After Google: How Program Manager Bill Poplawski earned his CISM, launched consulting firm after retiring

Bill: I left my position at Google to retire in October, but quickly realized I wasn’t ready for retirement. I launched OBOTIS Group earlier this year, where we provide managed security services to our clients. I have a lot of knowledge and experience in information security, and earning the CISM helped tie it all together.

My background is in network protocols, so this certification was a good place to start. It demonstrates to my clients, like my PMP and Scrum Master certifications, that I have a certain amount of knowledge and experience. It helps build trust and credibility. My next goal is to earn my HITRUST certification and move into regulated spaces.

Bill: Initially, I wasn’t sure what to expect — it had been a long time since I took an online course. But within the first few minutes of being online with my instructor, Leighton, I knew it was going to work for me. I felt very connected through the experience. During lecture, I could ask questions and he’d circle back to address them before moving on. It was also easy to have interactive conversations with other students in class.

By taking the course online, I was able to sleep in my bed every night and didn’t need to travel — no traffic or airport delays. It was great.

Bill: My decision to take the CISM Boot Camp came quickly. My rep, Sydney, was great. She was right there from start to finish to help me get registered and prepared for class. Communication throughout the entire process was excellent.

Bill: Right away I understood Leighton was sharing real life experiences with the class. He could take a principle from ISACA on risk management and relate it to his actual experience, especially in the incident response area. Other training courses I’ve taken in the past were more focused on test-taking strategies. That’s important too, but having an instructor with real-world experience was beneficial.

Bill: Yes, I have. I don’t think I would have gotten into Google without my PMP. It’s often a foundational requirement at many organizations.

Bill: Questions on the exam were often vague and challenging. Be prepared to take the full four hours, especially if you want to review your questions. I found the same thing with the PMP exam. Questions were very complicated — there were lots of double negatives, so you really had to pay attention.

The first five or so questions took me by surprise, but I pushed through them and it got better. There are 150 questions — don’t let it bother you if you weren’t expecting a few of them. Come back to those later. Some of the questions I answered later in the test helped me answer the questions I initially skipped.

As my instructor mentioned in class, always choose the most global response where there are two similar answers. What that means is there are sometimes questions where one answer is a subset of another, so choose the more global one.

I took the exam four days after the last day of class so the material was still fresh. As a test taker, this approach has always worked best for me.

Bill: Yes, the instructor kept us focused on the most important aspects of ISACA’s philosophy when it comes to information security management. He also provided great perspective on how to view and execute the CISM exam.

There’s a tremendous amount of study material available. Leighton helped us understand what is most important to ISACA as far as our ability to demonstrate knowledge in a particular domain. It probably would have taken me a lot longer to get ready on my own.

We worked through the ISACA test bank together in class, which helped us get a feel for how the questions would be structured. This was an important part of the curriculum — actually seeing questions online on the screen was very valuable to me.

I took my exam four days after the class and passed.