+ Reply to Thread
Results 1 to 23 of 23
  1. Junior Member
    Join Date
    Dec 2015
    Posts
    24
    #1

    Default Proving I passed CISA exam?

    I passed the CISA exam in June and received my results today. I won't certified until I get 2 or 3 years of work experience. However, when I apply for positions, I want show potential employers that I passed the CISA exam. Exactly how can I present "evidence"? Would the "Print Results Letter" on my ISACA.org account be good enough?

    If I write a cover letter and state that I passed the exam, should I attach the results letter?

    The letter shows the results instead of just stating pass. I did not barely pass, but wouldn't be better if it doesn't show the numbers (though it's not like the numbers mean anything, since it's not percentage based)?
    Last edited by 1Sep1969; 07-08-2017 at 08:10 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    880

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #2
    You can say you passed it, and have the print-out from the site (or the letter) saying you passed it, but what's the point? If I'm hiring an internal auditor or a consulting-company auditor, I want someone experienced in auditing IT systems. Someone who passed the test, but doesn't have any experience, isn't really what I want to pay for. I know it isn't great news, but that's my own personal opinion. Real-world experience/skills trumps a guy who can study for & pass a test any day.
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Dec 2015
    Posts
    24
    #3
    Quote Originally Posted by 636-555-3226 View Post
    You can say you passed it, and have the print-out from the site (or the letter) saying you passed it, but what's the point? If I'm hiring an internal auditor or a consulting-company auditor, I want someone experienced in auditing IT systems. Someone who passed the test, but doesn't have any experience, isn't really what I want to pay for. I know it isn't great news, but that's my own personal opinion. Real-world experience/skills trumps a guy who can study for & pass a test any day.
    I'm a graduate student trying to get in the field of IT auditing. I passed the CISA exam to set myself apart from other candidates. Audit firms are probably what I should aim for, but I've heard that some companies do hire graduates without experience.

    If all you're going to do is hire experienced auditors, how are the inexperienced ones going to get hired and move forward? From what I understand, there's a shortage, too. We're probably more eager to learn and prove ourselves than the experienced ones. And also bring fresh ideas.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Dec 2007
    Location
    Grand Rapids, Michigan
    Posts
    1,868

    Certifications
    Network+ : A+ : Security+ : eJPT : Life+
    #4
    Quote Originally Posted by 1Sep1969 View Post
    I'm a graduate student trying to get in the field of IT auditing. I passed the CISA exam to set myself apart from other candidates. Audit firms are probably what I should aim for, but I've heard that some companies do hire graduates without experience.

    If all you're going to do is hire experienced auditors, how are the inexperienced ones going to get hired and move forward? From what I understand, there's a shortage, too. We're probably more eager to learn and prove ourselves than the experienced ones. And also bring fresh ideas.
    You could volunteer somewhere and while doing IT stuff, perform audits. If you want experience, you're gonna have to try and create work for yourself.
    Booya!!
    ------------------------------------------------------------------------------------------
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Oct 2015
    Posts
    2

    Certifications
    WGU MSCSIA, CISSP, CISM, PMP, CEHv8, CHFI, CASP, Project+, Security+, Network+, A+, ITILv3
    #5
    Quote Originally Posted by 636-555-3226 View Post
    You can say you passed it, and have the print-out from the site (or the letter) saying you passed it, but what's the point? If I'm hiring an internal auditor or a consulting-company auditor, I want someone experienced in auditing IT systems. Someone who passed the test, but doesn't have any experience, isn't really what I want to pay for. I know it isn't great news, but that's my own personal opinion. Real-world experience/skills trumps a guy who can study for & pass a test any day.
    All very valid points. All I would suggest is to grab any sort of experience related to IT. I would even suggest starting at the help desk and working up towards IT Auditing just so you get to see the little details along the way. To be completely honest with you, my help desk position is still the one job that taught me the most in my IT career!

    Either way, good luck!
    Reply With Quote Quote  

  7. IOCs? What IOCs???!! jcundiff's Avatar
    Join Date
    Jan 2016
    Location
    Morehead, KY
    Posts
    414

    Certifications
    CISSP, CRISC, ITILFv3, PCIP, RSA Archer, MSCE Win2000, A+, N+, Server+, Proj+, eBiz+,iNet+
    #6
    Quote Originally Posted by 1Sep1969 View Post
    I'm a graduate student trying to get in the field of IT auditing. I passed the CISA exam to set myself apart from other candidates. Audit firms are probably what I should aim for, but I've heard that some companies do hire graduates without experience.

    If all you're going to do is hire experienced auditors, how are the inexperienced ones going to get hired and move forward? From what I understand, there's a shortage, too. We're probably more eager to learn and prove ourselves than the experienced ones. And also bring fresh ideas.
    IT Audit is not an entry-level gig, hate to break that to you... you need to have experience on and understand how IT systems should operate and how to properly secure them. Thats not stuff that you are going to pick up from a book or class. Find you a job in IT and work toward moving into audit. I had been in IT for 15 years before I started doing audits ( dont think you need that much experience, but at least 3-5 years). As 636-555-3226 said experience trumps passing an exam... I would hire an experienced auditor, with even just a couple of years experience than some one who just passed a test... there is a reason that these certs have an experience requirement to obtain the cert in addition to passing the exam
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    Reply With Quote Quote  

  8. Senior Member wd40's Avatar
    Join Date
    May 2007
    Location
    Bahrain
    Posts
    910

    Certifications
    CISA, eJPT, CompTIA x 6, MCP, MCTS
    #7
    I am CISA certified and I have no Audit experience (you need to have experience in any of the Job Practice Domains to be certified)

    But I do agree that this would make it difficult for me to get an IT Audit job, may be you should try to get an intern job at a Big Audit firm.

    Job Practice Areas 2016
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Dec 2015
    Posts
    24
    #8
    Quote Originally Posted by jcundiff View Post
    IT Audit is not an entry-level gig, hate to break that to you... you need to have experience on and understand how IT systems should operate and how to properly secure them. Thats not stuff that you are going to pick up from a book or class. Find you a job in IT and work toward moving into audit. I had been in IT for 15 years before I started doing audits ( dont think you need that much experience, but at least 3-5 years). As 636-555-3226 said experience trumps passing an exam... I would hire an experienced auditor, with even just a couple of years experience than some one who just passed a test... there is a reason that these certs have an experience requirement to obtain the cert in addition to passing the exam
    You probably know better than I do, but before I took the exam, I was told that I can't pass it without work experience. Not true (in my case). IT audit not entry level? Graduates get hired by audit firms. The IT auditors I met at audit firms were from accounting background and hardly tech savvy (much less than me), although I know they are more accounting focused. I know one graduate who passed the exam and got hired by an audit firm mainly because he had passed the exam. Two students were hired from my professor's class by a company and trained as IT auditors (because there's a shortage).
    Reply With Quote Quote  

  10. Senior Member xxxkaliboyxxx's Avatar
    Join Date
    Dec 2013
    Location
    Cyber, USA
    Posts
    425

    Certifications
    GCIH, C|EH, Sec+, eJPT, SCCC
    #9
    Quote Originally Posted by 1Sep1969 View Post
    You probably know better than I do, but before I took the exam, I was told that I can't pass it without work experience. Not true (in my case). IT audit not entry level? Graduates get hired by audit firms. The IT auditors I met at audit firms were from accounting background and hardly tech savvy (much less than me), although I know they are more accounting focused. I know one graduate who passed the exam and got hired by an audit firm mainly because he had passed the exam. Two students were hired from my professor's class by a company and trained as IT auditors (because there's a shortage).
    Just to throw in there, accountants have audit experience, just saying.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Dec 2015
    Posts
    24
    #10
    Quote Originally Posted by xxxkaliboyxxx View Post
    Just to throw in there, accountants have audit experience, just saying.
    No experience is required to get hired by Risk Assurance. The accountants probably learned auditing in school, whereas IS graduates don't, but I'm not sure how much experience they had in auditing before they moved to Risk Assurance (as I said, some get hired straight from school).
    Last edited by 1Sep1969; 07-09-2017 at 05:48 PM.
    Reply With Quote Quote  

  12. IOCs? What IOCs???!! jcundiff's Avatar
    Join Date
    Jan 2016
    Location
    Morehead, KY
    Posts
    414

    Certifications
    CISSP, CRISC, ITILFv3, PCIP, RSA Archer, MSCE Win2000, A+, N+, Server+, Proj+, eBiz+,iNet+
    #11
    Quote Originally Posted by 1Sep1969 View Post
    The letter shows the results instead of just stating pass. I did not barely pass, but wouldn't be better if it doesn't show the numbers (though it's not like the numbers mean anything, since it's not percentage based)?
    Make a copy and block the scores out with a sharpie and make more copies to attach with your resume, if you do not want potential employers knowing your score... but be prepared should you get an interview to discuss why you redacted them.
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    Reply With Quote Quote  

  13. IOCs? What IOCs???!! jcundiff's Avatar
    Join Date
    Jan 2016
    Location
    Morehead, KY
    Posts
    414

    Certifications
    CISSP, CRISC, ITILFv3, PCIP, RSA Archer, MSCE Win2000, A+, N+, Server+, Proj+, eBiz+,iNet+
    #12
    Quote Originally Posted by 1Sep1969 View Post
    No experience is required to get hired by Risk Assurance. The accountants probably learned auditing in school, whereas IS graduates don't, but I'm not sure how much experience they had in auditing before they moved to Risk Assurance (as I said, some get hired straight from school).
    So you are able to identify risks, develop mitigation plans and controls to reduce to an acceptable level per the client company's risk appetite, document everything in the risk register you developed, and determine correct schedule of review and approvals without experience? Accounting/Financial auditing is significantly different than IT audits... sure there is some process overlap but there are huge differences. I preformed audits (Security Risk assessments) on our vendors for several years ( onshore and offshore [meaning I was boots on the ground in India for 4-6 weeks at a time a couple times a year]) you know why I was assigned this ? Because I had experience ...

    I will say again, I (most IT/IS hiring managers as well) will hire someone with no degree and no certs with 1-2 years boots on the ground experience before someone with a degree and passed a certification exam but has zero experience... your mileage may vary...
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Dec 2015
    Posts
    24
    #13
    Quote Originally Posted by jcundiff View Post
    So you are able to identify risks, develop mitigation plans and controls to reduce to an acceptable level per the client company's risk appetite, document everything in the risk register you developed, and determine correct schedule of review and approvals without experience? Accounting/Financial auditing is significantly different than IT audits... sure there is some process overlap but there are huge differences. I preformed audits (Security Risk assessments) on our vendors for several years ( onshore and offshore [meaning I was boots on the ground in India for 4-6 weeks at a time a couple times a year]) you know why I was assigned this ? Because I had experience ...

    I will say again, I (most IT/IS hiring managers as well) will hire someone with no degree and no certs with 1-2 years boots on the ground experience before someone with a degree and passed a certification exam but has zero experience... your mileage may vary...
    I was not referring to Accounting/Financial auditing. The Risk Assurance group of audit firms is focused on IT audits, and they hire graduates with little or no experience. It's not the average IT auditor or IT professional with experience and family who is going to want to work long hours for little pay. Some students were hired by large companies and trained to become IT auditors. Again, I don't want to make it sound like I know much, and when it comes to the field of IT auditing, the advice I get is as varied as the topics covered by the CISA exam. Everyone says something different.

    Quote Originally Posted by jcundiff View Post
    Make a copy and block the scores out with a sharpie and make more copies to attach with your resume, if you do not want potential employers knowing your score... but be prepared should you get an interview to discuss why you redacted them.
    That might sound like I'm hiding something. I'm not sure if it's necessary to hide the marks. They're not terrible, but it's not like ISACA marks mean much.
    Reply With Quote Quote  

  15. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    880

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #14
    I have to admit, my infosec dept is audited every year by the big box global auditing firms (you'd know their names), and we always get some fresh newbie out of school who asks a few questions from a questionnaire, but you can tell he has no idea what he's doing. Literally every year it's just "show me a screenshot of your AD enterprise & domain admins from the MMC snap-in, show me your password reqts GPO, and show me a backup log indicating you're backing things up every 24 hours. as long as the number of EAs & DAs doesn't go up, our password reqts are complex + 8 chars, and our text logfiles indicate a backup occurred (successful or not...) in the last 24 hours, we pass with a green "Low Risk" rating (HA!). in talking with the people every year (it's always a new newbie), none of them have any idea what a domain admin is or does, and none of them have any idea that an 8 character AD password, complex or not, is absolute rubbish.

    In other words, there's hopes for newbies everywhere, just don't expect a lack of experience or understanding of the material (which comes with that experience) to actually let you help your auditees very much. you'll get the job and the paycheck, but what kind of actual value will you provide other than that compliance checkbox most companies need?
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Dec 2015
    Posts
    24
    #15
    Quote Originally Posted by 636-555-3226 View Post
    I have to admit, my infosec dept is audited every year by the big box global auditing firms (you'd know their names), and we always get some fresh newbie out of school who asks a few questions from a questionnaire, but you can tell he has no idea what he's doing. Literally every year it's just "show me a screenshot of your AD enterprise & domain admins from the MMC snap-in, show me your password reqts GPO, and show me a backup log indicating you're backing things up every 24 hours. as long as the number of EAs & DAs doesn't go up, our password reqts are complex + 8 chars, and our text logfiles indicate a backup occurred (successful or not...) in the last 24 hours, we pass with a green "Low Risk" rating (HA!). in talking with the people every year (it's always a new newbie), none of them have any idea what a domain admin is or does, and none of them have any idea that an 8 character AD password, complex or not, is absolute rubbish.

    In other words, there's hopes for newbies everywhere, just don't expect a lack of experience or understanding of the material (which comes with that experience) to actually let you help your auditees very much. you'll get the job and the paycheck, but what kind of actual value will you provide other than that compliance checkbox most companies need?
    Again, everyone says something different. Had I not taken the CISA exam, you would have told me that I can't get a passing score without work experience. Well, I proved everyone wrong.

    I guess they should be training those newbie auditors? Well, I don't know. We'll see what happens. At least, I have some basic understanding of IT auditing. Also, I come from an IS background and those firms probably hire accountants.
    Reply With Quote Quote  

  17. IOCs? What IOCs???!! jcundiff's Avatar
    Join Date
    Jan 2016
    Location
    Morehead, KY
    Posts
    414

    Certifications
    CISSP, CRISC, ITILFv3, PCIP, RSA Archer, MSCE Win2000, A+, N+, Server+, Proj+, eBiz+,iNet+
    #16
    nobody here would have told you that you couldnt pass without experience... we may have told you it would be extremely difficult... there was a guy here who studied and studied and passed the CISSP his 2nd time around with no experience... its possible, just hard
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    Jun 2016
    Posts
    11
    #17
    Well, I have a similar question but on a different context.

    Is the results slip that is available on ISACA website the only proof that I have passed my examination? My employer wants to know if ISACA issues any official hardcopy certificate or result slip to show that I have passed the exam.
    Reply With Quote Quote  

  19. Member
    Join Date
    Oct 2015
    Posts
    42
    #18
    Quote Originally Posted by feydrax View Post
    Well, I have a similar question but on a different context.

    Is the results slip that is available on ISACA website the only proof that I have passed my examination? My employer wants to know if ISACA issues any official hardcopy certificate or result slip to show that I have passed the exam.

    I can tell you that for me, when I took it on paper, they sent me a letter with the same results that can be seen on the website. Don't know if they will issue one since they've moved to the CBT, however they did send me an email with the results. I don't know why you couldn't use that email and print it out.
    Reply With Quote Quote  

  20. Member
    Join Date
    Oct 2015
    Posts
    42
    #19
    Quote Originally Posted by 636-555-3226 View Post
    .......... in talking with the people every year (it's always a new newbie), none of them have any idea what a domain admin is or does, and none of them have any idea that an 8 character AD password, complex or not, is absolute rubbish.


    .........
    you'll get the job and the paycheck, but what kind of actual value will you provide other than that compliance checkbox most companies need?
    From my limited experience with auditing, 4+ years, I have learned and have been taught by people smarter than me, that that's all you can do, ask. Don't confuse investigations with auditing, the way we perform auditing is pretty much the same way you described: do you do this, how about that? That's all I can do, I'm not there to impede with their business, I'm there to assess the state of the systems. We are also not allowed to sit at the keyboards and/or interact with their systems, we only ask questions and we fill out questionnaires. If you tell me you have complexity enabled on the DCs sure, who am I to argue. Can you disable the GPO one minute after I'm out the door? Sure, who am I to argue.


    I don't want to provide value man, I just want a paycheck, the bigger the better. Especially in the auditing business the sooner you're out the door the more they'll like you. Me? Just like you said, I don't care anymore, it's always about the money for me. But that's just me and we all know the story with the opinions .
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Jun 2016
    Posts
    11
    #20
    Quote Originally Posted by cfirsten View Post
    I can tell you that for me, when I took it on paper, they sent me a letter with the same results that can be seen on the website. Don't know if they will issue one since they've moved to the CBT, however they did send me an email with the results. I don't know why you couldn't use that email and print it out.
    Strangely my HR doubts on the result slip that was printed out. I guess she's just too confused to look at the marks from the different domains there.

    I think she just wants a big piece of papers saying XXX HAS PASSED CISA EXAM kind of thing.

    I really have no idea how the delicate minds of HR works
    Reply With Quote Quote  

  22. Member
    Join Date
    Mar 2016
    Location
    New York
    Posts
    40

    Certifications
    Associate of (ISC)2 (CISSP), Passed (CISA & CISM), Security+, Network+, Linux+, LPIC-1
    #21
    Quote Originally Posted by 1Sep1969 View Post
    Again, everyone says something different. Had I not taken the CISA exam, you would have told me that I can't get a passing score without work experience. Well, I proved everyone wrong.

    I guess they should be training those newbie auditors? Well, I don't know. We'll see what happens. At least, I have some basic understanding of IT auditing. Also, I come from an IS background and those firms probably hire accountants.
    Hey man, I am in a similar situation. I just graduated from my grad school last May. I don't have any experience yet but still managed to pass all big certs in my first try with high scores. However, I got my job as a cybersecurity consultant (Risk Assurance like the one you said) 2 years ago after getting my Sec+, but I delayed the work (and the company agreed to wait for me too) to finish my MBA. I showed my employer that cybersecurity would be the thing that I wanted to do. You probably don't need to pass CISA to get a job, but passing CISA will definitely make job finding easier. You need to show passion for the job, and passing the CISA is one of the way to do so and to get through the HR filter. Don't worry, you probably get more interview calls now, and good luck because you will need it.
    Last edited by tphan3; 07-17-2017 at 03:15 AM.
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Dec 2015
    Posts
    24
    #22
    Quote Originally Posted by tphan3 View Post
    Hey man, I am in a similar situation. I just graduated from my grad school last May. I don't have any experience yet but still managed to pass all big certs in my first try with high scores. However, I got my job as a cybersecurity consultant (Risk Assurance like the one you said) 2 years ago after getting my Sec+, but I delayed the work (and the company agreed to wait for me too) to finish my MBA. I showed my employer that cybersecurity would be the thing that I wanted to do. You probably don't need to pass CISA to get a job, but passing CISA will definitely make job finding easier. You need to show passion for the job, and passing the CISA is one of the way to do so and to get through the HR filter. Don't worry, you probably get more interview calls now, and good luck because you will need it.
    Thanks! It's always nice to hear from grads who are in a similar situation. I haven't had time to send out my application since I passed the exam. Summer time, so many things happening and traveling... However, I have been volunteering at my local ISACA chapter since February. That has been enjoyable and kept me busy. Honestly, I find the whole job search process (networking, interviews, etc) more challenging than preparing for an exam like CISA. It's just a hassle and a waste of time. I can instead be doing something more productive, which won't happen until I get hired.
    Last edited by 1Sep1969; 07-17-2017 at 05:24 AM.
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Oct 2015
    Location
    Sydney, Australia
    Posts
    14

    Certifications
    CISSP, CEH v9, CISA, CISM, Security+, Network+, MCP, ITIL
    #23
    Between two similar candidates, if you have taken the time and effort to pass the CISA exam that can only work in your favour. Use it to demonstrate your interest in the field. Most people do it because their boss sent them on a bootcamp, or it's a job requirement, so your willingness to back yourself is a real positive.
    I would suggest mentioning you passed the exam on your resume, and as you are volunteering at your local ISACA chapter ask if your contacts there would be willing to provide a reference. Your local chapter is probably the best place to find a job too.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks