r/CRISC

I don't think I can give any material tips on the exam. I had no idea how it was going definitely became a lot closer to God.

17yrs operations/security- Cisco/PA/Fortinet/MS-WAF

2024 CISSP - First Cyber Role , Around 1 year of Risk Management trying to build our GRC program. So not a whole lot of practical experience but a lot more Risk Guided decisions in other aspects.

Prep materials -

QAE 6th Edition - prob most useful only for question style. Zero repeats
Official Review Manual 8th edition
Udemy Prabh course - not worth it , questions are from the QAE. I think it more detrimental as it promoted rote memorization of questions.

I honestly thought this was harder than the CISSP which is noted for being a mile wide and an inch deep. Mind you that inch, is not a drop in the bucket either. The language there was more applicable to me.

Lots of KRI/KPI & control questions. Not a single straightforward mention of business objectives but it was implied. This is one where working experience definitely counts for much.

https://preview.redd.it/xqoxthdj4r0h1.png?width=1086&format=png&auto=webp&s=517a2a5be134b301b074279e9a5ffd3763667005

Finally ready to post my journey.

Started in January 2026.

CISA earned on 23 January 2026

CRISC earned on 10 April 2026

CISM earned on 8 May 2026

Never say you can't and always be ready to learn and grow. I have over 20 years in Cybersecurity and over 15 years in GRC. Still growing and learning every day

Hi, can someone help me with CRISC certification from ISACA. Help as in what is the total fees and how much is the timeline. on internet and their website, this information is fragmented. also, is there any expiry to this certification as I have seen people mentioned like valid for 4 years or so. plus, do I need to join a trainer for preparation of this course?

I have started preparing for crisc certification. I have bought hemnag doshi udemy course and have isaca manual 6th edition and q and e 7th edition. I dont have latest ones. Wanted to know if these will be sufficient to pass exam.

I recently cleared cissp and CC last month. Also have cleared cisa and cism last year

The Manual 8th Edition is showing that the risk appetite is higher than risk capacity. Is this what ISACA teaches??

I'm studying for my second attempt at the exam, this time using the manual rather than only online videos.

https://preview.redd.it/gtuymnywskzg1.png?width=838&format=png&auto=webp&s=cad9823b870145386c6b7ea2e659ae613de65ed3

When it comes to the QAE expert level questions, are we expected to get those right consistently?

I ask because many of those questions feel intentionally tricky, almost like they are designed to trip you up. A lot of the time, it feels hard to answer with real confidence because more than one option can seem reasonable depending on how you interpret the scenario.

Honestly, it makes me nervous about taking the exam, because it has me wondering if every question on the actual exam will feel like an expert-level question. Has anyone else felt this way, or am I overthinking it?