Hey all. As the title says, I failed the CISM. I got a combined score of 432 with my lowest section being Information Security Governance. I've been doing cyber for over 20 years, with heavy focus on RMF and networking. I have a Master's in CyberSecurity and Info Assurance, and have led assessment teams in my job for years, mostly working in the DoD.

For me, the problem isn't the content. Nothing I saw in the training I took for the CISM was a surprise to me. The biggest hurdle I'm having is a combination of test anxiety and translating what I know into the way ISACA wants me to answer the question. I am a horrible test taker from the start, and these types of non-black-and-white answer type of exams are my kryptonite. Another hang-up is also from going to thinking about securing the system by protecting the data over to thinking about protecting the business and profits. I don't learn well from reading a book or sitting in a class, I'm more of a hands-on learner.

I used the LearnZApp and that was fun, but it didn't help me retain the frame of mind for the test. I also did the Thor Udemy course, but that didn't give me anything I didn't already know. I'm thinking about purchasing the QAE since most posts here say it's a great resource, but I want to be sure it lines up closely with exam questions before I drop $400 on it.

Any advice would be helpful. This isn't a job requirement, but I'm doing CISM level work for my company and I'd like to show a comparable cert to my employer for peace of mind. Thanks everyone!