Editor’s note: Ben was recognized as the top scorer for the CGEIT exam for the 2020 exam period.
Studying for a certification is not so different from any other endeavor, whether it be professional or personal. One of my hobbies for over a decade has been hiking mountains of all shapes and sizes. I began to hike both because I sometimes work long office hours with little time for exercise in between and to be able to recharge batteries from big-city life. Over time, I have come to appreciate the hobby as both a type of meditation and a very reliable teacher of various life lessons that are applicable to other fields as well, such as the Certified in the Governance of Enterprise IT (CGEIT) exam. In what follows, I would like to highlight a few lessons I learned on the hiking trail and how they can help in preparation for the CGEIT exam (or any other exam for that matter).
Be prepared
“Mountains, according to the angle of view, the season, the time of day, the beholder’s frame of mind, or any one thing, can effectively change their appearance. Thus, it is essential to recognize that we can never know more than one side, one small aspect of a mountain.” - Haruki Murakami
When I started hiking mountains as a rookie a long time ago, I did not prepare as much as I do nowadays, and as a result I experienced many inconveniences along the way, from not having taken enough food and water, to having underestimated the sudden weather changes that are typical on higher altitudes. Overconfidence is your biggest enemy when doing a hike as well as when taking an exam. When preparing for exams in the past, I found myself tempted to only skim through those review sections for which I thought I already know the contents by heart because I had work experience in the industry. I could not have been more wrong in some of these instances. While your own experiences in the field certainly help, I found that in many cases, standardized exams ask for a specific type of answer in a standard setting. This is not always the same as what we see in our day-to-day work setting (although it should be quite similar).
To pass the CGEIT exam, you need to first be able to distinguish your own experience vs. the ISACA way of thinking. Once you can do this and you can get a feeling for the general approach of the exam, passing it becomes much easier. There is a pattern as to how questions are asked and the type of answers you will need to give throughout the exam, which you will notice after having worked through a lot of practice questions. As with many other ISACA exams, the official Review Manual and the corresponding Questions, Answer & Explanations test bank (I prefer the print versions rather than the online versions, but this is personal preference) are the most important study aids. I recommend reading the official CGEIT Review Manual at least once from cover to cover and then consulting for specific areas in which you feel less knowledgeable based on the results of the practice questions. I also recommend paying attention to the various frameworks referenced throughout the book (COBIT, VAL IT, ISO, etc.). Reviewing as many of the sample questions and answers and then going through the explanations provided with the answers rounds off the preparation and will help with reinforcing key concepts.
Take action
“The mountains are calling, and I must go.” - Jon Muir
After I have summited several easier mid-sized mountains, I found myself in doubt for a while whether I was finally ready to challenge some of the more difficult peaks. Most of the time, we will not know the answer to this question unless we start trying. And while nobody should be careless with these types of decisions, the catalyst for growth usually is accepting a reasonable challenge, and to step out of your comfort zone. In this context: just start walking. For most CGEIT candidates (including myself before the actual exam), the feeling of being truly prepared for the exam will most likely never settle in. In my case with the CGEIT exam, I kept postponing registering for the exam for several months. I finally registered only because the version I initially studied for was the pre-2020 version, and then I finally took the test on the last day possible before the exam was revamped. The existence of this hard deadline helped me to focus on getting through the exam. I would recommend everyone to commit to deadlines early in the certification process and plan sufficient study time accordingly. Deadlines help you focus, force you out of your comfort zone and help you in achieving your goals.
Value the journey
“Somewhere between the bottom of the climb and the summit is the answer to the mystery why we climb.”- Greg Child
When you aim for a peak, arriving at the top is the ultimate goal for many. However, reaching the actual summit is not always the most rewarding aspect of a climb. Sure, in terms of physical relief and the overall achievement of having made it to the top, having conquered a mountain is a big reward. But in my experience, the most rewarding part is the journey itself: the nature you pass through, the people you meet, the air you breathe, as well as the scenery you encounter. Similar to this, passing the CGEIT exam, while certainly a great achievement, is not the most rewarding part of this certification journey. I would even go as far as saying that passing the exam purely by memorizing concepts diminishes the overall value of the achievement. Rather, delve into the concepts outlined in the review manual, do some research on case studies and discuss the CGEIT content with others. The exam does not require you to memorize all IT governance frameworks in detail, but it rewards those who understand the overall big picture and how the concepts and frameworks fit into a good IT governance program. My advice while preparing for the exam would be to consider the study aspect as an exercise to prepare yourself for IT governance roles in the future without thinking too much about getting through the exam. Be curious about all aspects of good IT governance and how to apply them. If you enjoy the journey, reaching your destination will be a natural byproduct of this process.
Maintain focus
“The way up to the top of the mountain is always longer than you think. Don’t fool yourself, the moment will arrive when what seemed so near is still very far.” - Paulo Coelho
As with any other sport, hiking can be quite strenuous at times, both for the body and the mind. On the trail, it is not uncommon to encounter different types of hardships: foot injuries, bug bites, sudden torrents of rain and difficult terrain, not to mention food and water shortages. But in the end, all of this is worth it for the way the process sharpens your senses and when you get rewarded with breathtaking scenery. In a similar way, when preparing for an exam, there are times when you can’t look at the study book anymore, can’t cram yet another concept on the same day, or otherwise want to quit because of no visible results. If these thoughts arise, think back on why you are doing all of these long hours concept cramming and remember why you are investing all of this time going through a seemingly endless amount of practice questions. The difficult study times will be over at some point. Try to see adversity as a catalyst for success. If you cannot see the light at the end of the tunnel, try to break down the exam contents into multiple small work packages, and go through them step by step until you feel confident enough to answer over 80 percent of the questions.
And remember why you took on this challenge in the first place. For me, the motivation for gaining the CGEIT was to foster my knowledge of IT governance concepts. I started my career in the risk advisory/information security/IT auditing field and was always interested in the intersection of IT and the business, specifically in how investment in IT can be linked to the organization’s strategic objectives.
Stay hungry
“Every great achievement is but a small peak in the mountain range of contributions.” – Dale T. Mortensen
The CGEIT is a difficult exam not only because it has one of the thinnest study manuals and questions and answers books out of all the established ISACA certifications, but also because many questions in the exam require the test-taker to think like an IT executive. It is certainly focused on the more seasoned specialists in the field, and I would recommend pursuing either CISA or CISM before trying the CGEIT, as there are some overlaps in the contents of most of the ISACA exams.
The whole certification journey can be stressful at times. While studying for the exam, try to take a step away from this whole process from time to time. Getting certified is a marathon, not a sprint. Don’t try to be the best. Rather, try to focus on understanding the concepts and how they interlink. In the end, for the CGEIT and with many other certifications, it does not matter with how many points you pass – obtaining a certification should not be the end of the road, but one part of your larger professional journey.