the point of no return, I started identifying threats in sitcom plotlines. That\u2019s when I knew I\u2019d gone too far.<\/p>\n<p><\/p><\/div>\n\n\n\n<div class=\"story-section\">\n<h2>Act 2: The Boss Levels \u2013 CCISO and CGEIT<\/h2>\n<p>I decided to take on <strong>CCISO<\/strong> and <strong>CGEIT<\/strong> simultaneously, because who needs balance and happiness when you can have Excel spreadsheets and COBIT frameworks?<\/p>\n<h3>\ud83c\udfa9 CCISO: The \u201cSo You Think You Can Be a CISO?\u201d Exam<\/h3>\n<p><strong>CCISO<\/strong> tested not just my knowledge but my will to live. The exam felt like an executive-level escape room designed by sadistic auditors. Each question was like a passive-aggressive email from an imaginary board member who doesn\u2019t believe in two-factor authentication but insists on \u201cstrategic alignment.\u201d<\/p>\n<div class=\"quote\">\n By question 50, I was negotiating with my keyboard.<br>\n By question 100, I was questioning all my life choices.<br>\n By question 149, I was just clicking with the same confidence I use to accept software updates: \u201cSure, install it. What could go wrong?\u201d\n <\/div>\n<h3>\ud83d\udcca CGEIT: Where Governance Gets Real<\/h3>\n<p><strong>CGEIT<\/strong> is not just a certification. It’s a psychological transformation where you stop seeing the world in colors and start seeing it in frameworks. Suddenly, your brain is wired to detect strategic misalignment in weekend plans, benefits realization in your laundry schedule, and governance gaps in your group chats.<\/p>\n<p>The <em>actual<\/em> material is dense. CGEIT isn\u2019t about being a techie. It\u2019s about proving you can think like a board member even if you\u2019re still not 100% sure what half the acronyms in the boardroom mean. It demanded a totally different kind of mental shift from CCISO.<\/p>\n<p>I spent days trying to wrap my head around things like \u201cportfolio optimization,\u201d \u201cresource governance,\u201d and \u201cvalue delivery.\u201d It was like learning to play chess on a moving train while someone reads a legal document in your ear.<\/p>\n<p>Worst part? <strong>The CGEIT exam is deceptively calm<\/strong>. The interface is simple. The questions are short. But every answer makes you second-guess your entire career.<\/p>\n<p>I remember one question: \u201cWhich of the following best enables benefit delivery in a decentralized enterprise IT environment?\u201d<\/p>\n<p>I read it. Reread it. Then thought, \u201cShould I just move to the mountains and raise goats instead?\u201d<\/p>\n<p>But I pushed through. Flashcards, mock tests, more COBIT PDFs than I care to count. And eventually, I cracked it.<\/p>\n<div class=\"quote\">\n CGEIT didn\u2019t test what I knew, it tested how much corporate nonsense I could interpret under pressure.\n <\/div>\n<p>Passing CGEIT made me feel like I could finally read the Matrix, except instead of green code, it’s just strategy reports, policy alignment charts, and five-year IT roadmaps.<\/p>\n<p><\/p><\/div>\n\n\n\n<div class=\"story-section\">\n<h2>Act 3: Sanity, Resources, and Results<\/h2>\n<p>Between the two certs, I lost sleep, time, and any shred of free will. But I also gained something more powerful: a terrifying amount of knowledge and a few more lines in my email signature.<\/p>\n<div class=\"infographic\">\n<h3>Study Toolkit: What Actually Helped<\/h3>\n<ul>\n<li><strong>Study Guides:<\/strong> ISACA Review Manuals, EC-Council CCISO Book<\/li>\n<li><strong>Apps:<\/strong> Pocket Prep, Quizlet, Boson, Kaplan Q-Bank<\/li>\n<li><strong>Videos:<\/strong> Prabh Nair, Infosec Institute, Mile2 Bootcamps<\/li>\n<li><strong>Communities:<\/strong> LinkedIn groups, Reddit, Telegram study groups<\/li>\n<\/ul><\/div>\n<p>Time invested? Around 100\u2013120 hours per cert. Sanity lost? Impossible to quantify. But the gain? Real leadership transformation. And a lot more confidence when a compliance officer walks into a meeting with that “I found something” face.<\/p>\n<p>Also, pro tip: invest in noise-cancelling headphones. Not for focus just to block out the sound of your inner voice asking, “Why are you doing this again?”<\/p>\n<p><\/p><\/div>\n\n\n\n<div class=\"story-section faq\">\n<h2>FAQs: Questions I Keep Getting<\/h2>\n<h3>Q: Which certification was the hardest?<\/h3>\n<p>A: CCISO took the crown for complexity, but CGEIT made me question my business acumen. It\u2019s a tie between mental collapse and business trauma.<\/p>\n<h3>Q: Did these certifications help your career?<\/h3>\n<p>A: 100%. They gave me credibility, structure, and the power to say “as per best practice” in meetings with a straight face.<\/p>\n<h3>Q: Any regrets?<\/h3>\n<p>A: Only doing them back-to-back. Spread them out unless you’re a glutton for punishment or studying in a parallel dimension where time is infinite.<\/p>\n<p><\/p><\/div>\n\n\n\n<div class=\"story-section\">\n<h2>Lessons Learned<\/h2>\n<ul>\n<li>Don\u2019t underestimate the mental fatigue. Pace yourself.<\/li>\n<li>Practice questions are your best friends. Memorize less, contextualize more.<\/li>\n<li>Talk to people who\u2019ve taken the exam recently. You\u2019ll get reality, not marketing fluff.<\/li>\n<li>Keep snacks nearby. Brain fuel matters more than you think.<\/li>\n<\/ul><\/div>\n\n\n\n<div class=\"story-section\">\n<h2>Bonus: Certification Memes That Got Me Through<\/h2>\n<div class=\"meme-text\">\n Me: “I\u2019m just going to take one cert.”<br>\n <br>ISACA: “One does not simply stop at CISM.”\n <\/div>\n<div class=\"meme-text\">\n Exam Question: “What\u2019s the first step in aligning IT strategy with business objectives?”<br>\n <br>Me: “Cry. Then check COBIT.”\n <\/div>\n<div class=\"meme-text\">\n Post-exam brain: [404 \u2013 Strategic Thinking Not Found]\n <\/div>\n<p><\/p><\/div>\n\n\n\n<div class=\"story-section\">\n<h2>Final Thoughts: Would I Do It Again?<\/h2>\n<p>No. But am I glad I did it? Absolutely.<\/p>\n<p>Because now, when someone asks what I bring to the table, I can say:<\/p>\n<div class=\"quote\">\n \u201cA full governance model, a security roadmap, and five certifications I cried through.\u201d\n <\/div>\n<p>If you\u2019re considering these certs: be ready. It\u2019s not just a test. It\u2019s a transformation. You\u2019ll change how you think, how you work, and how you handle stress. (Hint: coffee helps. So does crying.)<\/p>\n<p>And once you’re done, it\u2019s worth it. You\u2019ll understand the big picture, speak executive language, and survive meetings where everyone has a different definition of ‘cyber hygiene.’<\/p>\n<p>Good luck. And may your risk matrices always be accurate.<\/p>\n<p><\/p><\/div>\n\n\n\n<p><br>\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>From CISA to CCISO: My Cybersecurity Certification Odyssey It all started with one innocent decision: “Maybe I\u2019ll get a certification.”...<\/p>\n","protected":false},"author":2,"featured_media":125,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1,5],"tags":[],"class_list":["post-359","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-mumbo-jumbo"],"jetpack_featured_media_url":"https:\/\/siyaz.tech\/wp-content\/uploads\/2013\/01\/Mambo.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/posts\/359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/comments?post=359"}],"version-history":[{"count":8,"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/posts\/359\/revisions"}],"predecessor-version":[{"id":369,"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/posts\/359\/revisions\/369"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/media\/125"}],"wp:attachment":[{"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/media?parent=359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/categories?post=359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/siyaz.tech\/index.php\/wp-json\/wp\/v2\/tags?post=359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}