conversion from Zola to Weblorg

1 files changed, 0 insertions, 193 deletions

diff --git a/content/blog/2021-12-04-cisa.md b/content/blog/2021-12-04-cisa.md
deleted file mode 100644
index 88e5d1b..0000000
--- a/content/blog/2021-12-04-cisa.md
+++ /dev/null
@@ -1,193 +0,0 @@
-+++
-date = 2021-12-04
-title = "I Passed the CISA!"
-description = ""
-draft = false
-+++
-
-# What is the CISA?
-
-For those of you lucky enough not to be knee-deep in the world of IT/IS
-Auditing, [CISA](https://www.isaca.org/credentialing/cisa) stands for Certified
-Information Systems Auditor. This certification and exam are part of ISACA's
-suite of certifications. As I often explain it to people like my family, it
-basically means you're employed to use your knowledge of information systems,
-regulations, common threats, risks, etc. in order to assess an organization's
-current control of their risk. If a risk isn't controlled (and the company
-doesn't want to accept the risk), an IS auditor will suggest implementing a
-control to address that risk.
-
-Now, the CISA certification itself is, in my opinion, the main certification for
-this career. While certifications such as the CPA or CISSP are beneficial,
-nothing matches the power of the CISA for an IS auditor when it comes to getting
-hired, getting a raise/bonus, or earning respect in the field.
-
-However, to be honest, I am a skeptic of most certifications. I understand the
-value they hold in terms of how much you need to commit to studying or learning
-on the job, as well as the market value for certifications such as the CISA. But
-I also have known some very ~~incompetent~~ _less than stellar_ auditors who
-have CPAs, CISAs, CIAs, etc.
-
-The same goes for most industries: if a person is good at studying, they can
-earn the certification. However, that knowledge means nothing unless you're
-actually able to use it in real life and perform as expected of a certification
-holder. The challenge comes when people are hired or connected strictly because
-of their certifications or resume; you need to see a person work before you can
-assume them having a CISA means they're better than someone without the CISA.
-
-Okay, rant over. Certifications are generally accepted as a measuring stick of
-commitment and quality of an employee, so I am accepting it too.
-
-# Exam Content
-
-The CISA is broken down into five sections, each weighted with a percentage of
-test questions that may appear.
-
-Since the exam contains 150 questions, here's how those sections break down:
-
-| Exam Section    | Percentage of Exam | Questions |
-| --------------- | ------------------ | --------- |
-| 1               | 21%                | 32        |
-| 2               | 17%                | 26        |
-| 3               | 12%                | 18        |
-| 4               | 23%                | 34        |
-| 5               | 27%                | 40        |
-| **Grand Total** | **100%**           | **150**   |
-
-# My Studying Habits
-
-This part is a little hard for me to break down into specific detail due to the
-craziness of the last year. While I officially purchased my studying materials
-in December 2020 and opened them to "start studying" in January 2021, I really
-wasn't able to study much due to the demands of my job and personal life.
-
-Let me approach this from a few different viewpoints.
-
-## Study Materials
-
-Let's start by discussing the study materials I purchased. I'll be referring to
-#1 as the CRM and #2 as the QAE.
-
-1. [CISA Review Manual, 27th Edition |
-   Print](https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoCbEAK)
-2. [CISA Review Questions, Answers & Explanations Manual, 12th Edition |
-   Print](https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoCcEAK)
-
-The CRM is an excellent source of information and could honestly be used as a
-reference for most IS auditors as a learning reference during their daily audit
-responsibilities. However, it is **full** of information and can be overloading
-if you're not good at filtering out useless information while studying.
-
-The QAE is the real star of the show here. This book contains 1000 questions,
-separated by exam section, and a practice exam. My only complaint about the QAE
-is that each question is immediately followed with the correct answer and
-explanations below it, which means I had to use something to constantly cover
-the answers while I was studying.
-
-I didn't use the online database version of the QAE, but I've heard that it's
-easier to use than the printed book. However, it is more expensive ($299
-database vs $129 book) which might be important if you're paying for materials
-yourself.
-
-In terms of question difficulty, I felt that the QAE was a good representation
-of the actual exam. I've seen a lot of people online say it wasn't accurate to
-the exam or that it was much easier/harder, but I disagree with all of those.
-The exam was fairly similar to the QAE, just focusing on whichever topics they
-chose for my version of the exam.
-
-If you understand the concepts, skim the CRM (and read in-depth on topics you
-struggle with), and use the QAE to continue practicing exam-like questions, you
-should be fine. I didn't use any online courses, videos, etc. - the ISACA
-materials are more than enough.
-
-## Studying Process
-
-While I was able to briefly read through sections 1 and 2 in early 2021, I had
-to stop and take a break from February/March to September. I switched jobs in
-September, which allowed me a lot more free time to study.
-
-In September, I studied sections 3-5, took notes, and did a quick review of the
-section topics. Once I felt comfortable with my notes, I took a practice exam
-from the QAE manual and scored 70% (105/150).
-
-Here's a breakdown of my initial practice exam:
-
-| Exam Section    | Incorrect | Correct | Grand Total | Percent |
-| --------------- | --------- | ------- | ----------- | ------- |
-| 1               | 8         | 25      | 33          | 76%     |
-| 2               | 5         | 20      | 25          | 80%     |
-| 3               | 6         | 12      | 18          | 67%     |
-| 4               | 10        | 23      | 33          | 70%     |
-| 5               | 16        | 25      | 41          | 61%     |
-| **Grand Total** | **45**    | **105** | **150**     | **70%** |
-
-As I expected, my toughest sections were related to project management,
-development, implementation, and security.
-
-This just leaves October and November. For these months, I tried to practice
-every few days, doing 10 questions for each section, until the exam. This came
-out to 13 practice sessions, ~140 questions per section, and ~700 questions
-total.
-
-While some practice sessions were worse and some were better, the final results
-were similar to my practice exam results. As you can see below, my averages were
-slightly worse than my practice exam. However, I got in over 700 questions of
-practice and, most importantly, _I read through the explanations every time I
-answered incorrectly and learned from my mistakes_.
-
-| Exam Section    | Incorrect | Correct | Grand Total | Percent |
-| --------------- | --------- | ------- | ----------- | ------- |
-| 1               | 33        | 108     | 141         | 77%     |
-| 2               | 33        | 109     | 142         | 77%     |
-| 3               | 55        | 89      | 144         | 62%     |
-| 4               | 52        | 88      | 140         | 63%     |
-| 5               | 55        | 85      | 140         | 61%     |
-| **Grand Total** | **228**   | **479** | **707**     | **68%** |
-
-# Results
-
-Now, how do the practice scores reflect my actual results? After all, it's hard
-to tell how good a practice regimen is unless you see how it turns out.
-
-| Exam Section | Section Name                                                     | Score |
-| ------------ | ---------------------------------------------------------------- | ----- |
-| 1            | Information Systems Auditing Process                             | 678   |
-| 2            | Governance and Management of IT                                  | 590   |
-| 3            | Information Systems Acquisition, Development, and Implementation | 721   |
-| 4            | Information Systems Operations and Business Resilience           | 643   |
-| 5            | Protection of Information Assets                                 | 511   |
-
-Now, in order to pass the CISA, you need at least 450 on a sliding scale of
-200-800. Personally, I really have no clue what an average CISA score is. After
-a _very_ brief look online, I can see that the high end is usually in the low
-700s. In addition, only about 50-60% of people pass the exam.
-
-Given this information, I feel great about my scores. 616 may not be phenomenal,
-and I wish I had done better on sections 2 & 5, but my practicing seems to have
-worked very well overall.
-
-However, the practice results do not conform to the actual results. Section 2
-was one of my highest practice sections and was my second-lowest score in the
-exam. Conversely, section 3 was my second-lowest practice section and turned out
-to be my highest actual score!
-
-After reflecting, it is obvious that if you have any background on the CISA
-topics at all, the most important part of studying is doing practice questions.
-You really need to understand how to read the questions critically and pick the
-best answer.
-
-# Looking Forward
-
-I am extremely happy that I was finally able to pass the CISA. Looking to the
-future, I'm not sure what's next in terms of professional learning. My current
-company offers internal learning courses, so I will most likely focus on that if
-I need to gain more knowledge in certain areas.
-
-To be fair, even if you pass the CISA, it's hard to become an expert on any
-specific topic found within. My career may take me in a different direction, and
-I might need to focus more on security or networking certifications (or possibly
-building a better analysis/visualization portfolio if I want to go into data
-analysis/science).
-
-All I know is that I am content at the moment and extremely proud of my
-accomplishment.