Paying it forward (passed)
This forum has been a great resource throughout my journey, so I wanted to pay it forward.
I took the CRISC exam this morning and provisionally passed. Surprisingly, I finished in about 1 hour and 45 minutes, then spent another 15 minutes reviewing my flagged questions (around 15–20 total).
Overall, I studied for about 2 months. I originally registered back in June 2025, but it was difficult finding time for dedicated studying. I finally started consistently studying at the beginning of March.
For me, “dedicated studying” meant:
- ~1 hour per weekday
- 4–5 hours on weekends
Background:
I have 10+ years of experience primarily in Risk Management and Governance across traditional banking and fintech environments.
Resources I used:
- QAE + Official Manual
The QAE is absolutely a must-have. I used the official manual as my primary source, and when concepts didn’t click, I supplemented with Mehta’s guide. For additional examples or simplified explanations, I used Claude. I intentionally saved the QAE for the final 2 weeks before the exam. I trended “Advanced” in every domain except T&S, where I was “Proficient.”
- CRISC Exam Guide by Mehta
Hands down one of the best supplemental resources. I read it daily during the first couple of weeks to ramp up quickly. My background is more business/risk focused, so I needed deeper exposure to some of the technical IS concepts.
- PocketPrep
Great tool if you commute or want quick repetition throughout the day. I tried to do at least 30 minutes daily. The questions help reinforce concepts, although the wording/style isn’t always aligned with the ISACA mindset.
- Doshi Udemy Course + Cyber Certifications Training Centre Practice Exams
I purchased both. I didn’t finish the Doshi course because I personally found it difficult to follow, but his printed study guide/materials were actually very valuable. I combined my notes with his guide and used Claude to identify knowledge gaps to focus on.
The six practice exams from Cyber Certifications Training Centre were not helpful for me. I started one exam, but the question style felt very different from ISACA’s approach, so I decided not to continue with the rest.
Test center experience:
I considered taking the exam remotely, but with kids at home it would have been difficult. My PSI test center experience was actually very smooth and welcoming despite some of the negative feedback I’ve seen here. I think it really depends on the specific location.
I plan to take the AAIR next and will be done after that. My advice to those who are just starting - if you are new to the industry or want to break in, start with the Mehta primer, listen to podcasts, immerse yourself in the Security world. For those more “seasoned” or been around the block, it’s just nailing down the ISACA mindset.